aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
  • Tools
  • About
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
  • Tools
  • About
aster.cloud aster.cloud
  • /
  • Platforms
    • Public Cloud
    • On-Premise
    • Hybrid Cloud
    • Data
  • Architecture
    • Design
    • Solutions
    • Enterprise
  • Engineering
    • Automation
    • Software Engineering
    • Project Management
    • DevOps
  • Programming
  • Tools
  • About
  • Programming
  • Software
  • Tech

The Linux Foundation And Harvard’s Lab For Innovation Science Release Census For Open Source Software Security

  • aster_cloud
  • February 19, 2020
  • 3 minute read

The Linux Foundation’s Core Infrastructure Initiative (CII), a project that helps support best practices and the security of critical open source software projects, and the Laboratory for Innovation Science at Harvard (LISH), announced the release of ‘Vulnerabilities in the Core,’ a Preliminary Report and Census II of Open Source Software.`

This Census II analysis and report represent important steps towards understanding and addressing structural and security complexities in the modern day supply chain where open source is pervasive, but not always understood. Census II identifies the most commonly used free and open source software (FOSS) components in production applications and begins to examine them for potential vulnerabilities, which can inform actions to sustain the long-term security and health of FOSS. Census I (2015) identified which software packages in the Debian Linux distribution were the most critical to the kernel’s operation and security.


Partner with aster.cloud
for your next big idea.
Let us know here.


cyberpogo

“The Census II report addresses some of the most important questions facing us as we try to understand the complexity and interdependence among open source software packages and components in the global supply chain,” said Jim Zemlin, executive director at the Linux Foundation. “The report begins to give us an inventory of the most important shared software and potential vulnerabilities and is the first step to understand more about these projects so that we can create tools and standards that results in trust and transparency in software.”

Working in collaboration with Software Composition Analysis (SCAs) and application security companies, including developer-first security company Snyk and Synopsys Cybersecurity Research Center (CyRC), the Linux Foundation and Harvard were able to combine private usage data with publicly available datasets and develop a methodology for identifying more than 200 of the most used open source software projects, 20 of which are detailed in the findings. For the detailed methodology and list, including elaboration on each project, please read the report.

“FOSS was long seen as the domain of hobbyists and tinkerers. However, it has now become an integral component of the modern economy and is a fundamental building block of everyday technologies like smart phones, cars, the Internet of Things, and numerous pieces of critical infrastructure,” said Frank Nagle, a professor at Harvard Business School and co-director of the Census II project. “Understanding which components are most widely used and most vulnerable will allow us to help ensure the continued health of the ecosystem and the digital economy.”

With FOSS constituting 80-90 percent of all software, it is more important than ever that we understand what FOSS is most used and where it could be vulnerable to attack. The increasing importance of this has been underscored with US government agencies pushing for deeper insights into the software building blocks that make up various packages and devices via a software bill of materials (SBOM). For example, in April 2018, the leaders of the US Congress House of Representatives Energy and Commerce Committee sent a letter to the Linux Foundation, acknowledging the critical importance of FOSS and exploring the opportunities and challenges related to FOSS.

Read More  The Linux Foundation And Harvard’s Lab For Innovation Science Release Census Of Most Widely Used Open Source Application Libraries

The increasing importance of FOSS throughout the economy became critically apparent in 2014 when the Heartbleed security bug in the OpenSSL cryptography library was discovered. By some estimates, the bug impacted nearly 20 percent, or half a million, of secure web servers on the Internet. It was the impetus for the Core Infrastructure Initiative, which has raised millions of dollars for open source security in just the last six years.

“Open source is an undeniable and critical part of today’s economy, providing the underpinnings for most of our global commerce. Hundreds of thousands of open source software packages are in production applications throughout the supply chain, so understanding what we need to be assessing for vulnerabilities is the first step for ensuring long-term security and sustainability of open source software,” said Zemlin.


About the Linux Foundation

Founded in 2000, The Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

About the Laboratory for Innovation Science at Harvard

The Laboratory for Innovation Science at Harvard (LISH) is spurring the development of a science of innovation through a systematic program of solving real-world innovation challenges while simultaneously conducting rigorous scientific research. To date, LISH has worked with key partners in aerospace and healthcare, such as NASA, the Harvard Medical School, the Broad Institute, and the Scripps Research Institute to solve complex problems and develop impactful solutions. More information can be found at https://lish.harvard.edu/

Read More  New, Free Training Course Teaches Fundamentals Of Serverless On Kubernetes

Our humans need coffee too! Your support is highly appreciated, thank you!

aster_cloud

Related Topics
  • Core Infrastructure Initiative
  • FOSS
  • Harvard
  • Laboratory for Innovation Science
  • Snyk
  • The Linux Foundation
You May Also Like
View Post
  • Architecture
  • Data
  • Engineering
  • People
  • Programming
  • Software Engineering
  • Technology

Predictions: Top 25 Careers Likely In High Demand In The Future

  • June 6, 2023
View Post
  • Architecture
  • Platforms
  • Software
  • Solutions
  • Technology

What To Expect From Apple’s WWDC 2023

  • June 1, 2023
View Post
  • Tech

What Is Platform Engineering And Why Adopt It In Your Company?

  • June 1, 2023
View Post
  • Programming
  • Software Engineering
  • Technology

Build a Python App to Alert You When Asteroids Are Close to Earth

  • May 22, 2023
View Post
  • Programming

Illuminating Interactions: Visual State In Jetpack Compose

  • May 20, 2023
View Post
  • Containers
  • Public Cloud
  • Software
  • Software Engineering

How To Easily Migrate Your Apps To Containers — Free Deep Dive And Workshop

  • May 18, 2023
View Post
  • Software
  • Technology

Somehow OpenSearch Has Succeeded

  • May 16, 2023
View Post
  • Public Cloud
  • Software

Best Practices For Monetizing Cloud-based Technology And 5G Networks

  • May 15, 2023

Stay Connected!
LATEST
  • 1
    Predictions: Top 25 Careers Likely In High Demand In The Future
    • June 6, 2023
  • 2
    A S.W.O.T. Analysis Of Current A.I. Systems
    • June 6, 2023
  • Apple-WWCD23-Vision-Pro-glass-230605 3
    Introducing Apple Vision Pro: Apple’s first spatial compute
    • June 5, 2023
  • 4
    Apple Unveils New Mac Studio And Brings Apple Silicon To Mac Pro
    • June 5, 2023
  • 5
    Apple Introduces M2 Ultra
    • June 5, 2023
  • 6
    tvOS 17 Brings FaceTime And Video Conferencing To The Biggest Screen In The Home
    • June 5, 2023
  • 7
    Apple Introduces The 15‑Inch MacBook Air
    • June 5, 2023
  • 8
    Building A Kubernetes Platform: How And Why To Apply Governance And Policy
    • June 4, 2023
  • 9
    Leave, This “United” “Kingdom”, This “Great” “Britain”
    • June 4, 2023
  • 10
    Amazing Federated Multicloud Apps
    • June 2, 2023
about
Hello World!

We are aster.cloud. We’re created by programmers for programmers.

Our site aims to provide guides, programming tips, reviews, and interesting materials for tech people and those who want to learn in general.

We would like to hear from you.

If you have any feedback, enquiries, or sponsorship request, kindly reach out to us at:

[email protected]
Most Popular
  • 1
    Huawei ICT Competition 2022-2023 Global Final Held In Shenzhen — 146 Teams From 36 Countries And Regions Win Awards
    • May 27, 2023
  • 2
    Huawei OceanStor Pacific Scale-Out Storage Tops IO500 Rankings
    • May 26, 2023
  • 3
    What’s The Future Of DevOps? You Tell Us. Take The 2023 Accelerate State Of DevOps Survey
    • June 2, 2023
  • 4
    Resolving Deployment Issues With Ts-node And Azure Development Pipelines
    • June 1, 2023
  • 5
    MongoDB And Alibaba Cloud Extend Global Partnership
    • May 25, 2023
  • /
  • Technology
  • Tools
  • About
  • Contact Us

Input your search keywords and press Enter.