Industry 4.0 why smart manufacturing is moving closer to the edge – The Register

Sponsored Feature In the first two of three articles on why and how service providers and enterprises are taking advantage of the edge, we outlined edge market growth, and how open source software plays a key role in delivering the data processing advantages of edge working.

We also outlined edge use cases and laid out how pre-configured and validated configurations of Red Hat software for edge deployments were freely available from the open source software vendor through its Validated Patterns reference architectures.

In this third and final piece, we will take a close look at Industry 4.0, and why smart manufacturing is moving closer to the edge, with the help of key industry partnerships.

But first, let's recap the reasons why enterprises are adopting edge infrastructure in increasing numbers.

For many enterprises, it may be more efficient and cost-effective to process data close to where it is needed, at the edge. Edge computing enables quicker decisions as the data is processed and analyzed where it is generated - ie not in a remote datacenter or in the cloud. Edge installations also mitigate the intermittent connectivity and network latency issues that remote data processing often entails.

Edge deployments also aid operational resiliency and efficiency. For example, the network capacity costs fall as the amount of traffic generated by the organization is reduced. That can be supplemented by improvements in sustainability and overall energy efficiency, both of which can contribute to meeting strategic carbon neutrality targets. And of course, edge computing allows sensitive or proprietary data to remain within the organization, as opposed to traversing to the cloud.

Open source edge solutions are key to modernizing infrastructure, improving productivity and easing the management of operations, as they better support the integration between services and usually prove to be more scalable and cost-efficient.

This is no different when it comes to the transformation of operations technology environments that is the hallmark of the Fourth Industrial Revolution, often dubbed Industry 4.0. Advances in manufacturing have been driven by the development of various emerging technologies over the last few years.

With Industry 4.0, new technologies are being built into the factory to drive increased automation. This all leads to potentially smart factories that can, for instance, benefit from predictive maintenance, as well as improved quality assurance and worker safety.

At the same time, existing data challenges can be overcome. Companies operating across multiple locations often struggle to remove data silos and bring IT and OT (operational technology) together. An edge based on an open hybrid infrastructure can help them do this, as well as solving other problems.

These problems include reducing latency as a result of supporting a horizontal data framework across the organization's entire IT infrastructure, instead of relying on data being funneled through a centralized network that can cause bottlenecks. Edge computing opens hybrid-aligned to cloud services can also reduce the amount of mismatched and inefficient hardware that has gradually built up, and which is located in often tight remote spaces too.

Mark Wohlfarth, Vertical GTM Strategy, Edge Computing at Red Hat, says: "Industry 4.0 is fundamentally about transforming operational technology environments, delivering cheaper and more effective computing, with improved decision-making from better analytics - all from locally deployed sensors deployed at the edge."

He adds: "But to deliver the potential benefits, you need more than just robust infrastructure, you need the full power of the existing OT ecosystem to support the transformation."

In February 2021, Siemens, IBM and Red Hat came together to deliver an open, flexible and more secure solution for manufacturers and plant operators, which drives real-time value from operational data at the edge. In one month, a single manufacturing site can generate more than 2,200 terabytes of data, according to a report from IBM. Yet most of that data usually goes unanalyzed.

Through the joint initiative, Siemens Digital Industries Software is applying IBM's open hybrid cloud approach, built on Red Hat OpenShift, to extend the deployment flexibility of Siemens' MindSphere, an industrial IoT as-a-service.

Customers use MindSphere to collect and analyze real-time sensor data from products, plants, systems and machines, in order to drive optimization across production assets, manufacturing processes and products along the entire value chain. The partners said they will enable customers to run MindSphere on-premises at the edge to unlock speed and agility benefits in factory and plant operations.

In November 2021, Intel and Red Hat collaborated to bring Industry 4.0 transformation to smart manufacturing and the energy sector. This combined Red Hat's open source software and Intel's hardware architecture and software tool-sets.

The aim, they said, is to improve the management and performance of industrial control systems (ICS). The target areas include private 5G networks; open manufacturing platforms (OMP); software-defined automation and control functions at utilities, to help reduce the number of devices in substations, for instance; and autonomous mobile robotics (AMR), by integrating customer automation software with an edge server.

By coupling Intel Edge Controls for Industrial (Intel ECI) and Intel Edge Insights for Industrial (Intel EII) with Red Hat open hybrid cloud technologies, said the partners, ICS vendors, hardware providers, software developers and solution providers are being offered a "holistic solution". This spans from real-time shop floor control and artificial intelligence/machine learning (AI/ML) to full IT manageability -through fully integrating OT and IT systems.

Intel has developed a software reference architecture with Intel ECI that creates an open, portable platform to power autonomous operations and support AI/ML models at the edge. This, it says, can be updated "without impacting the reliability or resilience of the organization." Red Hat is helping ICS vendors to integrate Intel ECI into their offerings.

Along with Red Hat Enterprise Linux and Red Hat OpenShift, Red Hat Advanced Cluster Management for Kubernetes and Red Hat Ansible Automation Platform are bundled with the Intel platforms, to provide the management and automation needed to "drive visibility and consistency across the organization's entire domain", says Red Hat.

In the energy sector, for instance, how do you manage edge computing sensors at scale, moving from many thousands of deployments to perhaps millions of them? And, in the remote environments that have to be managed, how do you know that every edge device is even still there?

Oil and gas companies commonly use temperature, flow rate and pressure sensors to aid upstream exploration and production by monitoring the operational status of rigs and wells used in the drilling and extraction process, for example. Connected plungers and liquid level sensors can also improve efficiency by helping to clear the clogged pipes which impede natural gas production.

These firms also have to work out how to patch device vulnerabilities, as well as efficiently install new applications in the field.

Recently, an oil supermajor needed to determine how an operating system (OS) could provide IT capabilities while also solving field-level issues encountered during exploration and production. The IT team also needed to devise a way to load an OS, designed to run in the datacenter, onto smaller devices that live in the field.

Among other considerations, the team looked at how to perform patching, maintain the security of the OS itself, and ensure recoverability. These, and other challenges, would require new approaches, because IT staff could not just walk to a server as they would in a datacenter.

The company turned to Red Hat for help. The Red Hat team then worked with the energy firm to define the necessary components needed to address its needs and achieve its IoT vision.

Furthermore, the partners said they created a blueprint for these improved edge capabilities for the entire oil and gas industry in an open way.

Here, we have shown why smart manufacturing is moving closer to the edge, and how key industry partnerships are allowing it to happen, through an open hybrid infrastructure that ties all data together - to deliver faster, reliable and more comprehensive business insights.

Sponsored by Red Hat.

JavaScript Disabled Please Enable JavaScript to use this feature.

Originally posted here:
Industry 4.0 why smart manufacturing is moving closer to the edge - The Register

Open source software and DevOps: What are they, and how can your business benefit? – SmartCompany

Open source software and DevOps: How can your business benefit?

Open source software is the way of the future. Source: Unsplash/Mikhail.

Small and medium enterprises are the lifeblood of Australias economy. But with digital technologies radically transforming customer expectations and the way business is conducted, SMEs are under increasing pressure to innovate.

Against this backdrop, open source software represents a golden opportunity, offering Australian SMEs a route to innovation and a surefire way to develop extraordinary software and services, inevitably leading to business growth.

The world runs on software and especially open source. In fact, 99% of software projects contain an open source component. From hotel bookings to banking, so many new applications are built with code that anyone can inspect, modify and enhance. Thats because open source software is built and maintained publicly, meaning developers from all over the world can contribute to a single software project.

Put simply, open source is an enabler of innovation, increasing collaboration, enhancing security, optimising software reliability, and improving the quality of your digital services.

Access exclusive funding information, ATO guidance, and founder interviews.

Insert

" + _localizedStrings.redirect_overlay_title + "

" + _localizedStrings.redirect_overlay_text + "

Follow this link:
Open source software and DevOps: What are they, and how can your business benefit? - SmartCompany

OpenMetal Joins the Open Infrastructure Foundation – PR Newswire

VIRGINIA BEACH, Va., April 12, 2022 /PRNewswire/ -- Open source software and community advocate, OpenMetal, is increasing its commitment to open source, building upon an Open Infrastructure Foundation (OIF)membership.

OpenMetalbelieves it's critical to build in monetary and operational support while delivering benefits such as cost transparency, flexibility, and technology freedom. Now our open source commitment is increasing with the Open Infrastructure Foundation. "We believe in the Open Infrastructure Foundation because the mission is not to monetize their projects by crippling the open source version," Todd Robinson, OpenMetal President continues, "but to provide their full powered projects to the world as is."

Open Infrastructure Foundation's (OIF) goal is to build an open infrastructure for the next decade by solving hard infrastructure problems with larger markets. There are new demands being placed on infrastructure that are being driven by modern use cases such as: containers, AI, machine learning, 5G, NFV, and edge computing. OIF is building a community to write open-source software that addresses these infrastructure markets. The Foundation wants to ensure that the solutions to these demands are developed in the open, using the same transparent and proven approach to open source.

"Foundation members like OpenMetal play a vital role in making community-driven software development work,"said Mark Collier, COO of the Open Infrastructure Foundation. "The engagement and active participation of hosted private cloud providers is critical in bringing the voice of bare metal providers into the development roadmap. The support of OpenMetal as a member is a powerful confirmation of the vision and direction of our community, and we're looking forward to their participation in building the next 10 years of infrastructure software."

As a Silver Member, OpenMetal will be an exhibitor at the OpenInfra Summit in Berlin June 7-9, 2022. Our dedicated team of engineers will be at the event to meet with attendees and offer a live demonstration of how easily accessible we've made On-Demand Private Clouds for customers to deploy within 45 seconds. Save your seat now, here.

Experience OpenMetal On-Demand Private Clouds for YourselfExperience the ease and speed of building an OpenMetal On-Demand Private Cloud on OpenStack. Request an online test drive and limited-time trial at: https://openmetal.io/free-trial/.

For more information on OpenMetal, visit https://openmetal.io

LinkedIn: OpenMetal.ioTwitter: @OpenMetal_io.YouTube: OpenMetalFacebook: OpenMetal.io

About OpenMetalOpenMetal, a division of InMotion Hosting (IMH), is an infrastructure-as-a-service (IaaS) company delivering cloud and cloud-based technology services that enable easy use of complex open source options to provide greater performance, productivity, and profitability for companies of all sizes. As a strategic member of the Open Infrastructure Foundation (OIF), OpenMetal is committed to empowering individuals by themselves or within teams to meaningfully contribute to the larger open source community to foster innovation that benefits all.

About OpenStack Infrastructure FoundationThe Open Infrastructure Foundation (OIF) builds communities that write open source infrastructure software that runs in production. With the support of over 100,000 individuals in 187 countries, the OIF hosts open source projects and communities of practice, including infrastructure for AI, container native apps, edge computing and datacenter clouds.

Media Contact:Tim Monner[emailprotected]877-728-9664

SOURCE OpenMetal

Originally posted here:
OpenMetal Joins the Open Infrastructure Foundation - PR Newswire

Truist Joins the Open Invention Network – GlobeNewswire

DURHAM, N.C., April 12, 2022 (GLOBE NEWSWIRE) -- Open Invention Network (OIN), the organization formed to safeguard open source software (OSS) and now the largest patent non-aggression community in history, announced today that Truist Financial Corporation (Truist) has joined as a community member. Truist is the sixth largest U.S. bank by assets and the seventh largest global insurance broker. As a significant user and supporter of open source, Truist is reinforcing its commitment to OSS as an enabler of advanced financial services and mobile banking platforms.

Banking and insurance platforms increasingly rely on open source technologies to modernize existing systems and build new Fintech-driven capabilities, said Keith Bergelt, CEO of Open Invention Network. We are pleased that an established financial services leader like Truist is committed to patent non-aggression in core Linux and adjacent open source technologies.

"As we build a better experience for our clients, open source can be a significant innovation enabler for the platforms and applications we build and integrate, said Truist Chief IP Counsel Michael Springs. Were proud to join the Open Invention Network and support its role in protecting open source software from patent risk.

OINs community practices patent non-aggression in core Linux and adjacent open source technologies by cross-licensing Linux System patents to one another on a royalty-free basis. Patents owned by Open Invention Network are similarly licensed royalty-free to any organization that agrees not to assert its patents against the Linux System. The OIN license can be signed online at http://www.j-oin.net/.

AboutTruistTruist Financial Corporation is a purpose-driven financial services company committed to inspiring and building better lives and communities. Formed by the historic merger of equals of BB&T and SunTrust, Truist has leading market share in many high-growth markets in the country. The company offers a wide range of services including retail, small business and commercial banking; asset management; capital markets; commercial real estate; corporate and institutional banking; insurance; mortgage; payments; specialized lending; and wealth management. Headquartered inCharlotte, North Carolina, Truist is a top 10 U.S. commercial bank with total assets of$522 billionas ofJune 30, 2021. Truist Bank, Member FDIC. Learn more atTruist.com.

About Open Invention NetworkOpen Invention Network (OIN) is the largest patent non-aggression community in history and supports freedom of action in Linux as a key element of open source software (OSS). Patent non-aggression in core technologies is a cultural norm within OSS, so that the litmus test for authentic behavior in the OSS community includes OIN membership. Funded by Google, IBM, NEC, Philips, Sony, SUSE and Toyota, OIN has more than 3,600 community members. The OIN patent license and member cross-licenses are available royalty-free to any party that joins the OIN community.

For more information, please visit http://www.openinventionnetwork.com.

Media-Only Contact:Ed SchauwekerAVID Public Relations for Open Invention Networked@avidpr.com+1 (703) 963-5238

Excerpt from:
Truist Joins the Open Invention Network - GlobeNewswire

An Early Test of The Adams Administration’s Values and Tech Prowess – Gotham Gazette

Participatory government in-person (photo: New York City Council)

In 2019, New Yorkers voted overwhelmingly in favor of establishing a Civic Engagement Commission that would modernize how the city and its residents worked together to identify and solve problems at the most local levels. That commission hasnt been earning itself many headlines, but the participation platform it set up at participate.nyc.gov could support world-class civic engagement programs. Whether or not the administration of Mayor Eric Adams uses it to do that will be an early test of its basic competency and technology prowess.

Participate.nyc.gov is much more than a basic government website. Its a deployment of an open source participatory democracy platform called Decidim. First founded in Barcelona in 2016, Decidim is free and open source software used by dozens of municipal governments around the world including Helsinki, Mexico City, Zurich, and Milan. The software is a successor of Consul, a similar platform that facilitated genuinely innovative and wildly successful crowd-sourced city planning, participatory budgeting, and decision-making in Madrid, Spain.

The idea behind Decidim and Consul is simple: give the public a single, unified, open source platform and standard set of tools for participating in local civic engagement programs. These platforms allow city residents to be organized into different types of districts to have discussions, make proposals, vote on projects, take surveys, and generate the type of feedback that city agencies and elected officials can and should use to understand how best to improve our neighborhoods, city, and government operations.

Since New York Citys deployment of Decidim isjust beginning to be used in a few City Council districts participatory budgeting processes, its difficult to see the platforms potential. To do that, its best to visit decidim.barcelona (turn on Google Translate if you dont read Spanish) and see how theyre using the software. On that site youll see two main menu items, which translate to Participatory Processes and Participation Bodies, which is more easily understood as Processes and Spaces.

Processes are civic engagement programs, such as a participatory budgeting cycle, a city planning project review, or a charter revision.

Spaces are groups of people, often divided by their district, operating under a defined set of rules about membership and governance.

By applying processes to spaces, the Decidim system deployed at participate.gov.nyc could host many of the citys existing civic engagement processes immediately, right out of the box, with no need for any expensive custom development.

Here are some examples:

-City Council members and districts could use it for participatory budgeting;

-Community boards could publish news, events, meeting minutes, files, videos, surveys and more replacing their websites;

-City commissions could replace their websites with Decidim as well, and use its collaborative editing and commenting features to enable residents to attach their ideas and comments to specific language in a document.

Beyond these basics, the system could be used for so much more: to

-host discussions about pending legislation;

-gather feedback about land use issues;

-provide a unified calendar of city agency outreach events;

-facilitate petitioning the city council to introduce legislation.

The list could go on.

All of these new tools and features can frighten politicians and civil servants because theyre experts in the current systems for public engagement and any change could alter the power dynamics to which theyve become accustomed and dominate. As such, there is natural resistance to utilization of different, better platforms and processes. Fortunately, Mayor Adams claims to be tech literate, eager to reform city government, and focused on public participation.

During the mayoral election, Adams pledged to establish MyCity, a single portal for all City services and benefits. One of the key services and benefits the city offers its residents is civic engagement. As such, a unified platform that many different agencies use for civic engagement purposes fits nicely with Adams' vision.

And, as an open source platform built with the popular framework Ruby on Rails, Decidim is a platform that the city can own and run itself, without needing to pay expensive IT consultants or exorbitant licensing fees. Indeed, it's the perfect project for the Digital Service Organization (DSO) the city should have already launched.

Indeed, the participate.nyc.gov system could become an integral component to the MyCity dream. Decidims login system uses open standards that could and should be integrated with the inevitable user authentication system that is a prerequisite for MyCity. And its data, formatted into configurable open data feeds, can and should flow elegantly into other city information management systems, such as City Record event feeds or City Planning project pages.

To see the true value of Decidim, the Adams administration must develop an understanding of the open source concept that makes it possible. Its hard for many people to understand how sophisticated software like Decidim could be available on the internet to download for free, with no limitations on how or by whom it's used. It seems too good to be true, but it is.

Open source technologies like Linux, WordPress, and Bitcoin get a lot of the headlines, but there are actually hundreds of thousands of open source applications out in the world, and that number is expanding all the time. Most of those applications are components that must be combined with other ones to make a system, but some are full-fledged applications like Decidim.

As Ive mentioned in other articles, open source is transforming how the government delivers services all over the world, but New York Citys IT bureaucracy and poor leadership have not adopted proven techniques to benefit from these advancements because powerful special interests make tremendous amounts of money by keeping the city in the technological dark ages.

Companies that run core city software systems like Microsoft, Dell, Tyler, ESRI, Accenture, and others want to keep the city addicted to their proprietary software systems. To achieve that goal, these companies have fused themselves with city agencies like the Department of Information Telecommunications and Technology (DoITT), which are much more comfortable signing expensive software contracts with these companies than they are deploying and managing open source software systems themselves. Meanwhile, city technology executives routinely work at vendors before and after their time in government. The revolving door spins very quickly.

If Mayor Adams develops an understanding of how to effectively use open source software to make the city more efficient, effective, and equal, then there is no limit to the amount he could achieve. He has a great opportunity to start off on the right foot by organizing a DSO unit to manage the open source Decidim software at participate.nyc.gov and aggressively utilize that software to deliver New Yorkers the world-class civic engagement experiences we deserve.

Delivering compelling civic engagement programming through participate.nyc.gov is a great way for Adams to prove he has the technological prowess and genuine desire for reform that he claimed to have during the campaign.

Its time to deliver.

***Devin Balkindis a nonprofit executive, civic technologist, and startup advisor running for Public Advocate as the Libertarian Party nominee. On Twitter@DevinBalkind.

Originally posted here:
An Early Test of The Adams Administration's Values and Tech Prowess - Gotham Gazette

Open Source Software Faces Threats of Protestware and Sabotage – WIRED

A string of sabotage incidents in open source software is reigniting discussions of how to safeguard projects that underpin digital platforms and networks around the world. Many of the recent incidents have been dubbed protestware because they relate to open source developers making code changes to express support for Ukraine amidst Russia's invasion and ongoing attack of the country.

In some cases, open source software has been modified to display anti-war overlays or other messages of solidarity with Ukraine. In at least one instance, though, a popular software package was modified to deploy a malicious data wiper on Russian and Belarusian computers. This wave of protests in open source comes just a couple of months after a seemingly unrelated incident in which a maintainer sabotaged two of his widely used open source projects out of apparent frustration stemming from feeling overworked and under-compensated.

The incidents have been relatively contained so far, but they threaten to further shake confidence in the ecosystem just as the tech industry scrambles to address other software supply chain security issues tied to open source. And while financial support, promises of automated tools, and White House attention are welcomed, the open source community is left in need of more robust, sustained help.

In a statement on Thursday, the Open Source Initiative, which has categorically denounced Russia's war in Ukraine, came out against destructive protestware, imploring community members to find creative, alternative ways to use their positions as maintainers to oppose the war.

The downsides of vandalizing open source projects far outweigh any possible benefit, and the blowback will ultimately damage the projects and contributors responsible," the group wrote. "By extension, all of open source is harmed. Use your power, yesbut use it wisely.

Open source software is free for anyone to use, so the tools and programs are incorporated into everything from independent projects to mainstream, proprietary consumer software. No one wants to take the time to write and test a component from scratch when they could just plug and play a readymade version. This means, though, that all sorts of software rely on projects that are maintained by one or a handful of volunteersor projects that are no longer maintained at all.

A long-touted benefit of open source software is that it has the potential to be just as secure as, or more secure than, proprietary code, because its open to independent vetting. The idea is that many eyes make for few bugs. In practice, though, this safeguard has limitations precisely because there often aren't a lot of eyes available. The question of sabotage, though, strikes at the heart of open source's premise as a decentralized, unfederated space.

Theres nothing really in place, systemically, to keep incidents of insider sabotage from happening more often, says Dan Lorenc, an open source software supply chain researcher and founder of the security firm ChainGuard. Projects build a reputation over time, and people who are often pseudonymous come to trust each others digital identities because of the work they've done. There's no global approvers list, and each project has a different culture of how you become an approver, or a developer who is empowered to approve and publish code changes.

More:
Open Source Software Faces Threats of Protestware and Sabotage - WIRED

The Promise of Open Source Code and the Paradox of ProtestWare – Security Boulevard

The Open Source Software (OSS) community has been split in two after an OSS author repurposed his own library to protest the Ukrainian-Russian war. On March 7, RIAEvangelist released several versions of his node-ipc software packagewhich has been downloaded millions of timeswith some versions reportedly overwriting code on machines presumably located in Russia and Belarus.

About one module, called peacenotwar, RIAEvangallist, wrote:

This code serves as a non-destructive example of why controlling your node modules is important. It also serves as a non-violent protest against Russias aggression that threatens the world right now. This module will add a message of peace on your users desktops, and it will only do it if it does not already exist just to be polite.

His actionsi.e. deliberately sabotaging his own codehave sparked a massive controversy while giving birth to a new surge of protestware, where other hacktivist developers may target Russian-based machines.

The Open Source community was formed on the ideals of improving software, skills, and empowering change. By that definition, you can argue that RIAEvangelist, whose given name is Brandon Nozaki Miller, is pushing for change. At the same time, however, the community does not tolerate bad actors. Does node-ipcs changes fulfill or neglect the ideals that led to the creation of the Open Source community? That is up to the community to decide.

The node-ipc event has led to the coining of protestware and its aftermath may inspire other developers to follow suit. Russias largest bank in particular is wary of this as they have advised its customers to avoid updating computer programs, or insisting them to manually check the source code of any open source project.

If this trend continues it can lead to a slippery slope as OSS is supposed to help. Nearly every industry has adopted technology so therefore, the foundations of countless organizations systems and products run on OSS. If other authors, owners, and maintainers choose to morph their projects into protestware there is a high chance that many organizations will become collateral damage. And if people cannot trust Open Source, then theoretically the community could fall apart.

Were RIAEvanglists actions malicious? Depending on who you ask, some might say that there was nothing wrong about his intentions:

Some like the GitHub user above, as well as RIAEvangelist himself, stand by his decision. However, the opinion that most in the community have is that his actions are a massive blow to the credibility and trust of OSS:

A few have also come forward claiming that RIAEvangelists actions have had direct consequences on their businesses. On March 17, a user claiming to represent an American Non-Government Organization stated that node-ipc allegedly wiped over 30,000 of their messages and files detailing Russian war crimes committed against Ukraine.

While the authenticity of this claim is disputed, it does highlight that IP-based attribution is not reliable. Just because a machines IP is located in a certain country, it doesnt mean that it is directly controlled by them. Initiating malware by country code could do more harm than good, impacting Russian or Belarusian organizations that are fully and publicly against the war.

When it comes to Open Source Software, everyone (seemingly) benefits. Technologists get to work on passion projects that they get to control, while also gaining status if it becomes widely used. Hobbyists gain access to code that they might not be able to write themselves, and get to learn from the best in the industry. And for corporations, they get to use (mostly) reliable and tested code for free, saving them considerable time and money.

As such, OSS has become integral to the development process for organizations, allowing development teams to push products to market faster. These days, vendors are releasing products that contain hundreds or even thousands of open source components, and nearly all of them are needed to function properly. This practice has gone on for decades, which has made nearly every industry reliant on OSS code and dependenciescreating tons of security concerns.

There are risks when using OSS. For starters, many vendors and organizations arent keeping track of which OSS components are being used in their products. Indiscriminate consumption of OSS can lead to possible lawsuits if organizations unknowingly use licensed code. But more importantly, not knowing which libraries are bundled makes it near impossible to keep them up-to-date, or to detect the vulnerabilities inside of them.

Products can inherit vulnerabilities contained in OSS code and if exploited, these issues can give malicious actors an open door into even the largest organizations. In addition to vulnerabilities, other third-parties could attempt to add malicious updates, or try to typo-squattricking organizations to download fake versions of popular libraries.

In terms of tampering, node-ipc did two things. The first is overwriting code for Russian and Belarus-based machines, and the second is the peacenotwar package. For detailed information on each version, check out Risk Based Securitys original post. However, the most important takeaway is that current versions of node-ipc do not overwrite code.

If situations like the Node-ipc incident were to become common, organizations would have three options:

By and large, this is the current state of Open Source security, and if you want proof, youd only have to look at struts-shock, heartbleed, and log4shell. All of these were OSS vulnerabilities that had major impacts on organizations. And despite some of these issues existing for years, undiscovered in open code, most organizations still choose to indiscriminately consume open source components.

Enterprises should at least create a Software Bill of Materials (SBOM) to keep tabs on the various OSS components being used in their deployed software. Doing this will help their security teams track vulnerabilities affecting third-party libraries and dependencies. It can also help prevent developers falling for typo-squatting attempts.

However this wont do much in situations in which the perpetrator is the author, owner, or maintainer for a third-party library. There are a few examples of where authors delete or sabotage their own code due to burnout or being wronged in some way. And when this happens, it can create chaos potentially giving malicious actors an opportunity to capitalize.

To lessen the impact that one developer can have, organizations may want to consider forking the OSS libraries they use and maintain them internally moving forward. Although this is likely the best option in some cases, it will require a SBOM and a significant amount of resources.

One product often contains hundreds of bundled libraries so depending on how much software is deployed, this will likely be an incredible undertaking. There are few organizations that can dedicate personnel to accomplish this and even if they tried, there are too many libraries for one team to track and monitor. If some organizations are having trouble checking release notes, it is very likely that they will not be able to take the time to audit newly released code.

This method requires the most time and resources and will likely never happen for many organizations. There is a reason why organizations choose to use OSS for their products. Production cycles have become incredibly short and are very demanding. Adding more custom code that performs critical functionality makes this more difficult. As such, reliance on OSS will never cease.

Maybe Node-ipc will be the watershed moment that makes organizations realize the risks that OSS can introduce. That is uncertain, but what is certain is that the work done by technologists often goes unthanked. Whenever issues go wrong with third-party libraries and dependencies, those who arent in the know tend to place the blame directly on the project.

We dont often think about the scope of most OSS projects. According to a report, many of the top 500 most used free and open-source software projects are listed under a single developers personal account. Most OSS is written and maintained by one or a small group of enthusiasts in their spare time, so is it fair to hold them accountable for the security of thousands of organizations? These are usually unpaid, passion projects and if things go wrong they have to fix it off the clock.

Like CVE wasnt intended to be the vulnerability bible, OSS software wasnt supposed to be massively consumed by corporations. To avoid the ramifications of a developer going rogue, organizations should take ownership of their own security. And to do that, they will need to take SBOMs seriously and use quality vulnerability intelligence to understand the cost of ownership for the products they deploy.

In order to detect risk in Open Source Software and dependencies, organizations need quality vulnerability intelligence. Flashpoint tracks and monitors thousands of third-party libraries. Sign up for a free trialand learn more today.

The post The Promise of Open Source Code and the Paradox of ProtestWare appeared first on Flashpoint.

*** This is a Security Bloggers Network syndicated blog from Blog Flashpoint authored by Jonathan Zalman. Read the original post at: https://www.flashpoint-intel.com/blog/the-promise-of-open-source-code-and-the-paradox-of-protestware/

Continue reading here:
The Promise of Open Source Code and the Paradox of ProtestWare - Security Boulevard

Software Composition Analysis Market to Witness Massive Growth by 2029 | Open Source Software, Oracle, Smartbear Software – Digital Journal

The Software Composition Analysis Market research report provides all the information related to the industry. It gives the outlook of the market by giving the authentic data to its client which helps to make essential decisions. It gives an overview of the market which includes its definition, applications and developments and manufacturing technology. This Software Composition Analysis market research report tracks all the recent developments and innovations in the market. It gives the data regarding the obstacles while establishing the business and guides to overcome the upcoming challenges and obstacles.

The global Softwre Composition Analysis Market is expected to grow at a significant CAGR of 19.69% by 2029.

Software composition Analysis (SCA) is an automated technique for determining which open-source software is included in a codebase. The purpose of this analysis is to assess security, licencing compliance, and code quality. Open-source licence limitations and obligations must be understood by businesses. Manually tracking these duties became too time-consuming, and code and its associated vulnerabilities were frequently ignored. SCA, an automated solution, was created, and it was expanded beyond this original use case to assess code security and quality. SCA has revived the shift left concept in a modern DevOps or DevSecOps environment. Earlier and continuous SCA testing has enabled developers and security teams to drive productivity without compromising security and quality.

Get the PDF Sample Copy (Including FULL TOC, Graphs and Tables) of this report @:

https://www.a2zmarketresearch.com/sample-request/382362

Competitive landscape:

This Software Composition Analysis research report throws light on the major market players thriving in the market; it tracks their business strategies, financial status and upcoming products.

Some of the Top companies Influencing in this Market include:Open Source Software, Oracle, Smartbear Software, Tricentis, Veracode, Xamarin, IBM, Micro Focus, Synopsys, Soasta, CA Technologies, Sonatype, Cygnet Infotech, WhiteHat Security

Market Scenario:

Firstly, this Software Composition Analysis research report introduces the market by providing the overview which includes definition, applications, product launches, developments, challenges and regions. The market is forecasted to reveal strong development by driven consumption in various markets. An analysis of the current market designs and other basic characteristic is provided in the Software Composition Analysis report.

Regional Coverage:

The region wise coverage of the market is mentioned in the report, mainly focusing on the regions:

Segmentation Analysis of the market

The market is segmented on the basis of the type, product, end users, raw materials, etc. the segmentation helps to deliver the precise explanation of the market

Market Segmentation: By Type

On-Premises, Cloud

Market Segmentation: By Application

BFSI, Government and Defense, Telecom and IT, Retail and Ecommerce, Healthcare, Manufacturing, Automotive, Others

For Any Query or Customization: https://www.a2zmarketresearch.com/ask-for-customization/382362

An assessment of the market attractiveness with regard to the competition that new players and products are likely to present to older ones has been provided in the publication. The research report also mentions the innovations, new developments, marketing strategies, branding techniques, and products of the key participants present in the global Software Composition Analysis market. To present a clear vision of the market the competitive landscape has been thoroughly analyzed utilizing the value chain analysis. The opportunities and threats present in the future for the key market players have also been emphasized in the publication.

This report aims to provide:

Table of Contents

Global Software Composition Analysis Market Research Report 2022 2029

Chapter 1 Software Composition Analysis Market Overview

Chapter 2 Global Economic Impact on Industry

Chapter 3 Global Market Competition by Manufacturers

Chapter 4 Global Production, Revenue (Value) by Region

Chapter 5 Global Supply (Production), Consumption, Export, Import by Regions

Chapter 6 Global Production, Revenue (Value), Price Trend by Type

Chapter 7 Global Market Analysis by Application

Chapter 8 Manufacturing Cost Analysis

Chapter 9 Industrial Chain, Sourcing Strategy and Downstream Buyers

Chapter 10 Marketing Strategy Analysis, Distributors/Traders

Chapter 11 Market Effect Factors Analysis

Chapter 12 Global Software Composition Analysis Market Forecast

Buy Exclusive Report @: https://www.a2zmarketresearch.com/checkout

Contact Us:

Roger Smith

1887 WHITNEY MESA DR HENDERSON, NV 89014

[emailprotected]

+1 775 237 4147

Originally posted here:
Software Composition Analysis Market to Witness Massive Growth by 2029 | Open Source Software, Oracle, Smartbear Software - Digital Journal

Why now is the time to host your code in the cloud – TechRadar

Cloud adoption is rocketing. Businesses of every size, in every sector, are switching on to the undoubted benefits of hosting applications, services and code in the cloud. The pandemic has expedited the trend, with organizations forced to rethink their IT operations and infrastructure virtually overnight. So much so that Gartner estimates that global end-user spending on public cloud services is set to grow by more than 18 per cent in 2021 to $304.9 billion, not least due to the upheaval in working processes caused by Covid-19.

About the author

Kai Hilton-Jones is the Director of Enterprise Solutions Engineering EMEA at GitHub.

One of the central forcing factors for enterprises to make the shift to the cloud is that being cloud-based makes it easier to fully unlock the power and potential of open source software development.

Open source has become synonymous with innovation because it helps developers collaborate and build better software, faster. It hinges on a culture of collaboration and shared values. Through the cloud, enterprises are able to tap into the full open source community and benefit from the expertise of an army of skilled developers. Businesses gain more ways to share code, best practices, and expertise. GitHubs 2021 State of the Octoverse research indicates that developer team performance can increase as much as 87 percent when reusing code.

Crucially, cloud-based businesses are in pole position to attract and retain ambitious developer talent. Developers thrive on a shared culture where they are able to constantly learn, evolve and test themselves. Creating a positive developer experience inevitably means different things depending on the context. It might encompass the experience developers inside an organization have building software, how developers outside an organization interact with external tools like API keys, and just about everything in-between. But however you define it, empowering developers by delivering them the best environment to work to their full potential - eliminating barriers and making the process as smooth as possible - attracts the most talented and ambitious developers. And it accelerates the pace of innovation in the process.

As the impact of the developer experience on the speed of innovation becomes clearer than ever, businesses around the world are striving to create the optimal conditions for developers so they can make the most of their passion and skill. A cloud environment - with cloud-hosted code - is significantly better suited to provide that positive developer experience.

Developers also want the benefits of distributed work. Covid-19 has prompted a working revolution, with more than three-quarters of global office workers wanting to continue working from home after Covid-19. Our own research shows that just 11 percent of developers expect to return to a co-located workplace - a major drop from the 41 percent who previously worked in an office. By definition, cloud environments are significantly better placed to allow developers to work how and where they want.

Security is also another factor. Companies are shifting to the cloud in no small part because they no longer want to have to manage the infrastructure required to self-host security solutions, especially given cybersecurity requirements are constantly evolving. A cloud environment offers them the ability to work with vendors to host solutions for them, which can reduce costs, increase available resources, eliminate upgrade downtime and boost scalability and performance.

Developers are also able to then use the cloud to unlock the full benefits of DevSecOps - effectively baking security into all stages of software development rather than tacking it on to the end of the process. DevSecOps ushers in a developer first approach, where they are empowered to identify and fix vulnerabilities as they are discovered, so they dont enter the production cycle. It hinges on a cultural shift to break down siloes between engineering and security teams - the implementation of which, inevitably, the cloud is crucial to. Underpinned by the cloud, security becomes a community responsibility and the upshot is more reliable software is shipped, more quickly.

That cloud adoption is growing is not up for debate. But what is sometimes overlooked is that some enterprises remain reluctant to migrate their setups to the cloud, missing out on the transformative role of the cloud - and the full potential of open source.

Traditionally organizations have cited challenges with security, GDPR, proximity and data privacy protocols as reasons for hosting their servers and systems on premises. In the face of these barriers, it is perhaps understandable that some choose to take the path of least resistance. However, these oft-cited concerns are being met with solutions, and the direction of travel is changing.

Migrating to the cloud is not a small step. There will always be obstacles, but the traditional barriers are entirely surmountable as exponential growth in cloud adoption is testament to. Organizations require a shift in mindset that focuses on what they gain from the cloud in the long-term. Fostering a culture of innovation has become a priority, and in particular equipping developers with the services and tools they require. In todays innovation economy, businesses that host their code in the cloud are giving themselves a significant advantage.

At TechRadar Pro, we've featured the best cloud backup services online.

Go here to read the rest:
Why now is the time to host your code in the cloud - TechRadar

Those looking for clues to Googles search demise are asking the wrong question – TechRepublic

Image: warmworld/Adobe Stock

Tis the season for wishful thinking about toppling Googles search business, I guess, because over the past week several sources have popped up to ask, Why isnt there a Google competitor emerging? The answer, of course, is that there is a viable competitor to Google. As Ive written, DuckDuckGo has been booming of late, though its booming hasnt translated to bust for Google. Far from it. By any measure (like StatCounters), Google dominates search on the Internet.

SEE: Google Workspace vs. Microsoft 365: A side-by-side analysis w/checklist (TechRepublic Premium)

Yet people feel compelled to ask, If Google sucks then why is everyone still using it? The answer to that, dear reader, has implications well beyond Google, or search, and has everything to do with convenience.

By some accounts, Google search has somehow deteriorated in quality. Never mind that quality will always be somewhat subjective. In the article linked above, Daniel Gross tries to parse how users are apparently adding search modifiers now to make Google search results more relevant. (As an example, I sometimes add the - modifier to tell Google I dont want results on Banbury Cross, the place made famous in a nursery rhyme, and instead just want results on Banbury Cross, the best doughnut shop in Utah.)

Gross and others think that modifying Googles search for different sites like Reddit offers clues to users wanting more specific search that helps them answer more complex, long tail queries. Somethings broken, and a tiny share of Google is open for the taking, he wrote. A tiny share of Google is, of course, worth a lot of money, as DuckDuckGo has discovered. But its still not pointing to a big problem in little searches.

Similarly, other commentators suggest that People are increasingly asking the questionsthat really matter in their Facebook and WhatsApp groups, Twitter, Discord and Slack communities, etc. But then they resolve their question (If Google sucks then why is everyone still using it?) by pointing out Google delivers on the bulk of search queries: It does not matter that results are bad in the tail (complex but rare queries) because it makes for a small percent of total queries, and most users form search habits based on head queries, which Google is exceedingly good at.

As for those modifiers (like searching a specific site), some note that Despite the fact that 90% of my searches for WTF does this stacktrace mean? end up on StackOverflow, I invariably start my search on Google because every now and then it gives me useful non-StackOverflow tidbits, and I know I can always drill in more with specific tags on StackOverflow later. It doesnt help that Googles search of such specific sites is generally better than the sites own search.

All of which starts to feel like people are searching for answers to a question that has been answered for years: Why do people persist in using Google (or some other product)? Because its good enough (and convenient). Ah, convenience. Redmonks James Governor once declared that Convenience is the killer app. He was right then. Hes right now.

If your question is If Product/Service X is bad so why does everyone use it?, its arguably a bad question. The question should really be Why does everyone use X? There may be all sorts of reasons that you wish they wouldnt, but good answers dont emerge from wish fulfillment.

Take open source, for example.

Ive worked in open source since 2000, when I joined an open source software startup, Lineo. Getting into open source wasnt a conscious decision of mine (it was a serendipitous summer internship that has lasted 22 years), but staying in it has been. During this time, it has seemed obvious to me that customers would want to choose open source alternatives to Microsoft, Oracle, and [insert name of big proprietary incumbent]. Microsoft Office? Yep, Ive raged against that machine. Ditto Windows, Oracle databases, etc.

SEE: Top keyboard shortcuts you need to know (free PDF) (TechRepublic)

And yet, billions of dollars later, people still happily use Office, still run Windows, still use Oracle, etc. Even AWS, which had strong technical (and marketing) reasons for moving off Oracle, spent over a decade trying to get off (and finally succeeded). Why? Because it was inconvenient to move.

Which is why profound, industry-wide changes sometimes start with small choices made by individual developers. Those changes may not upend decades of Office adoption, for example, but they can create new patterns of convenience. (I and others prefer using cloud-based Google Docs, for example, as my office productivity suite.) Similarly, Microsoft still prints billions from its Windows Server business, but developer demand for Linux has prompted it to offer Linux on its Azure cloud service. Will this spell the death of Windows that I once thought imminent? Probably not, because it will remain convenient for many organizations to keep running Windows, perhaps for decades.

Which may ultimately answer those original questions about Google and search. Those looking to topple Google will almost certainly fail. Markets are rarely won by head-on collisions between opposing forces. Convenience militates against such confrontations. But will new patterns of convenience emerge that siphon away search energy toward different platforms, perhaps in ways that dont sound like search at all? Perhaps.

Put through an enterprise software lens, years ago I could have saved myself some righteous indignation at the persistence of legacy technologies by instead noticing new patterns of developer convenience. Such patterns clearly showed developer desire for more autonomy, which led to open source and cloud. In the process, a process that has taken decades, they have dramatically changed how we buy software, and from whom. Heres to decades more of the same.

Disclosure: I work for MongoDB but the views expressed herein are mine.

Read more:
Those looking for clues to Googles search demise are asking the wrong question - TechRepublic