Home Blog

The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum London 2021

Experts and industry leaders from financial services, technology and open source will gather for thought-provoking insights and conversations about how to best leverage open source software to solve industry challenges.

SAN FRANCISCO, September 16, 2021The Linux Foundation, the nonprofit organization enabling mass innovation through open source, along with co-host Fintech Open Source Foundation (FINOS), a nonprofit whose mission is to accelerate adoption of open source software, standards and best practices in financial services, today announced keynote speakers for Open Source Strategy Forum London (OSSF). The event takes place October 5, preceded by a FINOS Member event on October 4, in London, England. The schedule can be viewed here and the keynote speakers can be viewed here

OSSF’s goal is to deepen collaboration across finance, open source and technology and drive innovation across the industry in order to deliver better code, faster. The event will feature 35+ sessions, revealing recent developments and the direction of open source in financial services across a wide range of topics and domains.

“We are entering what can only be referred to as the golden age for Open Source in Financial Services”, said Gabriele Columbro, Executive Director, FINOS. “In the last year not only have we seen an exponential growth in contributions from Financial Institutions – something frankly unprecedented – but we are now witnessing the industry coming together to solve long standing business challenges through open collaboration. I am truly excited to have so many leaders at OSSF sharing their vision for an open financial stack, and to be able to bring our community together for a fantastic and unique event like OSSF.”

Keynote speakers this year include:

Gabriele Columbro, Executive Director, FINOSNick Cook, Head of Global Strategy and Partnerships, Alliance for Innovative Regulation (AIR), and former Head of Innovation, UK Financial Conduct Authority (FCA)Jane Gavronsky, Chief Technology Officer, FINOS, and former Managing Director, Credit SuisseRussell Green, Managing Director, Deutsche Bank AGLiz Rice, Chief Open Source Officer, Isovalent

Conference Session Highlights:

Creating an Open Source Data Standard for Financial Services Regulation – Taniem Choudhury, Deutsche BankAn Open-sourced Solution to Data Governance? How Legend May Be the Answer to Data Quality Concerns in the Financial Industry – Ffion Acland & Beeke-Marie Nelke, Goldman SachsMorphir: A Single Language for Business and Technology – Attila Mihaly, Morgan StanleyPolicy Compliance with Sigstore: From Signing Software to Validating the Whole Software Supply Chain – Axel Simon, Red HatContaining the Chaos While Embracing Kubernetes Based Technology in Finance, Rob Knight, SUSENavigating Open Source Risk: A Strategic Approach – Dawn Foster, VMware 

Attending companies include: Adaptive Financial Consulting Limited, Audace Labs, Avanade, Bitergia, Canonical, Citi Group, Cosaic, Demodyfi, Deutsche Bank, Digital Asset, EPAM Systems, Evolveum, Fidelity Investments, GitHub, GitLab, Goldman Sachs, IHS Markit, ING, International Swaps and Derivatives Association, Itaú Unibanco SA, Large Credit Union Coalition, London Stock Exchange, Morgan Stanley, Nomura Holdings, Point72 Asset Management, Red Hat, Scott Logic, Symphony, TD Securities, Wipro, U.S. Bank, and many more.

Registration is available for 460 GBP. Members of The Linux Foundation receive a 20 percent discount – members can contact events@linuxfoundation.org to request a member discount code. Members of FINOS can attend at no cost – members can contact ossf@finos.org to request the FINOS Member registration code. 

Health and Safety
Attendees will be required to be fully vaccinated against the COVID-19 virus and wear a mask while onsite at the event. Additionally, all attendees will need to comply with all on-site health measures, in accordance with The Linux Foundation Code of Conduct. To learn more, visit the Health & Safety webpage and read our blog post.

Press
Members of the press who would like to request a press pass to attend should contact Kristin O’Connell.

About the Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 2,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

The Linux Foundation Events are where the world’s leading technologists meet, collaborate, learn and network in order to advance innovations that support the world’s largest shared technologies.

Visit our website and follow us on Twitter, Linkedin, and Facebook for all the latest event updates and announcements.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds. 

###

Media Contact
Kristin O’Connell
The Linux Foundation
koconnell@linuxfoundation.org

The post The Linux Foundation and Fintech Open Source Foundation Announce Keynote Speakers for Open Source Strategy Forum London 2021 appeared first on Linux Foundation.

Academy Software Foundation giving open communities access to production-grade digital assets for testing, demonstration, and education purposes

Background

The Academy Software Foundation (ASWF), a project hosted by The Linux Foundation, provides a neutral forum for open source software developers in the motion picture and broader media industries to share resources and collaborate on image creation, visual effects, animation, and sound technologies. 

It was created in 2018 after the conclusion of an investigation by the Academy of Motion Pictures Arts and Sciences (AMPAS) Science and Technology Council holding an 18-month investigation on the state of open source in the industry. This aligned with the need for a vendor-neutral foundation to provide a sustainable home for open source projects that are key to the growth of the industry.

Identifying the need for exemplar assets for community use

As of August 2021, The Academy Software Foundation provides a home for Open Shading Language, OpenColorIO, OpenCue, OpenEXR, OpenTimelineIO, OpenVDB, and MaterialX.

As these projects have progressed in development, there was a need identified to have production-grade digital assets (e.g.,3D scene data, images, image sequences, volumetric data, animation rigs, edit decision lists) available for use in development and testing environments to ensure these projects can scale to the demands of the movie and content creation processes. 

Furthermore, the ASWF identified an additional need to have production-grade assets for general research and learning purposes. 

The ASWF identified two objectives to address these requirements:

Provide a vendor-neutral home for both homing the assets and being a curator for exemplar assets that would align with the industry needs.Create a licensing framework striking a balance between the needs in research, learning, and open source development, with the intellectual property concerns of production-grade assets (as they often come from real productions).

An open community comes together

There was some precedent in the industry, with the 2018 release of the Moana Island Scene by Disney Animation. This sparked several discussions in the industry on how to have a larger set of similar assets available for community use leading to the creation of an Asset Repository Working Group at the Academy Software Foundation in 2020.

The culmination of this working group came in July 2021, with the transition of the working group to a formal project that will establish the infrastructure and governance of the Assets Repository. The intention is for the project to function and work like any other open source project, with full transparency and community participation, to identify and curate exemplar assets. 

At the same time, the legal counsel across Academy Software Foundation members came together to align on the ASWF Digital Assets License, which was created in the spirit of licenses used previously in the industry and designed to specifically ensure these assets can be used for education, learning, research, and open source development. The ASWF Digital Assets License helped create a bridge between producers and consumers of these assets, establishing standardized terms to enable collaboration and the re-use of content in an industry where it had previously been limited.

As of August 2021, there is interest from multiple organizations in contributing assets to this repository as it takes form over the next few months.

Conclusion

The Linux Foundation has been the home for vendor-neutral collaboration in both horizontal technology spaces and vertical markets such as automotive, networking, energy, and here motion pictures. In supporting over 750 open source projects, we are starting to see more and more efforts such as these where the collaboration outside of traditional software development and into educational materials, community development, and standards. The Assets Repository project at the Academy Software Foundation is a great example of the unique collaboration opportunities that open source brings and are driven by our open communities.

The post Academy Software Foundation giving open communities access to production-grade digital assets for testing, demonstration, and education purposes appeared first on Linux Foundation.

Academy Software Foundation giving open communities access to production-grade digital assets for testing, demonstration, and education purposes

Background

The Academy Software Foundation (ASWF), a project hosted by The Linux Foundation, provides a neutral forum for open source software developers in the motion picture and broader media industries to share resources and collaborate on image creation, visual effects, animation, and sound technologies. It was created in 2018 after the conclusion of an investigation by the Academy of Motion Pictures Arts and Sciences (AMPAS) Science and Technology Council holding an 18-month investigation on the state of open source in the industry. This aligned with the need for a vendor-neutral foundation to provide a sustainable home for open source projects that are key to the growth of the industry.

Identifying the need for exemplar assets for community use

As of August 2021, The Academy Software Foundation provides a home for Open Shading Language, OpenColorIO, OpenCue, OpenEXR, OpenTimelineIO, OpenVDB, and MaterialX. As these projects have progressed in development, there was a need identified to have production-grade digital assets (e.g.,3D scene data, images, image sequences, volumetric data, animation rigs, edit decision lists) available for use in development and testing environments to ensure these projects can scale to the demands of the movie and content creation processes. Furthermore, the ASWF identified an additional need to have production-grade assets for general research and learning purposes. The ASWF identified two objectives to address these requirements:
  • Provide a vendor-neutral home for both homing the assets and being a curator for exemplar assets that would align with the industry needs.
  • Create a licensing framework striking a balance between the needs in research, learning, and open source development, with the intellectual property concerns of production-grade assets (as they often come from real productions).

An open community comes together

There was some precedent in the industry, with the 2018 release of the Moana Island Scene by Disney Animation. This sparked several discussions in the industry on how to have a larger set of similar assets available for community use leading to the creation of an Asset Repository Working Group at the Academy Software Foundation in 2020. The culmination of this working group came in July 2021, with the transition of the working group to a formal project that will establish the infrastructure and governance of the Assets Repository. The intention is for the project to function and work like any other open source project, with full transparency and community participation, to identify and curate exemplar assets. At the same time, the legal counsel across Academy Software Foundation members came together to align on the ASWF Digital Assets License, which was created in the spirit of licenses used previously in the industry and designed to specifically ensure these assets can be used for education, learning, research, and open source development. The ASWF Digital Assets License helped create a bridge between producers and consumers of these assets, establishing standardized terms to enable collaboration and the re-use of content in an industry where it had previously been limited. As of August 2021, there is interest from multiple organizations in contributing assets to this repository as it takes form over the next few months.

Conclusion

The Linux Foundation has been the home for vendor-neutral collaboration in both horizontal technology spaces and vertical markets such as automotive, networking, energy, and here motion pictures. In supporting over 750 open source projects, we are starting to see more and more efforts such as these where the collaboration outside of traditional software development and into educational materials, community development, and standards. The Assets Repository project at the Academy Software Foundation is a great example of the unique collaboration opportunities that open source brings and are driven by our open communities.

Antmicro Doubles Down on Commitment to the Zephyr Project as Community Grows to More Than 1,000 Contributors

Wind River also advances its commitment to the open source ecosystem by joining the project as a Silver Member

SAN FRANCISCO, September 13, 2021 On the heels of its 5th anniversary and inaugural Developer Summit, the Zephyr Project today announces a major milestone with more than 1,000 contributors and 55,000 commits. Zephyr, an open source project at the Linux Foundation that builds a safe, secure and flexible real-time operating system (RTOS) for resource-constrained devices, also welcomes Antmicro as a Platinum member and Wind River as a Silver member.

Zephyr RTOS unites companies, developers and end users around the world to ensure balanced collaboration and feedback to evolve and meet the needs of its community. This innovative relationship among stakeholders advances the Zephyr Project’s support of new hardware, developer tools, sensors, and drivers, while maximizing the functionality of devices that run applications developed using the Zephyr OS.

“The number of contributors to an open source project is one of the best measures of its relevance to the open source community,” said Barna Ibrahim, Chair of the Zephyr Project Marketing Group and Strategic Partner Development Lead at Google. “Today’s announcement represents one more step in our open source journey and increased role in the advocacy, use and contribution across the Zephyr ecosystem. Ultimately, this strong ecosystem will help build secure and safe products across the globe.”

Evidence that momentum will continue growing for the project include:

The 1000th contributor – meet Embla Flatlandsmo and learn more about what and why she contributed to the project in this blog and video.Almost 700 people registered for the first-ever Zephyr Developer Summit in June. The event consisted of 5 mini-conferences, 28 sessions and 51 speakers who presented technical content, best practices, real-world use cases and more. Videos are available on the Zephyr Project Youtube Channel.Zephyr is able to automatically generate an Software Bill of Materials (SBOM) during builds with the 2.6 release, so support for ISO/IEC 5962:2021 SBOMs is already included in the second Long Term Support (LTS) release this fall.It is one of the few open source projects that has a CVE Numbering Authority(CNA) and has an active Project Security Incident Response Team(PSIRT) that manages responsible disclosure of vulnerabilities to product makers. Product creators using Zephyr can sign up for free to be notified of vulnerabilities.  Golioth, a recent new member and Zephyr tool provider, received $2.5 million in seed funding and beta testing, which was all based on the RTOS.Seamless integration with Renode (Antmicro’s simulation framework for complex IoT systems), Nanopb (Protocol buffers for embedded systems),  TensorFlow Lite Micro (software library for embedded machine learning) and others.Antmicro released the Open Source M.2 IoT Smart Module with edge ML capabilities based on EdgeTPU and Zephyr RTOS running on Nordic nrf52840 to enable fully open hardware IoT gateways.

Commitment to Zephyr

Today, the Zephyr Project announces that long-time member Antmicro has doubled down on its commitment by upgrading its membership to Platinum. Peter Gielda, CEO of Antmicro, will join the Zephyr Governing Board.

Additionally, Wind River joined the project as a Silver member. Other project member companies include Adafruit, AVSystem, BayLibre, Eclipse Foundation, Facebook, Fiware, Foundries.io, Golioth, Google, Intel, Laird Connectivity, Linaro, Memfault, Nordic Semiconductor, NXP, Oticon, Parasoft, Pat-Eta Electronics, RISC-V, SiFive, Synopsys and teenage engineering, among others.

“We are delighted to welcome Peter Gielda to the Governing Board,” said Joel Stapleton, Chair of the Zephyr Project Governing Board and Principal Engineering Manager at Nordic Semiconductor. “Antmicro has already contributed so much to Zephyr with board support, demos and documentation. We look forward to working more closely with them and strengthening our community.”

“An active member of the project since its early days, Antmicro has been pioneering the use of Zephyr in several fields, including FPGAs and the RISC-V architecture, in both hard and soft implementations,“ said Peter Gielda, CEO at Antmicro and now Member of the Zephyr Project Governing Board. “Building on top of our work combining TensorFlow Lite Micro, Zephyr and Renode for machine learning development we join our customers and partners Google, Intel, NXP and Nordic Semiconductor in a leadership position in Zephyr to strengthen the vendor-neutral RTOS option for the open source hardware, software and AI solutions that we develop.”

“As we move towards an intelligent systems future, it will become increasingly important to collect and process data at the intelligent edge in real time,” said Amar Parmar, Senior Director, Solution Partners at Wind River. “For resource-constrained devices, Zephyr can be at the heart of where this data originates. Zephyr Project has fostered a vibrant and growing community addressing the technical requirements to deploy a new generation of devices, aligned with modern development practices and tooling. As an original contributor to the code base and an active member of the community, we look forward to continued collaboration.”

To learn more about Zephyr RTOS, visit the Zephyr website and blog.

About the Zephyr Project

The Zephyr Project is an open source, scalable real-time operating system (RTOS) supporting multiple hardware architectures. To learn more, please visit www.zephyrproject.org.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The post Antmicro Doubles Down on Commitment to the Zephyr Project as Community Grows to More Than 1,000 Contributors appeared first on Linux Foundation.

How to run Podman on Windows

With a little help from Windows Subsystem for Linux, you can use Podman to build container images, run a web server in a container, and more.

Read More at Enable Sysadmin

Michael Cheng Joins the Linux Foundation Board of Directors

We’re pleased to announce that Michael Cheng joined the Linux Foundation Board of Directors earlier this year. Michael is a product manager at Facebook, currently supporting open source and standards work across the company. Michael is a former network engineer and M&A attorney. He previously led the product, commercial, and intellectual property functions on Facebook’s M&A legal team.

Michael has built some of the world’s most valuable and innovative open source ecosystems, representing billions of dollars of value, including GraphQL, Magma, Diem, ML Commons, and many others.

In 2018, Michael helped design the Joint Development Foundation — a lightweight, turnkey solution for the development of technology standards and specifications. Michael then brought in GraphQL as the JDF’s first project. GraphQL now powers trillions of API calls every day for some of the world’s largest companies.

Michael Cheng

Michael was one of the founding members of ML Commons, an industry-wide consortium that aims to unlock the next stage of AI/ML adoption by creating useful measures of quality and performance, large-scale open data sets, and common development practices and resources. Michael served as ML Commons’ first treasurer, and it has since grown to more than 50 members and affiliates representing a broad cross-section of the ML ecosystem.

This year, Michael created the Magma Foundation, the first open source platform that enables telecom operators to build modern and efficient mobile networks at scale. Michael now chairs the board of the Magma Foundation — growing its ranks to more than 20 members this year.

Michael is also a champion of diversity. Late last year, at the height of the pandemic, Michael designed and launched the Major League Hacking (MLH) Fellowship program to address challenges faced by both early-career developers who saw many of their job and internship opportunities disappear open source maintainers struggling to keep projects afloat. The Fellowship has been effective at helping students land desirable jobs while increasing the aggregate health of the open source projects that participate in the program. Michael also launched the Black Developer Scholarship for developers who self-identify as Black or African diaspora to participate in the Fellowship.

Michael has also played an integral role in the creation of the Presto Foundation, eBPF Foundation, Ent Foundation, Reactive Foundation, Urban Computing Foundation, and OpenChain.

“Michael is one of the rare breeds of lawyers who possess both a strong technical background and a sharp mind for process improvement.  His leadership at Facebook has made a meaningful impact within the OpenChain project and beyond.  I warmly welcome him to the Linux Foundation board.”

Dave Marr, Vice President, Legal Counsel at Qualcomm Technologies

“Facebook is built on top of open source and has shown a strong commitment to investing back into the communities from which we all benefit. Micheal’s legal background and technical knowledge make him an ideal member of the Linux Foundation board. His leadership is just another example of Facebook’s commitment to open source and collective innovation.” 

Jim Zemlin, Executive Director, Linux Foundation

“Successful open source work requires an intersection of legal, business, technical, and community thinking and Michael brings all those skills in one very integrated way.  And his perspectives from his experience shepherding multiple open source projects at scale and in production is of great value to the Linux Foundation board. I am excited to welcome him to the board and to work with him on advancing open source innovation.” 

Nithya Ruff – Chair, Linux Foundation Board of Directors, Head, Comcast Open Source Program Office

“Michael’s role in growing some of the Linux Foundation’s most valuable communities cannot be understated. He brings a level of technical depth, legal acumen, and industry credibility that has been instrumental in stitching together novel coalitions of companies, NGOs, and individuals into dynamic and sustainable communities. We’re thrilled to have him on the board.”

Chris Aniszczyk, CTO, CNCF

The post Michael Cheng Joins the Linux Foundation Board of Directors appeared first on Linux Foundation.

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials

Backed by many of the world’s largest companies for more than a decade, SPDX formally becomes an internationally recognized ISO/IEC JTC 1 standard during a transformational time for software and supply chain security

SAN FRANCISCO, September 9, 2021 – The Linux Foundation, Joint Development Foundation, and the SPDX community, today announced the Software Package Data Exchange® (SPDX®) specification has been published as ISO/IEC 5962:2021 and recognized as the international open standard for security, license compliance, and other software supply chain artifacts. ISO/IEC JTC 1 is an independent, non-governmental standards body. 

Intel, Microsoft, Siemens, Sony, Synopsys, VMware, and WindRiver are just a small sample of the companies already using SPDX to communicate Software Bill of Materials (SBOM) information in policies or tools to ensure compliant, secure development across global software supply chains. 

“SPDX plays an important role in building more trust and transparency in how software is created, distributed, and consumed throughout supply chains. The transition from a de-facto industry standard to a formal ISO/IEC JTC 1 standard positions SPDX for dramatically increased adoption in the global arena,” said Jim Zemlin, executive director, the Linux Foundation. “SPDX is now perfectly positioned to support international requirements for software security and integrity across the supply chain.” 

Between eighty and ninety percent (80%-90%) of a modern application is assembled from open source software components. An SBOM accounts for the software components contained in an application — open source, proprietary, or third-party — and details their provenance, license, and security attributes. SBOMs are used as a part of a foundational practice to track and trace components across software supply chains. SBOMs also help to proactively identify software issues and risks and establish a starting point for their remediation.

SPDX results from ten years of collaboration from representatives across industries, including the leading Software Composition Analysis (SCA) vendors – making it the most robust, mature, and adopted SBOM standard. 

“As new use cases have emerged in the software supply chain over the last decade, the SPDX community has demonstrated its ability to evolve and extend the standard to meet the latest requirements. This really represents the power of collaboration on work that benefits all industries,” said Kate Stewart, SPDX tech team co-lead. “SPDX will continue to evolve with open community input, and we invite everyone, including those with new use cases, to participate in SPDX’s evolution and securing the software supply chain.”  

For more information on how to participate in and benefit from SPDX, please visit: https://spdx.dev.

To learn more about how companies and open source projects are using SPDX, recordings from the “Building Cybersecurity into the Software Supply Chain” Town Hall that was held on August 18th are available and can be viewed at: https://events.linuxfoundation.org/supply-chain-town-hall/ 

ISO/IEC JTC 1 is an independent, non-governmental international organization based in Geneva, Switzerland. Its membership represents more than 165 national standards bodies with experts who share knowledge and develop voluntary, consensus-based, market-relevant international standards that support innovation and provide solutions to global challenges.

Supporting Comments

Intel

“Software security and trust are critical to our Industry’s success. Intel has been an early participant in the development of the SPDX specification and utilizes SPDX both internally and externally for a number of software use-cases,” said Melissa Evers, Vice President – Software and Advanced Technology Group, General Manager of Strategy to Execution, Intel.

Microsoft

“Microsoft has adopted SPDX as our SBOM format of choice for software we produce,” says Adrian Diglio, Principal Program Manager of Software Supply Chain Security at Microsoft. “SPDX SBOMs make it easy to produce U.S. Presidential Executive Order compliant SBOMs, and the direction that SPDX is taking with the design of their next gen schema will help further improve the security of the software supply chain.”

Siemens

“With ISO/IEC 5962:2021 we have the first official standard for metadata of software packages. It’s natural that SPDX is that standard, as it’s been the de facto standard for a decade. This will make license compliance in the supply chain much easier, especially because several open source tools like FOSSology, ORT, scancode, and sw360 already support SPDX,” said Oliver Fendt, senior manager, open source at Siemens. 

Sony

”The Sony team uses various approaches to managing open source compliance and governance,” says Hisashi Tamai, Senior Vice President, Deputy President of R&D Center, Representative of the Software Strategy Committee, Sony Group Corporation. “An example is the use of an OSS management template sheet that is based on SPDX Lite, a compact subset of the SPDX standard. It is important for teams to be able to quickly review the type, version, and requirements of software, and using a clear standard is a key part of this process.”

Synopsys

“The Black Duck team from Synopsys has been involved with SPDX since its inception, and I personally had the pleasure of coordinating the activities of the project’s leadership for more than a decade. Representatives from scores of companies have contributed to the important work of developing a standard way of describing and communicating the content of a software package,” said Phil Odence, General Manager, Black Duck Audits.

VMware

“SPDX is the essential common thread among tools under the Automating Compliance Tooling (ACT) Umbrella. SPDX enables tools written in different languages and for different software targets to achieve coherence and interoperability around SBOM production and consumption. SPDX is not just for compliance, either; the well-defined and ever-evolving spec is also able to represent security and supply chain implications. This is incredibly important for the growing community of SBOM tools as they aim to thoroughly represent the intricacies of modern software,” said Rose Judge, ACT TAC Chair and open source engineer at VMware.

Wind River

“The SPDX format greatly facilitates the sharing of software component data across the supply chain. Wind River has been providing a Software Bill of Materials (SBOM) to its customers using the SPDX format for the past 8 years. Often customers will request SBOM data in a custom format. Standardizing on SPDX has enabled us to deliver a higher quality SBOM at a lower cost,” said Mark Gisi, Wind River Open Source Program Office Director and OpenChain Specification Chair.

About SPDX

SPDX is an open standard for communicating software bill of material information, including provenance, license, security, and other related information. SPDX reduces redundant work by providing common formats for organizations and communities to share important data, thereby streamlining and improving compliance, security, and dependability. For more information, please visit us at spdx.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer

for the Linux Foundation

503-867-2304

jennifer@storychangesculture.com

The post SPDX Becomes Internationally Recognized Standard for Software Bill of Materials appeared first on Linux Foundation.

SPDX Becomes Internationally Recognized Standard for Software Bill of Materials (The Linux Foundation)

SAN FRANCISCO, September 9, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the Software Package Data Exchange® (SPDX®) specification has been published as ISO/IEC 5962:2021 and recognized as the open standard for security, license compliance, and other software supply chain artifacts. ISO/IEC JTC 1 is an independent, non-governmental standards body.

Read more at The Linux Foundation

Audit user accounts for never-expiring passwords with a Bash script

Non-expiring passwords might violate your organization’s policies, so use this basic Bash script to quickly pick them out.

Read More at Enable Sysadmin

How I became a Linux sysadmin

Every sysadmin has an origin story. Here’s mine.

Read More at Enable Sysadmin