4 trends spurring the evolution of network hardware – TechTarget

For years, vendors have dictated innovations in networking. They developed and manufactured their own chips, appliances and network designs, and enterprises consumed what they produced.

Because of this traditional vendor-driven process, many enterprises got stuck with networks that were difficult to adapt and modernize, said Dinesh Dutt, engineer, book author and co-founder of Stardust Systems, a network observability company with a focus on open source software.

Recent networking innovations have battled the vendor-heavy model, pushing for open networking and scalability. While most of the prevalent developments have emerged in software, Dutt said the industry is also seeing an evolution in network hardware.

The major network hardware trends target changes in the following areas:

Some of the battles have already been won -- such as the rise of merchant silicon -- but Dutt said the outcomes of others haven't played out yet.

The use of merchant silicon for packet forwarding has largely become an industry standard, emerging from what was once a small trend.

Not long ago, networking vendors made their own chips and ran them on proprietary hardware. But those same vendors now often rely on merchant silicon in the form of commodity switching chips from companies like Broadcom and Marvell.

Arista, for example, built its business on a merchant silicon model, instead of "designing and building its own switching chip," Dutt said. Companies like Arrcus, DriveNets and Volta Networks have also based their business models around merchant silicon and white box networking.

Some networking vendors have even introduced their own merchant silicon. In 2019, Cisco announced its Silicon One chip that supports white box switches, in addition to its own hardware.

Dutt compared the rise of merchant silicon to the evolution of watches from Rolexes to commodity watches. At one time, a person had to buy an expensive Rolex watch in order to have a working watch. But, now, anybody can buy a cheap watch that tells the time accurately.

In the same way, he said, less expensive commodity chips have replaced traditional packet forwarding hardware, such as application-specific integrated circuits and processors. These chips are not only cheaper, but offer enterprises a broader range of options and flexibility in their network designs.

A related trend to merchant silicon is the development of smart network interface cards (NICs), functional accelerator cards (FACs) and data processing units (DPUs). These chips take on additional functions -- such as computing, routing, storage and firewalling -- to negate some of the processing load on servers.

Cloud providers have primarily led the charge with smartNIC adoption, benefiting from the opportunity to optimize computing and bandwidth costs on such a massive scale, Dutt said. Enterprises, however, usually don't have the same level of scale and wouldn't benefit as much from smartNIC adoption.

"SmartNICs are great at offloading," Dutt said. "The question becomes at what scale, at what performance and at what cost?"

That said, some analysts expect enterprises to find value in smartNICs, FACs and DPUs as more use cases emerge. In its 2020 "Hype Cycle for Enterprise Networking," Gartner listed FACs at the beginning of the cycle, likely to reach the "plateau of productivity" in five to 10 years. Gartner said it expected enterprise adoption to grow at a compound annual growth rate of 115% by 2024.

Most networking vendors have an appliance-driven ecosystem. As a result, enterprises have based their network designs and management around the appliances they've deployed and the specific configurations for them, rather than on their business requirements, Dutt said.

"Enterprise network operators not only learned how to type a command on a box, but they also learned network design from those same vendors," Dutt said. "This meant that the certifications issued were all structured around the strengths of a box rather than general network principles."

Instead, he added, vendors should move away from appliance models and focus more on providing a platform.

White box switches could help introduce a more platform-driven strategy. With white box switching, enterprises can buy commodity appliances that don't have pre-loaded OSes, enabling them to choose the network OS they prefer. Network teams could better customize their network designs for the applications they need to support and reduce Capex.

But white box adoption has lagged among enterprises, largely due to integration complexity and familiarity with legacy vendors. In some ways, the customization that white boxes offer acts as a deterrent because some enterprises don't know which OS to deploy or instead prefer brand names they recognize.

Another networking appliance trend Dutt mentioned is the move away from large, chassis-based switches to fixed form factor switches. Sometimes called pizza boxes because of their shape, these switches are small, flat and stackable. They are also easier to troubleshoot in the event of failure.

"Those fixed form factor switches have much simpler failures and are cheaper to buy and replace than the single monolithic software that was chassis," Dutt said. Because of their smaller size, fixed form factor switches can help reduce an organization's footprint, overhead and power consumption.

White box switching can't be successful without the ability for enterprises to choose which OS they want to manage their network hardware. OSes have experienced changes of their own, due in part to an industry push for interoperability and open networking.

Consider network design independent of vendors. Consider a network design that is specific to your applications. Dinesh DuttEngineer, author and co-founder of Stardust Systems

Over the past few years, many organizations have worked to develop open source network OSes (NOSes) that can help reduce dependence on proprietary hardware. One example Dutt cited was the Software for Open Networking in the Cloud project, originally from Microsoft. Some networking vendors and startups have also tried to popularize open source NOSes, he said.

Despite the industry's move to support more NOS options, open source OSes face similar battles that white box switching has encountered, such as complexity and lack of support. And the fates of white boxes and open OSes are tied together.

"The lack of a NOS for white boxes hobbles the ability to consume a white box," Dutt said. For both to gain traction, Dutt said they require the same design shift from an appliance model to a platform model.

Ultimately, network appliances and OSes won't work if they aren't connected. Wireless and cellular connectivity have seen the development of Wi-Fi 6 and 5G, and enterprises have started deploying both in their LANs and WANs.

But data centers can't use wireless for connectivity, instead they need network cables. While network cabling has remained relatively quiet in terms of emerging trends, some changes have occurred, Dutt said.

Traditionally, when enterprises bought hardware from certain vendors, they also had to buy matching cables from the same vendor. But, just as network appliances and OSes have seen a shift toward openness and vendor-agnostic options, it's increasingly possible for enterprises to buy cabling from other providers.

"Originally, if you bought hardware from Cisco, you had to buy cabling that only Cisco provided," he said. "Now, it's not hard for you to find hardware from Cisco but cabling from Finisar directly."

With various changes in networking, enterprises might find it difficult to know which upgrades to make or how to design a new network.

Dutt advised enterprises to prioritize the following steps when considering network hardware changes:

Ultimately, Dutt encouraged enterprises to start simple.

"Go back to the basic principles," Dutt said. "Consider network design independent of vendors. Consider a network design that is specific to your applications. And work with the server team rather than sitting across the table from them."

Read the rest here:
4 trends spurring the evolution of network hardware - TechTarget

Today we offer our CoWin platform to the entire world free, and have made it open source software: PM at Sydney Dialogue – United News of India

More News19 Nov 2021 | 12:16 PM

New Delhi, Nov 19 (UNI) Prime Minister Narendra Modi on Friday said the government has decided to repeal the three agriculture laws, which the farmers have been protesting since November 26, 2020, even as he stressed that the laws were brought for welfare of the farmers, especially small farmers.

New Delhi, Nov 19 (UNI) Samyukt Kisan Morcha, the umbrella body under which farmers have been protesting against the new farm laws, welcomed government's decision to repeal the controversial laws, but added that they will wait till the formal procedures are completed.

New Delhi, Nov 19 ( UNI ) Congress and Trinamool took jibes at the Prime Minister and his party one after the other as PM Narender Modi on Friday morning in an unexpected development announced withdrawal of the three contentious farm laws just months ahead of five states heading for polls.

New Delhi, Nov 19 (UNI) Bharatiya Kisan Union(BKU) leader Rakesh Tikait on Friday said the farmers will not take back their agitation immediately, and will wait for the laws to be repealed in Parliament, shortly after Prime Minister Narendra Modi announced repeal of the controversial farm laws.

The rest is here:
Today we offer our CoWin platform to the entire world free, and have made it open source software: PM at Sydney Dialogue - United News of India

AIA Group and The Hong Kong Jockey Club Announced as Winners of the Red Hat APAC Innovation Awards 2021 for Hong Kong – Business Wire

HONG KONG--(BUSINESS WIRE)--Red Hat, Inc., the world's leading provider of open source solutions, today announced the winners of the Red Hat APAC Innovation Awards 2021 for Hong Kong. AIA Group and The Hong Kong Jockey Club were honored today for their inspiring digital transformation journey and innovations using Red Hat solutions.

Open source continues to be an innovation engine for Asia Pacific enterprises by helping them modernize infrastructures, develop applications, and transform digitally. According to Red Hats recent State of Enterprise Open Source report, 92 percent of the regions IT leaders are using enterprise open source today, above the global average of 90 percent.

This year, the Red Hat APAC Innovation Awards recognized the technological achievements of 24 organizations in the region for their creative thinking, determined problem solving and innovative use of Red Hat solutions.

The winners were selected based on the impact of their Red Hat deployments to support business goals and company culture, industry, communities, as well as the uniqueness of vision for the project. They displayed how open source tools and culture have helped them to improve productivity, agility and cost savings while empowering them to address future challenges and emerging trends more confidently and effectively.

Winners were recognized in five categories: digital transformation, hybrid cloud infrastructure, cloud-native development, automation and resilience.

Category: AutomationWinner: AIA Group

Headquartered in Hong Kong, AIA Group is the largest independent publicly listed pan-Asian life insurance group. With a presence in 18 markets across Asia, it serves the holders of more than 39 million individual policies and over 16 million participating members of group insurance schemes in the region.

AIA is on a journey of digital transformation. The company is upgrading its technology to world-class modern architecture and systems and making targeted investments in digital enablement tools. It is also embedding data analytics into its business. Altogether, the transformation is enabling AIA to significantly enhance the experience of its customers, distributors, partners and employees. Using Red Hat Ansible Automation Platform, AIA has automated its infrastructure deployment and configuration processes and has seen a significant improvement.

Category: AutomationWinner: The Hong Kong Jockey Club (HKJC)

Founded in 1884, The Hong Kong Jockey Club is a world-class racing club that has a unique integrated business model comprising racing and racecourse entertainment, a membership club, responsible sports wagering and lottery, and charities and community contribution.

Through this model, HKJC generates economic and social value for the community and supports the government in combating illegal gambling. HKJC is Hong Kongs largest single taxpayer and one of the citys major employers. Its Charities Trust is also one of the worlds top ten charity donors.

The Hong Kong Jockey Club wished to remediate legacy issues to enhance efficiencies, as well as save time and costs on repetitive tasks, in order to focus on providing the best possible customer service.

With Red Hat Consulting and Red Hat Training, HKJC documented and categorized almost 300 workflows, allowing them to identify areas where efficiencies can be improved. HKJC then deployed Red Hat Ansible Automation Platform to automate its workflows, freeing up valuable time for employees to focus on higher-value tasks such as customer service.

Its new, standardized environment has helped HKJC streamline processes and better allocate manpower to ensure all workflows are kept up to date. With more time to focus on innovation and customers, the business was able to increase customer satisfaction. Furthermore, new employees are now able to adapt to and follow proper workflows to maintain efficiency.

Provisioning of virtual environments now takes less than three days as compared to more than two weeks. The automation of routine work allowed developers to spend more time on development and less time on deployment.

HKJC also took the opportunity to promote its open culture within the organization. Teams involved in the project now have a better understanding of different workflows across departments, which will facilitate communication and collaboration and ultimately catalyze innovation and build business resilience.

The Automation category highlights projects that most successfully automated processes, workflows, tasks and IT operations to rapidly implement innovative and disruptive technologies and practices.

Supporting Quotes

Marjet Andriesse, vice president and general manager, APAC, Red Hat2021 continues to be a year of uncertainty but Asia Pacific organizations are using open source rapidly and effectively to create more business possibilities with digital transformation. They are leveraging technologies like hybrid cloud, data analytics, and edge computing to meet changing market landscapes and enhance customer experiences. Congratulations to this years winners, and we hope that Red Hats open source solutions will continue to help address the many real challenges our customers face today, and unlock the future for business in Asia Pacific.

Marcel Malan, head of Group IT Operations, AIA GroupTechnology is core to AIAs strategic ambitions to provide a leading customer experience, build unrivalled distribution and deliver compelling propositions to our customers, agents and business partners. Leveraging the use of Cloud and automation solutions, we are making a step change in building our technology, digital and analytics capabilities to drive agility across our operations and meet our customers evolving needs.

Neil Whiteing, director, IT Operations, Systems Assurance & Shenzhen Technology Center, Hong Kong Jockey ClubAs a world-class racing club, efficiency and enterprise-wide collaboration are necessary to move forward in our digital transformation journey to better serve our community. Working with Red Hat has allowed us to identify and rectify pain points and areas for improvement in our processes, while also improving interdepartmental communication, enabling us to focus on innovation and customer service.

Additional Resources

Connect with Red Hat

About Red Hat, Inc.

Red Hat is the worlds leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.

Forward-Looking Statements

Except for the historical information and discussions contained herein, statements contained in this press release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements are based on the companys current assumptions regarding future business and financial performance. These statements involve a number of risks, uncertainties and other factors that could cause actual results to differ materially. Any forward-looking statement in this press release speaks only as of the date on which it is made. Except as required by law, the company assumes no obligation to update or revise any forward-looking statements.

###

Red Hat, the Red Hat logo, and Ansible are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

See original here:
AIA Group and The Hong Kong Jockey Club Announced as Winners of the Red Hat APAC Innovation Awards 2021 for Hong Kong - Business Wire

Linux Foundation’s Open Source Climate Welcomes Airbus, EY and Red Hat – PRNewswire

SAN FRANCISCO, Nov. 2, 2021 /PRNewswire/ -- The Linux Foundation's OS-Climatehas announced that Airbus and EY have joined its cross-industry coalition seeking to accelerate the global transition to net zero through open data and open source decision-making tools for companies, investors, banks, and regulators. This follows the news in September that Red Hat (an IBM company) had joined and is contributing a world-class team of data scientists and developers to build the OS-Climate platform. Also announced is Airbus' contribution of a scenario analysismodeling platform to analyze the clean energy transition.

"Every corporation and financial industry player is faced with major decisions that must quantitatively factor in scenarios of physical climate impacts and of the economic transition to net zero," said Nicolas Chretien, Head of Sustainability & Environment at Airbus. "The aerospace industry, like many other sectors, is engaged in a transition which involves a deeper reorganization of its ecosystem. As such, it requires effective data and tools to better understand, assess and model interdependencies linked to climate risks and opportunities. I encourage other companies to join us, especially those who, like us, are committed to foster climate transition through innovation."

"Many promising governmental and business efforts are underway to drive climate-aligned finance and investment," saidSteve Varley, Global Vice Chair Sustainability, EY. "We believe OS-Climate's transparent governance, enablement of large-scale multi-stakeholder collaboration, and exceptional community of contributors will be a game-changer at this moment of urgency. EY teams are looking forward to collaborating."

"Overcoming the complex data and analytics barriers to scaling up investment in clean energy and resilience is more than any one company or firm can achievealone. We are delighted that Airbus and EY are bringing their formidable capabilities to jointly build the common, pre-competitive foundation of technology and data that the entire business and finance community needs, and on top of which they can more quickly innovate and compete," said Truman Semans, Executive Director of OS-Climate.

OS-Climate is a collaborative, member-driven, non-profit platform hosted by the Linux Foundation for the development of open data and open source analytics for climate risk management and climate-aligned finance and investing. Membership has more than tripled since September 2020 from initial founders Allianz, Amazon, Microsoft, and S&P Global to include Premium Members BNP Paribas, Goldman Sachs, and KPMG, and General Members Federated Hermes, London Stock Exchange Group, the Net Zero Asset Owner Alliance, Ortec Finance, and Red Hat (an IBM company).

OS-Climate's Data Commons and Analytics will accelerate investment in low-carbon and resilient infrastructure for power generation, petrochemicals, manufacturing, buildings, and municipalities, as well as energy-intensive products such as aircraft and other transportation vehicles. The platform will also accelerate development of innovative financial products to better channel capital into these areas.

Airbus Makes a Major Contribution with an Open Source Modeling Platform to Accelerate the Clean Energy Transition

Since Airbus knows the power of open source collaboration as a force multiplier and accelerator of technical solutions to complex problems, it isopen-sourcing a modeling platform, developed to better understand the clean energy transition in the aviationindustry. Working together with other OS-Climatemembers and partners in the academic community on Integrated Assessment Modeling and other fields, Airbusaims to expand this to enable climate-smart decisions across many other industries.

Jim Zemlin, Executive Director of The Linux Foundation, said, "We are very pleased that an open source-savvy company like Airbus is contributing not only its valuable intellectual property but also a 15-person team of modelers and engineers as well as its experience in projects including Linux Foundation's Hyperledger." Zemlin added, "With a flurry of initiatives claiming to be 'open source,' it's essential for everyone in the climate space to watch for 'openwash' and combat the trend of locking up intellectual property that could best accelerate climate solutions through open collaboration."

EY Brings Unique Strengths to the OS-Climate Community

"The Climate Biennial Exploratory Scenario (CBES) Pilot will shape the way dozens of central banks in the Network for the Greening of the Financial System (NGFS) integrate climate in stress testing by banks and other financial institutions," states Mike Zehetmayr, EY Global Sustainable Finance Data and Technology Leader

"We look forward to working with the OS-Climate community in helping the industry to overcome data gaps, and in making it easierforfinancial institutions and corporate counterparties to disclose data, and in developing open source scenario analysis tools,"added Brandon Sutcliffe, EY Americas Sustainable Finance Leader.

OS-Climate Event at COP26

On 8 November, during the UN Climate Negotiations in Glasgow, OS-Climate will host an in-person andvirtual event to demonstrate progress in building the OS-Climate Platform. Moderated by United Airlines Board of Directors Member Jim Whitehurst, Airbus will reveal its SoSTrades models/WITNESS.

OS-C members will also present the initial Data Commons, an Implied Temperature Rise Tool for aligning investment and loan portfolios with Paris Accord targets, and a Physical Risk Tool for analyzing vulnerability to extreme heat, flood, drought, and other extreme threats and for enabling investments in resilience. PRI CEO Fiona Reynolds will open the event, former US Federal Reserve Board Governor Sarah Bloom Raskin will lead a panel of experts discussing how open data and analytics can accelerate climate policy efforts globally.

About Airbus

Airbus pioneers sustainable aerospace for a safe and united world. The Company constantly innovates to provide efficient and technologically-advanced solutions in aerospace, defense, and connected services. In commercial aircraft, Airbus offers modern and fuel-efficient airliners and associated services. Airbus is also a European leader in defense and security and one of the world's leading space businesses. In helicopters, Airbus provides the most efficient civil and military rotorcraft solutions and services worldwide.

About EY

EY exists to build a better working world, helping create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax, and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY refers to the global organization and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit ey.com.

About Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 2,160 members and is the world's leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation's projects are critical to the world's infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation's methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Airbus Media Contact:Daniel WerdungTel: +49 40 743 59078

EY Media Contact: Brendan Beaver[emailprotected]

OS-Climate Media Contact:Truman SemansTEL: +1-919-599-3660

SOURCE The Linux Foundation

http://www.linuxfoundation.org

Read the rest here:
Linux Foundation's Open Source Climate Welcomes Airbus, EY and Red Hat - PRNewswire

Securing open source software is about process, tools and developers – ITProPortal

Many successful cyberattacks stem from exploiting application vulnerabilities, and having stout network security may not be enough. Regardless of how strong network security may be, hackers can find ways in. Sometimes, they are inside an organizations network and do not exploit a vulnerability for many years. Attacks on vulnerable buffer overflows and code injections can be in the works for a very long time and lead to major data breaches, ransomware, or loss of service.

That leaves organizations with a more difficult task: protecting their systems at the software level. In this way, enterprises can minimize the damage hackers can cause once they have access to a given system. That process starts with securing software at the development level. This is already a topic increasingly high on the agenda for CIOs and CISOs.

In parallel, the vast majority of businesses use open-source software for their development projects because it gives them far more options and libraries that enable rapid innovation. Open source is not inherently any less secure than proprietary software, but there are some specific considerations. The good news is that while security risks are a fact of life, mitigating them through some achievable steps during software development is possible.

While security software tools have an essential role, organizational culture, management, and processes are critical to reducing vulnerabilities. Software development which these days almost always includes open source can rapidly become an unmanageable sprawl. Thats especially true for larger systems, where there are hundreds, sometimes thousands, of libraries (dependencies) and software being introduced by different individuals, often from different locations and without adequate communication between those parties. This is why software development should include compliance processes according to company policies, consistent service level agreements (SLAs), ongoing supervision and technical support (which may be better performed by a third party, since internal expertise is often limited), and a formal open-source selection process that weighs the health and proactive community support before onboarding open source packages.

One of the best aspects of open source is knowledge-sharing, and that extends to security. While one of the arguments against open source is that code is visible to anyone, likewise, so are the fixes to vulnerabilities. There are likely to be regular updates to address new vulnerabilities for open source software with solid community support. However, enterprises must proactively check for those regularly: the community will not reach out to them.

One valuable resource is the National Vulnerability Database (NVD), which is still relevant to developers worldwide while based in the USA. This repository of standards-based vulnerability management data includes databases of security checklist references, security-related software flaws, misconfigurations, and impact metrics. Associated with each vulnerability, there is a Common Vulnerability Exposure (CVE), which aims to identify, define, and catalog publicly disclosed software vulnerabilities based on a Common Vulnerability Scoring System (CVSS). This helps security professionals and developers prioritize the most severe vulnerabilities carrying critical and higher risk.

All these resources are beneficial to developers, but they rely on known vulnerabilities being reported. While that does happen a lot, it is not universal (by the way, that applies to proprietary software, where there is even less information sharing). There is reliance on developers to think about sharing information about the vulnerabilities they have discovered and subsequently fixed.

Furthermore, if a company is successfully exploited and a major data breach occurs, they are currently under no obligation to report the details of how that was achieved. Compare this to the aerospace industry, where there would be a detailed review and analysis of a plane crash. Thus, software security needs its own black box disclosure and accountability. Security attacks can have serious consequences outside the digital world, such as recent breaches leading to the unavailability of power or fuel.

All this points towards a change in attitude towards security, and fortunately, that is beginning to happen. For instance, the Open Source Security Foundation is carrying out some great work and has recently received a $10 million annual commitment from companies including Amazon, Google, Facebook, Microsoft, and others. The more software developers and vendors can get on board with them and provide support, the better the opportunities to protect software in the future, with actions such as vulnerability disclosures and the creation of software bill of materials (BOMs).

Internally, there also needs to be a greater focus on training developers to be more security-aware. Conventionally, security was not part of the developers role: theirs is to create functional code. That must and is starting to change, particularly with the advent of movements such as Shift Left and DevSecOps, whereby testing and security scanning are given more importance early in the development life cycle. However, to reduce the impact on developer workload, those processes must be automated as much as possible. Automation also helps reduce the risk of manual error and keep up with the sheer speed of many projects. Testing and monitoring should enhance, not slow down, development.

Several relevant types of tools are available, both commercial and open-source, including static application security testing (SAST), which involves inspecting and analyzing code even while it is being written to find and stop flaws going into production. SAST tools are like having a security expert looking over a developers shoulder, keeping an eye on potential flaws and vulnerabilities. SAST tools can also assist with compliance with standards.

Perhaps more familiar to many people will be dynamic application security testing (DAST), whereby tests are performed by attacking a running web application from the outside. Testing through the web front-end helps to identify potential security vulnerabilities or architectural weaknesses.

For open source security, software composition analysis (SCA) is a very useful security tool, with several good commercial and open source options. With SCA, the open-source libraries (dependencies) used in the source code of applications are analyzed. By identifying direct dependencies and transitive dependencies, the tool cross-checks against a vulnerability database such as the NVD to determine the existence of vulnerabilities (CVEs) and corresponding CVSS score.

There are, of course, well-established security processes, such as penetration-testing, whereby a white hat hacker tries to get into an organization's networks and applications to discover potential exploits and vulnerabilities. These have a lot of benefits, but they are not enough on their own. It is like having locks on a door: the more, the better but eventually, a talented thief will find a way in. What matters is making sure that when they do, valuable assets are not within their reach.

Whether open-source or proprietary, tackling application security is a complex challenge. For companies who want to improve that security, streamlining processes, instilling cultural attitudes, adding security training, and using the right tools is a good place to start.

Javier Perez, Chief Evangelist for Open Source and API Management, Perforce Software

Excerpt from:
Securing open source software is about process, tools and developers - ITProPortal

Cloud, open source come to the fore – IT-Online

Kathy Gibson reports from Red Hat Summit A move to cloud computing and open source solutions is underway as CIOs rethink their IT systems in the wake of the pandemic.

Jonathan Tullett, senior research manager: cloud/IT services at IDC South Africa & Sub-Saharan Africa, points out the CIOs are prioritising business continuity and the accessibility of business processes during 2020/21.

In this environment, cloud investment is increasing, with plenty of room for future growth.

Tullett points out that cloud software growth showed almost 30% year on year growth, while on-premise software revenue is just 1,4%.

And we know there is a lot of headroom there, he says. We know CIOs are committed to multi-cloud deployment, and only 4% are using them today.

Applications are still being deployed in a siloed approach, he adds, although we are seeing a shift to more integrated systems.

Virtualisation is almost a given, with most CIOs using virtualisation in one form or another, Tullett says. API management is also pretty common.

However, microservice, serverless computing, Kubernetes orchestration, Docker orchestration and Docker containerisation are less well represented.

But as organisations shift to public cloud, we will start to see more and more of these tools used in production.

So there is still a lot of work that needs to happen, but there is a lot of growth and energy going into cloud.

When it comes to open source technologies being used by CIOs, networking tops the list at 51%, followed by databases at 47%, IT infrastructure or operations management at 46%, security at 38%, cloud management or deployment at 32%, big data and analytics at 31%, and application development at 29%.

Security risks (46%) and reliability of software (40%) are the biggest factors holding CIOs back from engaging more in open source technologies.

These risks are not unrealistic concerns, Tullett points out. With any new technology there is a concern, not only about quality, but also compromises in support and longevity, or lack of contractual obligation.

A lack of operational immediate support was cited by 37% or CIOs, followed by ensuring contractual responsibility (36%), lack of long term support or availability (34%), regulatory compliance requirements (32%), incompatibility with existing applications or infrastructure (30%), lack of skills within the organisation (28%), not perceiving or understanding the benefit of open source over commercial alternatives (27%), poor quality of code (23%), and insufficient documentation or training materials (23%).

Tullett says IDC offers CIOs a set of key pointers for investing in open source software.

Demand the same enterprise grade support and service for open source software as you would form any other technology, he says. You shouldnt treat them any differently and dont make any compromises.

At the same time, CIOs are urged to demand the same openness and responsiveness in proprietary technology as you would in open source.

As we move more into the cloud, and see more focus on integrating the infrastructure, it is very important to integrate and orchestrate products.

In fact, I would exclude solutions that dont include API support.

CIOs need to thing long-term and short-term simultaneously, Tullett adds. Look at solving todays problems with tomorrows tools. And build with integration, automation and intelligence in mind.

He advises that CIOs aim for mature cloud usage beyond lift-and-shift, rather refactoring and building bridges between silos.

At the same time, they are urged to target aggressive but measurable business outcomes as objectives, something that can only be done in close alignment with technology partners.

Related

Originally posted here:
Cloud, open source come to the fore - IT-Online

IBM and Red Hat Join Industry Leaders to Help Secure Software Supply Chains – Database Trends and Applications

The Linux Foundation has raised$10 millionin new investments to expand and support the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together multiple open source software initiatives under one umbrella to identify and fix cybersecurity vulnerabilities in open source software and develop improved tooling, training, research, best practices and vulnerability disclosure practices.

Financial commitments have been made by Premier members IBM, Red Hat, Amazon, Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Snyk, and VMware, with additional commitments coming from General members.

Brian Behlendorfwill serve the OpenSSF community as general manager.

The OpenSSF says that, according to industry reports, software supply chain attacks have increased 650% and are having a severe impact on business operations. In the wake of increasing security breaches, ransomware attacks and other cyber-crimes tied to open source software, government leaders around the world are calling for private and public collaboration. Because open source software makes up at least 70% of all software, the OpenSSF says it offers the natural, neutral and pan-industry forum to accelerate the security of the software supply chain.

"IBM is deeply focused on developing and building highly secure hybrid cloud, AI and quantum-safe technologies that are designed to protect our clients' most sensitive workloads both today and into the future," saidJamie Thomas, general manager, strategy and development and IBM enterprise security executive. "As a long-time open source leader, IBM looks forward to working with the OSSF, our industry partners and open source communities towards addressing the ever increasing challenge of hardware and software open source supply chain security.

"Open source is pervasive in software solutions of all kinds, and cybersecurity attack rates are on the rise, said Chris Wright, senior vice president and CTO,Red Hat. Our customers look to Red Hat to provide trust and enhanced security in our open source-based portfolio. Open source and community collaboration is the best way to solve big, industry wide challenges, such as open source supply chain security. And that's why we're excited to join together with the Linux Foundation and other industry leaders so we can continue to improve the technologies andpractices to build a more secure future from open source software.

The OpenSSF is home for a variety of open source software, open standards and other open content work for improving security. Examples include:

More information is available about the OpenSSF athttps://openssf.organd about the Linux Foundation at http://www.linuxfoundation.org.

See the original post:
IBM and Red Hat Join Industry Leaders to Help Secure Software Supply Chains - Database Trends and Applications

Red Hat Forum Asia Pacific 2021 Opens Perspectives to Accelerate Innovation in the Hybrid World Through Open Source Technologies – StreetInsider.com

Get inside Wall Street with StreetInsider Premium. Claim your 1-week free trial here.

Virtual event opens door to a wider audience to learn and share stories of open innovation, transformation and resilience

SINGAPORE--(BUSINESS WIRE)--Red Hat, Inc., the world's leading provider of open source solutions, today announced that industry experts, key business decision makers and Red Hat partners gathered virtually for Red Hat Forum Asia Pacific 2021, one of the premier open source technology events in Asia Pacific. It is currently being held in six countries, from Oct. 13 Nov. 04, 2021.

With the theme Open Your Perspective, the 11th iteration of this annual event seeks to provide opportunities for participants and attendees to collaborate via their shared experiences, innovations, and insights. By fostering deeper collaboration, Red Hat Forum Asia Pacific aims to broaden perspectives on how an open hybrid cloud can help enterprises discover new solutions and tools to innovate, create new business models and chart a path for a digital future.

According to Red Hats recent State of Enterprise Open Source report, infrastructure modernization is the top use of enterprise open source software. This number continues to grow, with 64% of enterprises now citing it as a top use, from 53% two years ago. As more enterprises migrate to the cloud, its important for businesses to build the flexibility to run applications across environments without having to rebuild applications, retrain employees, or maintain disparate environments. This can be achieved through open hybrid cloud, which provides the speed and agility for a more flexible cloud experience that accelerates digital business transformation.

Marjet Andriesse, general manager and vice president for Red Hat in Asia Pacific, commenced the Forum with a keynote that discusses digital transformation in the new world and how enterprises can effectively use new technologies and open source to drive this change.

At the Forum, attendees also gained insights into the latest topics of the open source space, including how managed cloud services enable enterprises to move to their cloud service of choice easily, building hybrid cloud infrastructures that meet present and future needs, and harnessing the power of cloud technology to launch AI/ML projects.

The Red Hat APAC Innovation Awards 2021 also recognized customers for their creative thinking, determined problem solving and innovative use of Red Hat solutions. Standard Chartered Bank, Chunghwa Telecom, and Bajaj Allianz Life Insurance were among the organizations that received accolades last year for their outstanding use of Red Hat open source solutions.

Other event highlights:

Supporting Quotes:

Marjet Andriesse, general manager and vice president, Asia Pacific, Red Hat

The pandemic has encouraged investment in cloud infrastructure, and more enterprises are adopting open source technology in their organizations. With this years Red Hat Forum event, we are excited to share how enterprises can challenge boundaries and leverage open source to further drive digital transformation through innovation, while increasing resilience. The virtual format ensures we can reach a wider audience and continue driving open source adoption by cross-pollination of ideas, success stories and insights.

Additional Resources

Connect with Red Hat

About Red Hat, Inc.

Red Hat is the worlds leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.

Forward-Looking Statements

Except for the historical information and discussions contained herein, statements contained in this press release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements are based on the companys current assumptions regarding future business and financial performance. These statements involve a number of risks, uncertainties and other factors that could cause actual results to differ materially. Any forward-looking statement in this press release speaks only as of the date on which it is made. Except as required by law, the company assumes no obligation to update or revise any forward-looking statements.

Red Hat, the Red Hat logo and OpenShift are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

View source version on businesswire.com: https://www.businesswire.com/news/home/20211102005563/en/

Pinal Patilpinal@redhat.com

Source: Red Hat, Inc.

See more here:
Red Hat Forum Asia Pacific 2021 Opens Perspectives to Accelerate Innovation in the Hybrid World Through Open Source Technologies - StreetInsider.com

What stage of open-source adoption has your company reached? – VentureBeat

Open-source software (OSS) has won over the tech industry, a reality dramatically demonstrated by Microsofts evolution. When open source first emerged as a trend in 1998, Microsoft responded with hostility. By 2018, the company had changed directions completely and acquired GitHub, the leading platform for developing open source software. If you cant beat em, join em.

With 90% of enterprise IT leaders aligned with Microsoft in their adoption of open source, we are now firmly in the final phase of the diffusion of innovation, with only the laggards still holding out. But even among organizations that have adopted open source, there is a notable spectrum of maturity: from consuming, to producing, to embracing open source.

Companies that incorporate the open-source principles of collaboration and transparency into their business model and company culture will realize benefits in efficiency, hiring and retention, and trust within the marketplace. Those that do not will increasingly be left behind. Therefore, forward-looking executives should think strategically about their companys position on the open source maturity spectrum, and plan for increased adoption.

The first step in the enterprise open source journey is simply consuming open-source software inside your organization. The truth is that it is very hard not to consume OSS in some form or fashion these days, because so many of the most common development stacks are built on open-source tools. However, this brings certain risks that must be managed primarily license compliance and information security. It is important for organizations consuming OSS to work with their legal and security teams to develop and implement policies for inventory and vetting of the open-source components in their supply chain. These are not one-time concerns; they must be continuously addressed. Companies such as Tidelift, WhiteSource, Black Duck, and Snyk offer products to help with this.

A transitional step for many companies beyond consuming OSS is innersource, which is the application of open-source methodologies within the enterprise perimeter, allowing different development teams to see and participate in what each other are doing. Using on-prem platforms such as GitHub Enterprise, GitLab, or Azure DevOps Server, companies can break down silos and realize some of the benefits of open-source development, including higher velocity due to reduced friction between teams, and higher quality due to wider review processes. This can represent a significant cultural change for an organization and represents a step on the way from consuming to producing true open-source software.

Much of the conversation about enterprise open source has been about the consumption of OSS in the enterprise, as reflected in the questions asked in Red Hats State of Enterprise Open Source Report. But Red Hat itself is an enterprise producer of OSS, not only a consumer. In fact, TODO Group reports that about half of companies that consume open source have taken this next step in some form.

Corporate production of open source generally unfolds in stages. Once a company becomes comfortable with open-source practices between its own internal engineering teams, it may allow its engineers to contribute patches to upstream open-source projects in its supply chain. This type of contribution is the lifeblood of flagship open-source projects such as Linux, which saw corporate code contributions approach 90% in the latest 5.10 kernel release. For many of these companies, such as Huawei, Intel, and Google, contributing to Linux represents a significant research and development investment, even though they may not be considered open source companies in the way that Red Hat would be.

Conceptually, the incentive to invest in upstream open-source projects is clear. Enterprises gain an ability to influence, if not outright control, the direction and growth of projects. As Heartbleed demonstrated, investing in OSS can mitigate the risk that security vulnerabilities or other code quality issues will degrade the utility of a project within a companys own products. Furthermore, open-source participation can help to attract talent.

Beyond contributing to third-party projects, leading enterprises are consolidating the benefits of open source participation by publishing infrastructure projects of their own. Google is a clear example, with Kubernetes, Go, and Chromium gaining wide adoption. Facebook has a win with React. But there is a long tail of organizations Airbnb, PayPal, Indeed, Comcast, Capital One, and many more that publish open-source projects as a way to recruit talent and ensure they are building their core business on a solid base. If you do find yourself with an open-source project that is a runaway success, the natural progression would be to find a home for the project at a foundation such as Apache, CNCF, or the Linux Foundation.

The most forward-thinking companies go beyond publishing their own open-source projects and embrace open-source principles more deeply. Contributing financially to projects is a logical extension of contributing engineering effort, yet this can introduce insurmountable process friction at many organizations. It requires strong executive leadership to understand and act to realize the long-term shareholder value that comes from ensuring the vitality of the software supply chain through direct financial contribution. More public conversation in the vein of Nadia Eghbals work is called for here.

Then there are corporations that not only publish shared infrastructure projects but also build their core business model directly on open-source products. COSS Media counts 17 such companies that have gone public since 1999, or 0.4% of the 4,509 total initial public offerings (IPOs) that have occurred during this time period. It will be interesting to see how many IPOs in the next 20 years are open-source companies. I anticipate there will be a significant increase.

At the most extreme end of the OSS spectrum, some companies are pushing open-source principles so far that they are becoming what we might call open companies. In these companies, all but the most sensitive processes and data (e.g., customer data and other legally protected information) are shared publicly. Mozilla is an interesting early example. GitLab has some open company tendencies but stops short of full openness. Startups such as Glimesh, Buffer, and Liberapay are pushing the envelope even further by hosting public staff meetings, publishing salaries, and even implementing take-what-you-want compensation. It will be interesting to see if in another 20 years time a handful of fully open companies have scaled to success.

Open-source software has proven its worth, but not all adoption is equal. If your company is consuming but not producing OSS, then consider the benefits of publishing projects of your own. Look at the many examples of successful open-source programs that exist today and build the capacity in your own organization to avoid falling behind, realizing risk, and losing talent. If your company already has a track record of publishing successful open-source projects, consider embracing open-source principles in other corporate functions. Build the case with leadership so they understand that the competition for customers and talent will be won by organizations that build trust through transparency.

Chad Whitacre is Head of Open Source at Sentry.

Read the original post:
What stage of open-source adoption has your company reached? - VentureBeat

There’s nothing Automattic about balancing commercial growth with an open source developer community – TechCrunch

The tech industry has made a full 180-degree turn with regard to open source in the 16 years since Matt Mullenweg founded Automattic, a major commercial backer of open source content management system WordPress.

Microsoft, whose executives once used phrases like un-American and cancer to describe open source, is now one of the worlds largest contributors. Elastic, Confluent and GitLab have proven that startups, too, can layer commercial success on top of open source projects.

Even true believers can be shocked by the extent to which open source has succeeded. To me, one of the most incredible examples of this is Chromium being used not just by Brave, but by Internet Explorer, Mullenweg, who is also CEO of Automattic, said. Thats the tech equivalent of peace in the Middle East it felt so far away and unimaginable.

WordPress and Automattic are key leaders in this trend. WordPress remains a vibrant project: Around a thousand active core contributors engineer the product, while a massive, 55,000-strong group of extender contributors builds themes and plugins that expand the platforms functionality. The more than 28 million WordPress sites represent about 40% of the web, making the project among the most deployed open source platforms.

Mullenweg, however, views all of this as merely a starting point. In his reckoning, WordPress could double its current scale in the coming years, a proposition that can make even the most bullish open source software engineer nervous.

To get there, Automattic has to shepherd and evolve its developer community even as it empowers more and more of its open source contributors to take leadership roles in the future of the WordPress ecosystem. That hasnt always gone well, as we will see with a transition around a new version of WordPress called Gutenberg, but ultimately, the company is doubling down on community engagement, hoping that growth in the next 16 years of Automattic will be even faster than the last era.

Both large and small companies contribute back code and time to the community, often following some version of Mullenwegs Five for the Future initiative, which asks organizations using WordPress to spend 5% of their resources contributing to its further development.

Automattic founder and CEO Matt Mullenweg. Image Credits: Automattic

Automattic may be the largest contributor in the WordPress community, but there are many other companies who lend to the success of the ecosystem. The largest are mostly domain registrars such as GoDaddy and Bluehost, which use their lead generation from registrations to upsell customers on WordPress hosting.

Scores of other companies round out the ecosystem. Most are small design agencies and paid plugin developers, such as Yoast, a search engine optimization tool that has over 12 million websites.

Then there are the thousands of individual contributors. Contrary to the perception that open source developers work exclusively for free, most open source communities include the concept of sponsorship, in which a commercial company like Automattic underwrites an open source developer to keep working on the project full time.

In its annual open source contributor survey from 2020, the Linux Foundation and The Laboratory for Innovation Science at Harvard found that more than half of core and frequent contributors to open source projects were financed for their work, either by their current employer or by a third party. That proportion is actually lower for WordPress, where only about a third of developers are believed to be sponsored.

While thousands of individuals and companies contribute to the development of WordPress, its clear that Automattic plays the lead role in shaping the community, even though many paid contributors to the project are not even sponsored by the company.

One of the founding strengths of WordPress is that it was conceived without immediate commercial intent. The project started two years before Automattic, as we saw in part one of this TC-1, so no companys leadership was written into the projects creation. Mullenweg was simply a co-founder of the project, albeit one of its most active public cheerleaders.

Even after Automattic launched, a few other startups seemed poised to lead the community. Hosting service WP Engine, for instance, was founded in 2010 and grew quickly, raising nearly $300 million, according to Crunchbase.

Automattic gained one sustainable advantage early on, however: It successfully secured the WordPress.com domain as a counterpart to the open source projects WordPress.org. That ownership gave Automattic symbolic and long-lasting weight within the community.

Because we were the first to do it, we had the name, and our service took off. The copies sat there for a while and gave up, recalls Toni Schneider, who served as Automattics CEO during the companys early years.

View original post here:
There's nothing Automattic about balancing commercial growth with an open source developer community - TechCrunch