Although software is significantly changing our work, home, and personal lives, many dont realize that todays software is made up of numerous ingredients. Some of the software we use daily contains pieces of custom code thats developed internally by an organization, while other pieces of code come from community-driven open source projects that end up being baked-in to the final applications we utilize. Therefore, a combination of custom and open source code is employed by organizations who deliver the software products and services we often take for granted

The adoption of open source by software development teams has dramatically changed the software industry overall. Instead of building all software from scratch, organizations use open-source components to their advantage, providing common or repetitive features and functionalities. This primarily limits the use of custom code to proprietary features and functionality, while also being the shoestring that ties everything together. Subsequently, developers spend much of their time on key differentiators, rather than recreating common features.

Todays modern applications are made up of a significant percentage of open source and over 30M developers contribute to community-based platforms like GitHub, accelerating open source softwares acceptance and usage. In fact, analysts report that 95% of organizations consume open source software within their own mission-critical IT portfolios. As a result, organizations must recognize, accept, and oversee how and where open source is used in the products and services they deliver to the industry as a whole.

The practice of using open source components, libraries, and packages during software development does allow organizations to accelerate time to delivery, but it can also expose organizations to heightened levels of risk. For example, organizations that use open source are exposed to new security risks that materialize as a result of attackers taking advantage of the broad usage and open nature of open source. In addition, organizations are exposed to license risk, since open source components are governed by licenses (e.g., GPL, Apache) that set terms for the use of the components. And finally, organizations are exposed to operational risk (e.g., technical debt), because the open source support model depends on a community of contributors. Unfortunately, a community can abandon a particular component, version, or fork, and then the organizations using it in their software are left to patch it or evolve it. Thats the technical debt, effectively.

By using open source, organizations and development teams are trusting the open source community to update and maintain the components, release patches, and monitor for security issues. Diminishing community contributions, outdated component versions, and other similar factors increase exposure to operational risks and can increase the cost of support for a software component in use within an organizations codebase. This can increase the potential that an organizations developers need to spend time and resources performing new development to ensure the security and functionality of a component.

Although organizations acknowledge a heightened level of risk, unfortunately, most dont effectively track or manage open source throughout their entire codebase and cannot easily address the widening hazards they face. Todays organizations often lack automated, repeatable processes for open source usage, risk management, and remediation. For example, organizations may have no process in place for:

Clearly, in todays fast-paced development, delivery, and deployment models like DevOps, organizations need a software security solution that addresses open source challenges more than ever before. Checkmarx is committed to addressing this need head-on.

Checkmarx Software Composition Analysis (CxSCA) is the perfect solution for organizations who desire to further embed security within their DevOps initiatives by detecting and identifying open source components within their codebase and providing detailed risk metrics regarding vulnerabilities, potential license conflicts, and outdated libraries. Integrated as part of a secure SDLC and CI/CD pipeline, CxSCA enables development and security teams to prioritize and focus remediation efforts where they will be most effective and least costly.

Leveraging Checkmarxs industry-leading source analysis technologies, CxSCA is able to provide greater insight into open source security risks by verifying vulnerable conditions within the source code to determine whether vulnerabilities are actually exploitable and helping to prioritize risks for efficient and effective remediation. When used together, CxSAST and CxSCA allow organizations to secure both custom code and open source by focusing on generating results with the greatest accuracy and reducing the noise that distracts organizations from their true goal developing secure, high-quality software with great efficiency.

The Checkmarx approach to SCA is considered superior to other solutions in the market that rely on partnerships and complex integrations to do what Checkmarx does natively. Our cross-product synergies between CxSCA and CxSAST enable organizations to secure both custom code and open source while minimizing the burden of user administration and scan management via unified plugins. Checkmarx is also embracing the new role of developers as the first line of defense, while many other security approaches continue to focus on security teams as the gatekeepers of software security. This tactic allows Checkmarx customers to deploy software on aggressive DevOps release schedules, without sacrificing on security standards.

Checkmarxs mission is to deliver a complete suite of application security testing (AST) solutions to those responsible for securing software without impeding those responsible for developing and deploying it. We have the tools, techniques, solutions, and services to help organizations achieve, deliver, and ship more-secure software, which is now becoming the goal of every organization, developer, and security team member.

To learn more about CxSCA, or how to enhance your AST portfolio with both CxSAST and CxSCA, please request a demo here.

Stephen Gates is an experienced writer, blogger, and published author who brings 15+ years of hands-on knowledge in information security to the Checkmarx team. Stephen is dedicated to conveying facts, figures, and information that brings awareness to the cybersecurity issues all organizations and consumers face. Aligning with Checkmarx mission of improving software security for all organizations, he is an advocate and promoter of their solutions worldwide.

View post:
The Road to DevSecOps: Addressing the Challenges of Open Source Software - Security Boulevard

LONDON, June 4, 2020 /PRNewswire/ --Open source software (OSS) serves as the foundation of IT infrastructure worldwide, allowing e-commerce platforms and innovative over the top (OTT) players to bring services to market quickly. OSS is gradually driving the innovation agenda for communications service providers (CSPs), and by extension, it is now challenging the dominance of proprietary solutions in the telecoms industry. OSS holds the potential to play a key role in telco cloud deployments, a market that will potentially grow to US$29 billion by 2025, finds global tech market advisory firmABI Research.

CSPs that wish to keep abreast with OTT and web scale companies may have to implement the same technologies and agile processes to stay competitive and rapidly innovate. OSS and by extension, cloud technologies, promise nimbleness, but whether CSPs can seize the opportunity remains to be seen. Telecoms are driven by standard bodies that have long cycle times to next-generation technologies. On the other hand, open source is characterized by an agile approach that moves faster. "Though CSPs are at different timeslots in their digitalization journey, they should collectively propel the open source agenda forward. A close collaboration between standard bodies and open source communities is a step in that direction," says Don Alusha, Senior Analyst at ABI Research.

Furthermore, a key consideration before OSS garners vendors' support is the means of monetization. There are two main monetization models that vendors can potentially use to commercialize OSS. Namely, there is the support model and the alternative where the core of the product is open source, but vendors add proprietary bells and whistles on top. Red Hat pioneered the support model and it remains the leading vendor in commercializing OSS using that option. Other companies such as Cloudera and Hortonworks have successfully embraced underlying OSS to offer enterprise-grade modules under a commercial license.

In telecoms, the adoption of OSS is already underway among CSPs and it will almost certainly be mainstream by 2025. For example, CSPs like Orange and Bell Canada have created internal open source groups in a bid to become more well versed in interacting with community-developed software. To that end, CSPs no longer hold reservations in adopting OSS but are now considering ways to include it in their network operations and commercial undertakings. In fact, the industry at large stands to benefit from OSS innovation with the introduction of IT and cloud solutions. But, unlike the IT domain, telecoms infrastructure is characterized by stringent performance, reliability and security requirements that require telco-specific arrangements.

"Commercial models notwithstanding, telco vendors like Ericsson, Huawei, Nokia and ZTE can potentially leverage OSS to realize performance and scalability as they transition their products to cloud-native equivalents. At present, OSS serves as an enablement technology for these vendors as opposed to building a business out of OSS. But eventual diffusion of 5G may well mean that vendors will need to invest significantly in open source projects to develop carrier-grade products and services in next 5 years. When that take place, vendors will need to channel time and investment to establish a presence in open source communities," Alusha concludes.

These findings are from ABI Research's Open Source in the Telecoms Marketapplication analysis report.This report is part of the company's5G Core & Edge Networksresearch service, which includes research, data, and ABI Insights.Based on extensive primary interviews, Application Analysisreports present in-depth analysis on key market trends and factors for a specific application, which could focus on an individual market or geography.

About ABI Research

ABI Research provides strategic guidance to visionaries, delivering actionable intelligence on the transformative technologies that are dramatically reshaping industries, economies, and workforces across the world. ABI Research's global team of analysts publish groundbreaking studies often years ahead of other technology advisory firms, empowering our clients to stay ahead of their markets and their competitors.

ABI Research1990

For more information about ABI Research's services, contact us at +1.516.624.2500 in the Americas, +44.203.326.0140 in Europe, +65.6592.0290 in Asia-Pacific or visitwww.abiresearch.com.

Contact Info:

Global Deborah Petrara Tel: +1.516.624.2558 [emailprotected]

SOURCE ABI Research

http://www.abiresearch.com

View post:
Open Source Software to Drive Telecom's Innovation Agenda by 2025 - PRNewswire

Dublin, June 03, 2020 (GLOBE NEWSWIRE) -- The "Global and China Automotive Operating System (OS) Industry Report, 2019-2020" report has been added to ResearchAndMarkets.com's offering.

With advances in smart cockpit and intelligent driving, and enormous strides of Tesla, OEMs care more about automotive operating system (OS). Yet, it is by no means easy for both new carmakers and traditional OEMs to develop base software for intelligent cars. It is in the report that world's vehicle OS vendors are compared and analyzed.

Auto OS is generally classified into four types:

OEMs are not only striving to gain control of vehicle base software and hardware and apt to use neutral OS, but exerting itself to reduce the development cycle and costs by more collaborations and leveraging open source software organizations.

Preference to Neutral and Free OS

It can be seen in the table below that most Chinese automakers select Android, while foreign peers choose AGL. Both Android and and AGL are neutral and free operating systems.

AGL now has the support of 11 OEMs including Toyota, VW, Daimler, Hyundai, Mazda, Honda, Mitsubishi, Subaru, Nissan, SAIC , etc.

AGL addresses 70% of OS development work, while the remaining 30% can be developed by OEMs. This facilitates development progress and cuts costs significantly.

More than 140 AGL members work together to develop a common platform for infotainment, which will be further available to ADAS, OTA, gateway, V2X and automated driving in the future.

ANDROID ecosystem, compared with AGL, is more mature and widely used by Chinese OEMs. However, OEMs felt risky to apply ANDROID as Google banned Huawei from using the Google Mobile Services (GMS) on Huawei phones in 2019, giving vitality to other operating systems. For instance, AliOS has already been seen in at least nine auto brands.

Reduce Development Cycle and Costs with the Help of Open Source Software Organizations

The GENIVI Alliance was jointly founded by giants like BMW, GM and Intel in 2009, aiming to offer applicable standards and open source codes for in-vehicle infotainment (IVI) platform. The alliance associates with the users of Android, AUTOSAR, Linux, and other in-car software and the solution suppliers to form a productive and collaborative community of 100+ members worldwide encompassing leading automakers, Tier 1 suppliers, semiconductor suppliers, software developers and service providers. GENIVI alliance always leads in field of open source cockpit software development.

The successful operation of GENIVI Alliance shows the industry's urgent need to reduce development costs and avoid the duplication of development via open source software organizations.

The Autoware Foundation is a non-profit organization founded in Dec. 2018, aiming to develop open source software for autonomous vehicle. With nearly 40 members globally, Autoware is adopted by over 200 organizations in the world.

IT firms Marry Cars and Various Smart Hardware via OS

LG acquired webOS (developed by Palm) from HP in 2013, and then extended webOS as a mobile phone OS to the suitable one for TVs, smart refrigerators, smart watches and smart cars. At present, LG has sold millions of its webOS-enabled Smart TVs. In the early 2020, LG's webOS is increasingly seen in automotive sector.

Samsung has ambitious plans for Tizen, an open operating system, which has already been found in Samsung's wearables and smart fridges, and will be applied to floor mopping robots, washing machines, air conditioners and even cars in future.

Huawei does alike in Harmony OS, a microkernel-based, distributed OS designed to deliver a 'smooth experience' across all devices in all scenarios. It enables seamless cross-terminal synergy across multiple devices and platforms including smart phone, TV, Tablet PC and automotive infotainment.

IT companies are attempting to realize intelligence of all scenarios from mobility, home to office by centering on OS. It remains to be seen whether OEMs will adopt the plan and when the plan will be actually carried out.

Companies Mentioned

Key Topics Covered

1. Overview of Auto OS1.1 Definition and Classification of Auto OS1.2 Basic Auto OS1.2.1 Introduction to Basic Auto OS1.2.2 Market Share of Basic Auto OS1.3 Customized Auto OS1.3.2 Comparison of Customized Auto OS1.3.3 Chip Makers and OS Customized Partners1.4 ROM Auto OS1.5 Automotive Phone Mapping System1.6 Hypervisor1.6.1 Introduction to Hypervisor1.6.2 Hypervisor Becomes the Inevitable Choice1.6.3 Comparison of Main Hypervisors1.7 Hardware Platform and OS for Autonomous Driving1.8 Automotive OS Related Standard: OSEK1.9 Automotive OS Open Organization: GENIVI1.9.1 Introduction to GENIVI1.9.2 Members of GENIVI1.9.3 Main Achievements of GENIVI1.9.4 Examples of Achievements of GENIVI1.9.5 Main Roles of GENIVI1.9.6 Development Trend of GENIVI1.10 Auto OS Open Organization: AUTOSAR1.10.1 Introduction to AUTOSAR1.10.2 Main Members of AUTOSAR1.10.3 Classic AutoSAR Architecture1.10.4 Adaptive AutoSAR Architecture1.10.5 Comparison of Classic and Adaptive AutoSAR1.10.6 Integration of Adaptive AutoSAR and ROS1.11 Auto OS Open Organization: Autoware Foundation

2. Basic Auto OS and Companies2.1 QNX2.1.1 Introduction to QNX2.1.2 Introduction to BlackBerry2.1.3 QNX Cockpit Software Platform Solution2.1.4 QNX System Architecture2.1.5 QNX Partners2.1.6 Trend of QNX in Automotive Field2.2 Linux&AGL2.2.1 Introduction to Linux&AGL2.2.2 Main Functions of AGL2.2.3 Members of AGL2.2.4 Dynamics of AGL&LINUX2.3 Android2.3.1 Introduction to Android2.3.2 Automotive Users of Andriod2.3.3 Trend of Android in Automotive Field2.4 AliOS2.4.1 Introduction to AliOS2.4.2 AliOS Solution2.4.3 Main Customers of AliOS2.4.4 Trend of AliOS in Automotive Field2.5 webOS2.5.1 Development Course of webOS2.5.2 OSE Component and Development Roadmap2.5.3 Integration with AGL2.5.4 Trend of webOS in Automotive Field2.6 Harmony OS2.6.1 Introduction to Harmony OS2.6.2 Development Course of Harmony OS2.6.3 Huawei HiCar2.7 VXWORKS2.7.1 Introduction to VxWorks2.7.2 Products of WindRiver2.7.3 Trend of WindRiver Products in Automotive Field2.8 Integrity2.9 Ubuntu2.10 ROS

3. Custom-made Auto OS3.1 Baidu In-Car OS3.1.1 Introduction to DuerOS3.1.2 Applied Scenarios and Automotive Clients of DuerOS3.1.3 Cooperation Case of DuerOS3.1.4 Xiaodu In-Car OS3.1.5 Cooperation Case of Apollo Xiaodu In-Car OS3.1.6 Xiaodu In-Car OS 20203.1.7 Apollo Cyber RT3.2 Qing OS3.2.1 Introduction to Qing OS3.2.2 Functions of Qing OS3.2.3 Cooperative Projects of Qing OS3.3 Mushroom OS3.3.1 Introduction to Mushroom OS3.3.2 Products and Services of Mushroom Car Link3.3.3 Clients and Partners3.4 Apex.AI3.4.1 Introduction to Apex.AI3.4.2 Features of Apex.OS3.4.3 Applied Scenarios of Apex.OS and Services Provided3.5 vw.OS3.5.1 Introduction to vw.OS3.5.2 Development Course of vw.OS3.5.3 Overall Layout of VW's Software

4. Hypervisor4.1 Overview4.1.1 Introduction to Hypervisor4.1.2 Comparison of Major Hypervisors4.2 QNX Hypervisor4.2.1 Introduction to QNX Hypervisor4.2.2 Features of QNX Hypervisor4.3 ACRN4.3.1 Introduction to ACRN4.3.2 Composition of ACRN4.4 COQOS Hypervisor4.5 PikeOS4.6 EB Corbos Hypervisor4.7 Harman Device Virtualization4.8 VOSYSmonitor

5. Infotainment and Smart Phone Mapping Software5.1 Carplay5.1.1 Introduction to Carplay5.1.2 Main Functions of Carplay5.2 Android Auto5.2.1 Introduction to Android Auto5.2.2 Development Trend of Android Auto5.3 Carlife5.3.1 Introduction to Carlife5.3.2 CarLife+5.3.3 Partial Partners5.4 MirrorLink5.5 Hicar5.5.1 Introduction to Hicar5.5.2 Dynamics and Partners of Hicar5.6 Carbit5.7 Qing Mobile5.7.1 Introduction to Qing Mobile5.7.2 Highlights of Qing Mobile

6. Auto OS Solution Providers6.1 Neusoft6.1.1 Introduction to NeuSAR6.1.2 Main Products6.1.3 Dynamics of NeuSAR6.2 Thundersoft6.2.1 Profile6.2.2 Development Course6.2.3 OS Services6.2.4 Products6.2.5 OS Projects6.3 iSoft6.3.1 Profile6.3.2 Development Course6.3.3 Products and Services6.4 ArcherMind Technology6.4.1 Profile6.4.2 UOS6.4.3 Main Products

For more information about this report visit https://www.researchandmarkets.com/r/zqcto

Research and Markets also offers Custom Research services providing focused, comprehensive and tailored research.

Link:
Assessment of Global and Chinese Automotive Operating System Markets, 2019-2020 - GlobeNewswire

Tony Xu, President of Huawei Ascend Computing, said, "The Huawei Atlas AI computing solution provides powerful computing and ultimate energy efficiency for all AI scenarios across devices, the edge, and the cloud. The Atlas 900 AI cluster provides data centers with powerful computing, high linearity, and the best energy efficiency to accelerate data-intensive research, such as astronomical exploration, weather prediction, oil exploration, and gene sequencing. Research breakthroughs translate into practical benefits for people worldwide."

Atlas 900 is the fastest AI training cluster in the world. It delivers a total computing power of 256 to 1024 petaFLOPS at half precision (FP16), equivalent to the computing power of 500,000 personal computers. Atlas 900 shattered the world record on the ResNet-50 benchmark test for model training by completing training in 59.8 seconds. Atlas 900 is the only product capable of completing the training in under a minute. Atlas 900 has broad applications in scientific research and business innovation for faster training of AI models with images and videos.

Atlas 900 integrates three interfaces for high-speed interconnection: Huawei Cache Coherence System (HCCS), PCIe 4.0, and 100G Ethernet. The Atlas 900 AI cluster leverages the Huawei CloudEngine data center switches to work on a 100 TB/s full-mesh, non-blocking dedicated network for parameter synchronization. The network slashes parameter synchronization latency by 10 to 70 percent to streamline AI model training.

Heat dissipation is a critical issue for an AI training cluster with such high computing power. That is why the Atlas 900 AI cluster adopts a groundbreaking system for heat dissipation. It leads industry innovation with a full liquid cooling solution and a rack-scale enclosed adiabatic design. This design delivers tremendous heat dissipation even for single racks with power consumption of up to 50 kW. It achieves a power usage effectiveness (PUE) of below 1.1 for data centers, almost reaching the ideal PUE of 1.0. Atlas 900 improves over air-cooled 8-kW racks by reducing equipment room space by 79%. Its innovative liquid cooling system provides energy-intensive, high-density, and low-PUE deployment to drastically reduce customer TCO.

Huawei is fostering cooperation to build the Ascend computing industry with open hardware, open source software, and partner enablement. Huawei provides full-stack AI computing infrastructure and application solutions to power industries with AI and create pervasive intelligence.

--Ends--

About Huawei

Huawei is a leading global provider of information and communications technology (ICT) infrastructure and smart devices. With integrated solutions across four key domains telecom networks, IT, smart devices, and cloud services we are committed to bringing digital to every person, home and organization for a fully connected, intelligent world.

Huawei's end-to-end portfolio of products, solutions and services are both competitive and secure. Through open collaboration with ecosystem partners, we create lasting value for our customers, working to empower people, enrich home life, and inspire innovation in organizations of all shapes and sizes.

At Huawei, innovation focuses on customer needs. We invest heavily in basic research, concentrating on technological breakthroughs that drive the world forward. We have more than 194,000 employees, and we operate in more than 170 countries and regions. Founded in 1987, Huawei is a private company wholly owned by its employees. For more information, please visit Huawei online at http://www.huawei.com or follow us on:

http://www.linkedin.com/company/Huawei http://www.twitter.com/Huawei http://www.facebook.com/Huawei http://www.youtube.com/Huawei

Photo - https://mma.prnewswire.com/media/1176654/Huawei.jpg

http://www.huawei.com

SOURCE Huawei

Follow this link:
Huawei Atlas 900 AI Cluster Wins the Only Best of Show Award for AI at Interop Tokyo 2020 - PRNewswire

The Business Analytics And Enterprise Software Market research report enhanced worldwide Coronavirus COVID19 impact analysis on the market size (Value, Production and Consumption), splits the breakdown (Data Status 2014-2020 and 6 Year Forecast From 2020 to 2026), by region, manufacturers, type and End User/application. This Business Analytics And Enterprise Software market report covers the worldwide top manufacturers like (SAP, SAS Institute, IBM, Oracle, Tableau Software) which including information such as: Capacity, Production, Price, Sales, Revenue, Shipment, Gross, Gross Profit, Import, Export, Interview Record, Business Distribution etc., these data help the consumer know about the Business Analytics And Enterprise Software market competitors better. It covers Regional Segment Analysis, Type, Application, Major Manufactures, Business Analytics And Enterprise Software Industry Chain Analysis, Competitive Insights and Macroeconomic Analysis.

Get Free Sample PDF (including COVID19 Impact Analysis, full TOC, Tables and Figures)of Business Analytics And Enterprise Software[emailprotected]https://www.researchmoz.us/enquiry.php?type=S&repid=2082114

Business Analytics And Enterprise Software Market report offers comprehensive assessment of 1) Executive Summary, 2) Market Overview, 3) Key Market Trends, 4) Key Success Factors, 5) Business Analytics And Enterprise Software Market Demand/Consumption (Value or Size in US$ Mn) Analysis, 6) Business Analytics And Enterprise Software Market Background, 7) Business Analytics And Enterprise Software industry Analysis & Forecast 20202026 by Type, Application and Region, 8) Business Analytics And Enterprise Software Market Structure Analysis, 9) Competition Landscape, 10) Company Share and Company Profiles, 11) Assumptions and Acronyms and, 12) Research Methodology etc.

Scope of Business Analytics And Enterprise Software Market:Business analytics software is a software that is designed to analyze business data to better understand an organizations strengths and weaknesses. Enterprise Software is a software used to satisfy the needs of an organization rather than individual users. Such organizations include businesses, schools, interest-based user groups, clubs, charities, and governments.

Over the past five years there has been an increasing prevalence of low cost open source alternatives. Open source has become a preferred platform for developing new technology. In the past, software product companies would open source software that was not making money, but now companies are open sourcing software to increase its presence and share in the market.

On the basis on the end users/applications,this report focuses on the status and outlook for major applications/end users, shipments, revenue (Million USD), price, and market share and growth rate foreach application.

Commcial Governments Others

On the basis of product type, this report displays the shipments, revenue (Million USD), price, and market share and growth rate of each type.

Tools Software Manageware

Do You Have Any Query Or Specific Requirement? Ask to Our Industry[emailprotected]https://www.researchmoz.us/enquiry.php?type=E&repid=2082114

Geographically, the report includes the research on production, consumption, revenue, Business Analytics And Enterprise Software market share and growth rate, and forecast (2020-2026) of the following regions:

Important Business Analytics And Enterprise Software Market Data Available In This Report:

Strategic Recommendations, Forecast Growth Areasof the Business Analytics And Enterprise Software Market.

Challengesfor the New Entrants,TrendsMarketDrivers.

Emerging Opportunities,Competitive Landscape,Revenue Shareof Main Manufacturers.

This Report Discusses the Business Analytics And Enterprise Software MarketSummary; MarketScopeGives A BriefOutlineof theBusiness Analytics And Enterprise Software Market.

Key Performing Regions (APAC, EMEA, Americas) Along With Their Major Countries Are Detailed In This Report.

Company Profiles, Product Analysis,Marketing Strategies, Emerging Market Segments and Comprehensive Analysis of Business Analytics And Enterprise Software Market.

Business Analytics And Enterprise Software Market ShareYear-Over-Year Growthof Key Players in Promising Regions.

What is the (North America, South America, Europe, Africa, Middle East, Asia, China, Japan)production, production value, consumption, consumption value, import and exportof Business Analytics And Enterprise Software market?

To Get Discount of Business Analytics And Enterprise Software Market:https://www.researchmoz.us/enquiry.php?type=D&repid=2082114

Contact:

ResearchMozMr. Rohit Bhisey,Tel: +1-518-621-2074USA-Canada Toll Free: 866-997-4948Email:[emailprotected]

Browse More Reports Visit @https://www.mytradeinsight.blogspot.com/

Read the rest here:
Business Analytics And Enterprise Software Market Potential Growth, Share, Demand And Analysis Of Key Players- Analysis Forecasts To 2026 - Farmers...

With most of the companies leveraging SDN technologies for accelerating work-flow automation, SDN market has been observing robust expansion lately. SDN facilities offer several benefits to leading organizations, some of them being, a rise in resource flexibility, low infrastructure cost, better data center visualization, and growing resource utilization. Pertaining to the same, in addition to considering the growing popularity of open source software, most of the giants in SDN industry have been signing on partnerships with competitors to bring forth innovative SDN facilities.

Say for instance, Orange Business Services has recently teamed up with one of the leading behemoths in the SDN industry Cisco, to develop intent based networking with the help of artificial intelligence. Through this partnership, the firm is also looking forward to encouraging customers to incline toward digitalization and cloud with the adoption of new age software facilities. Numerous other companies are apparently implementing visualization technologies like SDN to speed up their digital transformation with reliability, agility, and cost effectiveness, fueling the commercialization graph of SDN market. Driven by the growing adoption rate of virtualized solution across several sectors including retail, government, banking, healthcare, IT services, and consumer goods, SDN industry size has been forecast to grow tremendously over the years ahead.

Get sample copy of this research report @ https://www.gminsights.com/request-sample/detail/2395

In recent times, many IT service companies have willingly changed their perspective toward the adoption evolving software-based solutions to resolve several business challenges. Tech giants in SDN market have worked to introduce several scalabilities and performance improvements in SDN components, which has encouraged service companies to deploy SDN facilities across their organizations. Programmable SDN indeed boasts of several benefits, on the grounds of which service companies have lately been demanding these networking services on a large scale, thereby driving SDN industry dynamics.

The banking sector in particular, has witnessed a significant transformation due to technology innovations and improved methodologies. From the technical point of view, currently, for gaining more profit, banks have been implementing complex computing architectures, data center sets, and vendor relationships. For instance, recently, online tabloids were ablaze with the news of Malaysian banks wanting to implement digitalization, owing to which they have been planning to invest in the latest technologies over the coming three years. More than 50% of Malaysia based banks apparently, are looking forward to inking agreement deals with leading players in SDN industry. The initiatives taken by banks to enhance their technological and digital capabilities for efficient and accurate financial offerings are likely to have a remarkable impact on APAC SDN market share.

Speaking on similar lines, merely a year before, the internet behemoth Google, penetrated Asia SDN market with the intent of transforming the telecom sector with SDN based platforms. In this regard, the firm had already collaborated with Indian telecom operator, Bharti Airtel and the South Korea based SK Telecom. According to the tech magnate, the deployment of SDN based platforms will help telecom networks in the region to adopt new services and traffic patterns very effectively. In addition, the Indian government is also contributing toward the improvement of telecommunication facilities across the country. Recently, under the Smart City Program, the Pune Municipal Corporation collaborated with Google, IBM, RailTel, and L&T to provide Google Station WiFi facility in the city. In essence, the shifting trends toward data revolution are certain to boost India SDN industry size over the years ahead.

Get this report Customized to your requirements @ https://www.gminsights.com/roc/2395

Some Point from Table of Contents:

Chapter 6.Global SDN Market, By End-Use

6.1.Key trends, by end-use

6.2.Enterprise

6.2.1. Market estimates and forecast, 2014 2025

6.2.2. BFSI

6.2.2.1.Market estimates and forecast, 2014 2025

6.2.3. Consumer goods & retail

6.2.3.1.Market estimates and forecast, 2014 2025

6.2.4. Government & defense

6.2.4.1.Market estimates and forecast, 2014 2025

6.2.5. Healthcare

6.2.5.1.Market estimates and forecast, 2014 2025

6.2.6. Manufacturing

6.2.6.1.Market estimates and forecast, 2014 2025

6.2.7. IT enabled services

6.2.7.1.Market estimates and forecast, 2014 2025

6.2.8. Others

6.2.8.1.Market estimates and forecast, 2014 2025

6.3.Telecom service provider

6.3.1. Market estimates and forecast, 2014 2025

6.4.Cloud service provider

6.4.1. Market estimates and forecast, 2014 2025

Browse complete Table of Contents (ToC) of this research report @

https://www.gminsights.com/toc/detail/software-defined-networking-sdn-market

About Global Market Insights:

Global Market Insights, Inc., headquartered in Delaware, U.S., is a global market research and consulting service provider; offering syndicated and custom research reports along with growth consulting services. Our business intelligence and industry research reports offer clients with penetrative insights and actionable market data specially designed and presented to aid strategic decision making. These exhaustive reports are designed via a proprietary research methodology and are available for key industries such as chemicals, advanced materials, technology, renewable energy and biotechnology.

Contact us:

Arun HegdeCorporate Sales, USAGlobal Market Insights, Inc.Phone:1-302-846-7766Toll Free: 1-888-689-0688Email: [emailprotected]

Read this article:
SDN Market to Register A Phenomenal Valuation of USD 100 Billion By 2025, Increasing Adoption Of Advanced Technology Facilities To Boost The Product...

Malware abused the build process on GitHub

ANALYSIS GitHub has published an informative post-mortem of a real-world open source software supply chain attack.

NetBeans repositories on GitHub were used as a delivery point to serve the Octopus Scanner malware, a backdoor specifically designed to infect NetBeans projects.

As a result of the attack, the open source build process was compromised, and 26 open source projects were affected.

The attack went far deeper than the more commonplace problem of the GitHub platform being abused as part of a command and control (C2) infrastructure.

GitHub learnt of the security breach on March 9, via a tip off from an independent security researcher who warned that a set of GitHub-hosted repositories were actively serving malware.

Subsequent investigations confirmed that the Octopus Scanner malware was capable of cataloguing NetBeans project files before embedding malicious payload both in project files and build JAR files.

The affected repository owners were most likely completely unaware of the malicious activity, and sorting out the mess was a challenge because simply blocking or banning maintainers wasnt a good option.

GitHub Security Lab had to work out how to properly remove the malware from infected repositories, without having to shut down user accounts.

A detailed technical analysis by GitHubs Alvaro Muoz explains how the security team, with no small amount of difficulty, accomplished this process.

RELATED GitHub showcases new code-scanning security tools at virtual event

Many questions about the attack remain not least why the malware authors targeted NetBeans build process, a comparatively unfashionable Java IDE.

If malware developers took the time to implement this malware specifically for NetBeans, it means that it could either be a targeted attack, or they may already have implemented the malware for build systems such as Make, MsBuild, Gradle and others as well and it may be spreading unnoticed, said Muoz.

Even though the malware C2 servers didnt seem to be active at the time of analysis, the affected repositories still posed a risk to GitHub users that could potentially clone and build these projects.

Brian Fox, CTO at open source software security specialist Sonatype, commented that what makes Octopus Scanner so dangerous is that infects developer tools that subsequently infect all of the projects they are working on, impacting their team or community of open source users.

The Octopus Scanner malware validates the importance of analysing binaries within your code and not taking the word of the manifest, Fox said.

What makes Octopus so dangerous is that it has the capability to infect other JAR files in the project, so a developer ends up using and distributing the mutated code to their team or community of open source users.

Weve seen over 20 one-off attempts at malicious code injection within OSS projects, but this is a new form of attack. This attack infects developer tools that subsequently infect all of the projects they are working on.

In response to questions from The Daily Swig, Nico Waisman, head of GitHub Security Lab, explained that the goal of the Octopus Scanner was to insert backdoors into artefacts built by NetBeans, so that the attacker could then use these resources as part of a command and control server.

There was no evidence that the 26 open source projects were actually targeted by the malware, Waisman added.

The malwares primary goal was to infect a developers computer and spread through NetBeans projects. As a consequence of the developers infection, they unintentionally uploaded backdoored code to their repositories.

Software dependencies are pervasive, so its become normal for projects to use hundreds or even thousands of open source dependencies. Attackers are taking advantage of this to craft attacks, Waisman warned.

Although open source is easy for developers, it also means its easy for attackers, Waisman said. Attackers are pursuing supply chain compromises because they can have widespread reach. A single compromise vector gives them access to multiple targets.

Although supply chain compromises like this are scary, they remain rare, Waisman concluded.

The primary issue in supply chain security is unpatched software, Waisman told The Daily Swig. Its much easier for an attacker to take advantage of an unpatched, known vulnerability in a dependency, than to insert a new vulnerability into your code.

For a developer, the primary challenges are then knowing your dependencies, and knowing when they need to be patched. On GitHub, Dependency Graph helps you understand your projects dependencies, he concluded.

YOU MIGHT ALSO LIKE Open source tool searches for leaked secrets in GitHub commits

View post:
How Octopus Scanner malware attacked the open source supply chain - The Daily Swig

The Cloud Native Computing Foundation, the Linux Foundation-based home of open-source projects like Kubernetes, OpenTracing and Envoy, today announced that Dan Kohn, the long-time executive director of the organization, is stepping down, with Priyanka Sharma, the director of Cloud Native Alliances at GitLab, stepping into the general manager role. Kohn will continue to be part of the Linux Foundation, where he will launch a new initiative to help public health authorities use open source software to fight COVID-19 and other epidemics.

Sharma, who once presented in the TechCrunch Disrupt Battlefield competition a startup she co-founded, became part of the overall cloud-native community during her time as head of marketing and strategic partnerships at Lightstep, a role she took in 2016. Her involvement with the OpenTracing project snowballed into a deeper relationship with the CNCF, she told me. Once I joined GitLab, I was fortunate enough to be elected to the board of the CNCF and until the 31st, I am in that role, she told me. That was really helpful, but that gave me the context about how does such a successful foundation and community run what is the governance piece here which, when I was on the community side, I wasnt that involved in.

Kohn had been at the helm of the CNCF since 2016 and guided the project from its early days to becoming one of the most successful open-source foundations of all time. Its bi-annual conferences draw thousands of developers from all over the world. While its marquee project is obviously Kubernetes, Kohn and his team at the foundation put a lot of emphasis on the overall ecosystem. The organizations mission, after all, is to make cloud native computing ubiquitous. Today, the CNCF is home to 10 graduated projects, like Kubernetes, Prometheus, Envoy, Jaeger and Vitess, as well as 16 so-called incubating projects, like OpenTracing, Linkerd, Rook and etcd.

Priyankas contributions toCNCF as a speaker, governing board member, and community leader over the last several years has been invaluable, said Kohn in a statement. I think she is a great choice to lead the organization to its next stage.

Sharma says shell start her tenure by listening to the community. Cloud native has become the de facto standard, she said. Were doing great with regard to technology adoption, growth but as things evolve with the number of people already in the foundation that is on track to be 600 members I think as a community, and there is so much growth opportunity there, we can go deeper into developer engagement, have more conversations around education and understanding of all the projects. Now we have 10 graduated projects not just Kubernetes so theres lots of adoption to happen there. So Im just very excited for the second wave that we will have.

Now that everybody knows that DevOps and containers are, she wants to bring more people into the fold and also look at new technologies like serverless and service meshes. Weve been off to a blockbuster start and now I think we have to mature a little and go deeper, she said.

Its worth noting that current CNCF CTO Chris Aniszczyk will continue in his role at the foundation. The cloud native community has grown leaps and bounds in the last few years as companies look for more flexible and innovative solutions to meet their continuously evolving infrastructure and application needs, he said. As CNCF now reaches nearly 50 projects and 90,000 contributors globally, Im thrilled to have an opportunity to work with Priyanka to cultivate and grow our cloud native community in its next evolution.

Here is the original post:
Priyanka Sharma takes over the leadership of the Cloud Native Computing Foundation - TechCrunch

It is common knowledge in the manufacturing sector of the economy that many of the companies that should have deployed HPC simulation and modeling applications one or two decades ago to help with product design, among other tasks, did not do so. With the lowering of costs of HPC clusters based on X86 processors and the advent of open source software to perform many tasks, this seemed counterintuitive. Perplexing. And very annoying to those who were trying to address the missing middle, as it came to be called.

There are a lot of theories about what went wrong here, but at the very least, even with the lowering of the cost of HPC wares, buying a cluster, managing it, and keeping it busy to therefore justify the substantial investment was tough to rationalize, no matter the potential returns. Then there was the difficulty of sorting out how to make an HPC workflow, consisting of multiple applications hooked together, work well when existing systems designing with scientific workstations and easier to use CAD/CAM tools did the job. And even with the advent of the HPC in the public cloud, HPC machines might be easier to consume, but no one would call them inexpensive.

No one wants a missing middle with machine learning in the enterprise, which is a much broader market to be sure, and that is going to mean democratizing AI as vendors like Dell, Hewlett Packard Enterprise, Lenovo, IBM, and others have been trying to do for years in the HPC space. The good news now is that HPC and AI applications can usually run on the same iron, which allows investments to be amortized over more and more diverse workloads. The breadth of the market everyone has exploding datasets as they hoard data in the hopes of transmuting it into valuable nuggets of information also helps, because at the very least all companies can potentially use AI, whereas not every company can use traditional HPC simulation and modeling.

Dell was founded with the idea of making a decent X86 PC available for a reasonable price, and when Michael Dell formally entered the datacenter in November 1994 with the first PowerEdge machines, the idea was to bring that same commodity X86 philosophy to the glasshouse. And Dell, as much as any other vendor, pushed the X86 agenda hard and benefitted greatly from this, becoming the top server shipper during the height of the dot-com boom in 2001. Suffice it to say, the company knows a thing or two about bringing technologies to the middle and has also pushed up into the high end, particularly with the acquisition of EMC. That acquisition also brought Dell the VMware server virtualization juggernaut, whose software is used by over 600,000 organizations these days and has become over the past dozen years the dominant management substrate in the enterprise. And it is the combination of Dell iron and VMware software that can help shrink that potential missing middle in AI and also speed up the absorption of AI technologies by VMware.

The first step in this making AI real effort by Dell was to get the vSphere 7 virtualization stack, which we previewed back in March, out the door, complete with its Tanzu Kubernetes container orchestrator integrated with the virtual server platform that VMware is best known for. We could argue about whether or not running Kubernetes atop the ESXi hypervisor makes sense, but the point is moot. For a lot of enterprises, who are risk averse, this is how they are going to install Kubernetes because the VMware stack is how they manage their virtual infrastructure and the software that is packaged for it. This is very hard to change, and that is why VMware still has a growing and profitable business, with somewhere around 70 million VMs under management of ESXi and that had somewhere around an $11 billion run rate in the final quarter of fiscal 2020 ended in February, by our estimates. Thats about three-quarters of VMwares business, with another 15 percent being driven by vSAN virtual storage and another 10 percent being driven by NSX network virtualization. Going forward, ESXi will still grow modestly, and by the end of 2022, we expect that it will have an annualized run rate of $11.5 billion in revenues and represent about half of the business, with the remaining half split pretty evenly between vSAN and NSX.

If you wonder why as we often did VMware didnt go ahead with Project Photon and create a clean-slate Kubernetes platform, thats your answer. You dont upset that applecart. But you do try to tell people they can mix oranges and apples.

Ravi Pendekanti, senior vice president of server solutions product management and marketing at Dell said in an announcement today that Dell and VMware were finally working to preinstall the VMware stack on PowerEdge servers, which will make deployment for those enterprises. And that vSphere 7 stack will also include the Bitfusion GPU slicer and aggregator, which VMware acquired last summer, raising a few eyebrows. (But not ours.) The Bitfusion software allows for multiple GPUs in enclosures to be distinct from the servers and virtualized so they can be shared dynamically with servers and also allows for them to be pooled to create larger aggregations of GPU compute for both AI and HPC workloads, as it turns out. This disaggregation and pooling is key because GPUs are expensive and not every workload that can use them can have them installed. That is just way too costly. So having them disaggregated and available in a pool drives up sharing across time and utilization at any specific time, thus yielding better ROI for AI and, for those who need it, GPU-accelerated HPC workloads.

We are essentially doing for the accelerator space what we did for compute several years ago, explained Krish Prasad, senior vice president and general manager of VMwares Cloud Platform business unit, during the announcement today. But we have taken it one step further and have given customers the ability to pool the accelerators.

As an aside: It is a pity that VMware cant do the same thing for CPUs and memory across individual servers, but perhaps it will buy TidalScale and fix that. Anyway, the GPU middleware from Bitfusion, called FlexDirect, doesnt just do aggregation and remote pooling, but also has partitioning capability and without resorting to actually carving up the GPU hardware as Nvidia has done to create the Ampere GA100 GPU, which has slices that can act as one large GPU or eight tinier ones. With Bitfusion, the slices can be as small as 1/20th of the GPU and its memory. It is not clear how large of a pool Bitfusion can see, but in the past it was limited to eight GPUs.

Prasad added that the Bitfusion support with vSphere 7 comes initially on Dell PowerEdge R740 rack machines and PowerEdge C4140 semi-custom, hyperscale style machines. Presumably it will eventually be available on other Dell iron, and indeed on any server that supports VMware.

In the long run, these are all good first steps to getting broad adoption of AI among large enterprises, but there will have to be reference systems with software stacks, which Dell is getting ready for market but which the company did not talk about in detail today. Its the details that matter and that we can all learn from. Some information about the reference architectures can be found at this link, and the one for Bitfusion is interesting. This is a mix of the PowerEdge servers mentioned above plus physical networking:

This more generic reference architecture for virtual GPUs is also interesting.

We do know that these stacks can include the whole Cloud Foundation enchilada of virtualization and management software from VMware ESXi, its vSphere and now Bitfusion extensions, vCenter management, vSAN virtual storage, and NSX virtual networking or for those who want to go barer bones, the vSphere Scale-Out Edition, which has the ESXi hypervisor and vMotion for compute and storage, the vSphere Distributed Switch for virtual networking, and a bunch of management tool add-ons. Ultimately, full AI and HPC application stacks need to have reference architectures, probably in T-shirt sizes so customers can choose quickly, to make this even easier. Prices on these would be nice, too.

Continue reading here:
Avoiding The Missing Middle With AI - The Next Platform

GitHub has revealed that it recently discovered a powerful malware dubbed Octopus Scanner that not only infected devices owned by developers but also infected GitHub repositories and spread to new ones.

On 28th May, GitHubs Security Incident Response Team (SIRT) reported that it was recently alerted by a security researcher about a malware that was spreading itself via infected GitHub repositories. Upon investigating the alert, the SIRT team discovered Octopus Scanner, a malware "designed to enumerate and backdoor NetBeans projects, and which uses the build process and its resulting artifacts to spread itself."

JJ, the security researcher who alerted GitHub about the malware infection, told the company that as many as 26 GitHub repositories were infected by Octopus Scanner. Any developer who downloaded a project from an infected repository, activated the malware in their own systems. The malware would scan for a NetBeans IDE in developers' devices and if it is installed, the malware would infect every resulting JAR file with a dropper.

Once the dropper payload executes, it spawns a Remote Administration Tool (RAT) which connects to a set of C2 servers, gains control over the device, and prevents new project builds from replacing the infected build in order to preserve its malicious build artifacts.

"While we have seen many cases where the software supply chain was compromised by hijacking developer credentials or typosquatting popular package names, a malware that abuses the build process and its resulting artifacts to spread is both interesting and concerning for multiple reasons," GitHub said.

"In an OSS context, it gives the malware an effective means of transmission since the affected projects will presumably get cloned, forked, and used on potentially many different systems. The actual artifacts of these builds may spread even further in a way that is disconnected from the original build process and harder to track down after the fact.

"Since the primary-infected users are developers, the access that is gained is of high interest to attackers since developers generally have access to additional projects, production environments, database passwords, and other critical assets. There is a huge potential for escalation of access, which is a core attacker objective in most cases," it added.

The Security Incident Response Team also warned that just like the malware was designed to attack the NetBeans build process, similar malware can also be developed by hackers to target other frequently-used build processes such as Make, MsBuild, Gradle and others.

To prevent this from happenning, GitHub is planning to further improve the integrity and security of the OSS supply chain by introducing Dependency Graph, security alerts for vulnerable dependencies, automated security updates as well as code scanning and secret scanning that help detect potential issues in code.

The Octopus Scanner Malware validates the importance of analysing binaries within your code and not taking the word of the manifest. What makes Octopus so dangerous is that it has the capability to infect other JAR files in the project so a developer ends up using and distributing the mutated code to their team or community of open source users, says Brian Fox, CTO at open source software security specialist Sonatype.

Weve seen over 20 one-off attempts at malicious code injection within OSS projects, but this is a new form of attack. This attack infects developer tools that subsequently infect all of the projects they are working on. Its been open season on open source for a number of years, developers are on the front lines, and a new weapon has arrived on the battlefront.

Ive always described this in terms of a tainted food project. If you inspect a salad recipe, youll find all of the common ingredient names (aka the manifest), but quality is not an attribute of the ingredient list. Tainted lettuce wont be listed as an ingredient, but that doesnt mean you wont end up with E. coli when using it, he adds.

ALSO READ:Security flaw in Secure Shells implementation library luckily did not affect GitHub

See more here:
Octopus Scanner malware infected 26 GitHub repositories - TEISS