Indeed, due to several cyber-attacks targetting supply chain and open source software more and more, it is vital that better security is put into place. The Open Source Software Security Mobilisation Plan will then help to ensure that supply chains are secured enough, improve vulnerability discovery and remediation, and shorten ecosystem patching response time.

The plan also shows the need for strategic investments to achieve a resilient software supply chain ecosystem. For this to be possible, it is necessary to have secure development education and certification, have an objective, metrics-based risk assessment dashboard for the top 10,000 OSS components, as well as implement digital signatures of software releases.

The Open Source Software Security Mobilisation Plan then aims to secure the software supply chain as much as possible, considering the recent threats and attacks.

The post Linux Foundation and OpenSSF to introduce the Open Source Software Security Mobilisation Plan appeared first on DevOps Online North America.

Indeed, the concerns over the practices have prompted the European Commission’s antitrust authorities to end a questionnaire asking about Microsofts’ cloud-related licensing deals. It is believed that the tech giant is using its dominant position in certain software markets in order to foreclose completion regarding cloud computing services.

The coalition is made of more than 50 tech firms and non-profit organisations which are all speaking out against Microsoft and its cloud practices in Europe. Microsoft is then determined to take meaningful action on the complaints by adopting five pledges so as to shape its approach to doing business in Europe. The pledges will ensure that its public cloud meets Europe’s needs and values and that it will provide support for cloud providers through partnership and regulating technology.

This will help enhance transparency for the public and better support Europe’s technology needs, as well as ensure that European cloud providers could host more easily a wider variety of Microsoft products on their cloud infrastructure.

The post Microsoft to address cloud antitrust complaints and be more open source appeared first on DevOps Online North America.

Indeed, the plan is a common effort to ensure improvements in the state of open source security through a US$30 million in funding from Amazon, Google, Intel, Microsoft, and VMware. The initiative was announced by senior members of the Linux Foundation and the Open Source Security Foundation (OpenSSF) and will be working with stakeholders and new participants along the way.

By doing so, it aims to prevent security defects and vulnerabilities from getting into open source code, as well as improve vulnerability discovery and remediation, and shorten the response time for distributing and implementing fixes. The plan features 10 activity streams to meet these objectives.

The streams are:

1. Have baseline secure software development education and certification by improving training materials;
2. Establish a public, vendor-neutral, objective, metrics-based risk assessment dashboard for the up to 10,000 open-source software components;
3. Accelerate the adoption of digital signatures on software releases to check that the components haven’t been compromised;
4. Eliminate root causes of many vulnerabilities by using languages like Go and Rust;
5. Establish the OpenSSF Open Source Security Incident Response Team which would assist developers when responding to a vulnerability;
6. Accelerate the discovery of new vulnerabilities by maintainers and experts through advanced security tools and expert guidance;
7. Conduct third-party code reviews, and any necessary remediation work once a year;
8. Co-ordinate industry-wide data sharing to improve the research to determine the most critical open-source software components;
9. Improve software bill of materials (SBOM) tooling and training;
10. Improve the 10 most critical open-source software build systems, package managers, and distribution systems with better supply chain security tools and best practices.

Besides, it is vital for developers to create a software bill of materials (SBOM) for every project so that application users can find and patch code when met with vulnerabilities. The plan is needed more than ever as attacks are getting stronger and more sophisticated.

The post Open-source community released plan to secure applications appeared first on DevOps Online North America.

Indeed, the open-source platform will then be hosted by LF AI & Data to address the many challenges that exist when creating machine-learning products. The decision was made so as to help the tool grow and develop.

This step will also establish Kedro as a de-facto industry tool, joining a collection of other cutting-edge open-source projects such as Kubernetes. It will enhance the creation of innovative products, especially in the field of AI, to provide sustainable and inclusive growth for our clients and society.

Besides, Kedro will continue to be the foundation of all advanced analytics projects within McKinsey, but its future will be operated by various stakeholders, across different industries, geographies, and technologies.

The post McKinsey to donate Kedro to the Linux Foundation appeared first on DevOps Online North America.

Indeed, a recent study by Fintech Open Source Foundation (FINOS) revealed that many fintech leaders don’t fully grasp the role of open source in their business and governance strategy. Only 8% of respondents have actual policies that encourage the use of open-source software and only 35% knew if their enterprise had an Open Source Program Office.

However, it is vital that open source becomes a strategic technology pillar within the fintech industry. It was reported that if financial industries commit to open source, it will have a positive impact on their business as well as bring value. To do so, technology leaders need to formalise open-source policies and develop an open-source strategy.

The post Fintech leaders to implement more open-source software and strategies appeared first on DevOps Online North America.

The FinOps Foundation is an open-source foundation, hosted by the Linux Foundation, launched last year. The foundation seeks to bring together companies in the cloud financial management industry in order to establish best practices and standards. Hence, its goal is to help businesses have the resources to manage and budget their cloud spend.

Google Cloud is now the first major cloud provider of the foundation. As part of the partnership, it has agreed to send some of its members to the Foundation’s various Special Interest Groups (SIGs) and Working Groups so as to help drive open-source standards for cloud financial management.

The company declared that FinOps offers the best practices, which are essential for companies to monitor, analyze and optimize cloud spend across critical projects. Hence, this collaboration will allow Google’s users to have more visibility, efficiency, and tools as well as improve their cloud deployments and drive greater business value.

The post Google Cloud to join FinOps Foundation appeared first on DevOps Online North America.

Indeed, the framework, developed by Jonathan de Bruin and a team of researchers, will be able to automatically recognize the most relevant studies about a topic by training the machine learning model with an interactive approach called active learning. Hence, this system is trained to analyze various documents available and find the relevant ones.

In times of a pandemic, new guidelines and searches were required so the researchers worked with the Allen Institute for AI to develop the framework. ASReview has then been used by many researchers to review past studies about the virus and find more efficient medical guidelines. It is predicted that in the future, it will conduct several systematic reviews and meta-analyses to speed up research in various fields.

The researchers do believe that interactive machine learning approaches have to remain completely transparent and explainable.

The post Researchers develop a machine learning framework to help with research appeared first on DevOps Online North America.

The aim of the program is to develop new open-source solutions with technologies like cloud computing and artificial intelligence to fight racism. It was reported that there are now seven solution starters hosted by the Linux Foundation.

These applications were developed from an internal IBM program known as the Call for Code Emb(race) Challenge. This program allows Black IBMers, supported by Red Hat’s Blacks United in Leadership and Diversity (B.U.I.L.D.) community, and allies to come up with technology solutions in order to address the problem of systemic racism.

The Call for Code for Racial Justice was launched last year in order to gather solutions from the global coding community.

The post The Linux Foundation to launch new open source programs to fight racism appeared first on DevOps Online North America.

The survey also stated that containers are becoming a very popular app with 34% of participants indicating that they were using containers in their production environment. In comparison, only 15% of respondents used serverless and 7% service discovery.

These findings then prove Gartner’s prediction that 75% of global organizations will have containerized applications in production environments by 2022. There is an important shift to microservices‑based apps, where companies want to build platforms with better resilience and quicker deployment abilities.

Moreover, the research revealed that 14% of participants are looking to adopt service meshes in the next year, which is 50% more than nowadays.

Thus, it also stated that the public cloud remains the most used infrastructure option for modern app tools as well as Infrastructure-as-a-Service, serverless computing, and private Platform-as-a-Service. There is a progressive shift away from on-premises load balancers towards more software-based load balancers.

Yet, there are still challenges. Indeed, 50% of respondents are concerned about security while 39% about reliability and availability, and 34% about performance.

As a result, it is likely that API gateway management will increase up to 22% as predicted in 2021. Therefore, organizations will start to invest more in solutions like WAF and service delivery.

As microservices management keeps on growing, there is going to be more investment in open-source container orchestrators and API management tools. Associated technologies will then also be increasing.

The post 2020 led to a rise in global microservices adoption appeared first on DevOps Online North America.

Indeed, organizations are now putting more emphasis on open source to foster business agility rather than on anything else. Low costs still remain a driver for open-source adoption, but security has taken its place at the top of the list.

Yet, this seems rather unexpected as many concerns were raised about open-source security due to the fact that it is open. Indeed, hackers can easily discover vulnerabilities in code and exploit them. Developers are thus always trying to make open-source code more secure.

Yet, it has become quite clear that even though open-source software isn’t completely secure, it offers a better process for securing code. When bugs are found out in open-source code, they can be quickly fixed due to the open process. However, this doesn’t guarantee that all users will apply the fixes to their code.

Security is a process and open source is the best way to deliver that process, hence driving companies to develop more low-cost, high-quality, and secure software.

The post Security to drive open-source adoption appeared first on DevOps Online North America.