It’s straightforward to get around your Linux system if you know these basic commands.
Read More at Enable Sysadmin
It’s straightforward to get around your Linux system if you know these basic commands.
Read More at Enable Sysadmin
The NSE boosts Nmap’s power by adding scripting capabilities (custom or community-created) to the network scanning tool.
Read More at Enable Sysadmin
As someone who has spent their entire career in open source software (OSS), the Log4Shell scramble (an industry-wide four-alarm-fire to address a serious vulnerability in the Apache Log4j package) is a humbling reminder of just how far we still have to go. OSS is now central to the functioning of modern society, as critical as highway bridges, bank payment platforms, and cell phone networks, and it’s time OSS foundations started to act like it.
Organizations like the Apache Software Foundation, the Linux Foundation, the Python Foundation, and many more, provide legal, infrastructural, marketing and other services for their communities of OSS developers. In many cases the security efforts at these organizations are under-resourced and hamstrung in their ability to set standards and requirements that would mitigate the chances of major vulnerabilities, for fear of scaring off new contributors. Too many organizations have failed to apply raised funds or set process standards to improve their security practices, and have unwisely tilted in favor of quantity over quality of code.
What would “acting like it” look like? Here are a few things that OSS foundations can do to mitigate security risks:
Set up an organization-wide security team to receive and triage vulnerability reports, as well as coordinate responses and disclosures to other affected projects and organizations.Perform frequent security scans, through CI tooling, for detecting unknown vulnerabilities in the software and recognizing known vulnerabilities in dependencies.Perform occasional outside security audits of critical code, particularly before new major releases.Require projects to use test frameworks, and ensure high code coverage, so that features without tests are discouraged and underused features are weeded out proactively.Require projects to remove deprecated or vulnerable dependencies. (Some Apache projects are not vulnerable to the Log4j v2 CVE, because they are still shipping with Log4j v1, which has known weaknesses and has not received an update since 2015!)Encourage, and then eventually require, the use of SBOM formats like SPDX to help everyone track dependencies more easily and quickly, so that vulnerabilities are easier to find and fix.Encourage, and then eventually require, maintainers to demonstrate familiarity with the basics of secure software development practices.
Many of these are incorporated into the CII Best Practices badge, one of the first attempts to codify these into an objective comparable metric, and an effort that has now moved to OpenSSF. The OpenSSF has also published a free course for developers on how to develop secure software, and SPDX has recently been published as an ISO standard.
None of the above practices is about paying developers more, or channeling funds directly from users of software to developers. Don’t get me wrong, open source developers and the people who support them should be paid more and appreciated more in general. However, it would be an insult to most maintainers to suggest that if you’d just slipped more money into their pockets they would have written more secure code. At the same time, it’s fair to say a tragedy-of-the-commons hits when every downstream user assumes that these practices are in place, being done and paid for by someone else.
Applying these security practices and providing the resources required to address them is what foundations are increasingly expected to do for their community. Foundations should begin to establish security-related requirements for their hosted and mature projects. They should fundraise from stakeholders the resources required for regular paid audits for their most critical projects, scanning tools and CI for all their projects, and have at least a few paid staff members on a cross-project security team so that time-critical responses aren’t left to individual volunteers. In the long term, foundations should consider providing resources to move critical projects or segments of code to memory-safe languages, or fund bounties for more tests.
The Apache Software Foundation seems to have much of this right, let’s be clear. Despite being notified just before the Thanksgiving holiday, their volunteer security team worked with the Log4j maintainers and responded quickly. Log4j also has almost 8000 passing tests in its CI pipeline, but even all that testing didn’t catch the way this vulnerability could be exploited. And in general, Apache projects are not required to have test coverage at all, let alone run the kind of SAST security scans or host third party audits that might have caught this.
Many other foundations, including those hosted at the Linux Foundation, also struggle to do all this – this is not easy to push through the laissez-faire philosophy that many foundations have regarding code quality, and third-party code audits and tests don’t come cheap. But for the sake of sustainability, reducing the impact on the broader community, and being more resilient, we have got to do better. And we’ve got to do this together, as a crisis of confidence in OSS affects us all.
This is where OpenSSF comes in, and what pulled me to the project in the first place. In the new year you’ll see us announce a set of new initiatives that build on the work we’ve been doing to “raise the floor” for security in the open source community. The only way we do this effectively is to develop tools, guidance, and standards that make adoption by the open source community encouraged and practical rather than burdensome or bureaucratic. We will be working with and making grants to other open source projects and foundations to help them improve their security game. If you want to stay close to what we’re doing, follow us on Twitter or get involved in other ways. For a taste of where we’ve been to date, read our segment in the Linux Foundation Annual Report, or watch our most recent Town Hall.
Hoping for a 2022 with fewer four alarm fires,
Brian Behlendorf is General Manager of the Linux Foundation’s Open Source Security Foundation (OpenSSF). He was a founding member of the Apache Group, which later became the Apache Software Foundation, and served as president of the foundation for three years.
The post Open Source Foundations Must Work Together to Prevent the Next Log4Shell Scramble appeared first on Linux Foundation.
A wide range of open source topics essential for OSPO related activities occurred in 2021, featured by OS experts coming from matured OSPOs like Bloomberg or RIT and communities behind open source standards like OpenChain or CHAOSS.
The TODO Group has been paving the OSPO path over a decade of change and is now composed of a worldwide community of open source professionals working in collaboration to drive Open Source Initiatives to the next level.
One of the many initiatives that the TODO Group has been working on since last August has been OSPOLogy. With OSPOLogy, the TODO Group aims to ease the access to more organizations across sectors to understand and adopt OSPOs by open and transparent networking: engaging with open source leaders through real-time conversations.
“In OSPOLogy, we have have the participation of experienced OSPO leaders like Bloomberg, Microsoft or SAP, widely adopted project/Initiatives such as OpenChain, CHAOSS or SPDX, and industry open source specialists like LF Energy or FINOS. There is a huge diversity of folks in the open source ecosystem that help people and organizations to improve their Open Source Programs, their OSPO management skills, or advance in their OSPO careers. Thus, after listening to the community demands, we decided to offer a space with dedicated resources to make these connections happen, under an open governance model designed to encourage other organizations and communities to contribute.”
AJ – OSPO Program Manager at TODO Group
Within OSPOlogy 2021 series, we had insightful discussions coming from five different OSPO topics:
[August 4, 2021] How to start an OSPO with Bloomberg[September 1, 2021] Mentoring and Talent Management within OS Ecosystems with US Bank[October 13, 2021] The State of OSPOs in 2021 with LF[November 17, 2021] Academic OSPOs with CHAOSS and RIT [December 1, 2021] Governance in the Context of Compliance and Security with OpenChain
For more information, please watch the video replays on our OSPOlogy YouTube channel here
The format is pretty simple: OSPOlogy kicks off the meetings with the OSPO news happening worldwide during that month and moves to the topic of the day where featured guests introduce a topic relevant to OSPO and ways to set up open source initiatives. These two sections are recorded and published within the LF Community platform and the new OSPOlogy youtube channel.
Once the presentation finishes, we stop the recording and move to real-time conversations and Q&A section under Chatham house rules in order to keep a safe environment for the community to freely share their opinions and issues.
“One of the biggest challenges when preparing the 2021 agenda was to get used to the new platform used to host these meetings and find contributors to kick off the initiative. We keep improving the quality and experience of these meetings every month and thanks to the feedback received by the community, building new stuff for 2022”
AJ – OSPO Program Manager at TODO Group
The TODO Group gives big importance to neutrality. That’s why this project (same as the other TODO projects) is under an open governance model, to allow people from other organizations and peers across sectors to freely contribute and grow this initiative together.
OSPOlogy has a planning doc, governance guidelines, and a topic pool agenda to:
Propose new topicsOffer to be a moderatorBecome speaker
“During the past months, we have been reaching out to other communities like FINOS, LF Energy, OpenChain, SPDX, or CHAOSS. These projects have become of vital importance to many OSPO activities (either for specific activities, such as managing Open Source Compliance & ISO Standards, measuring the impact of relevant open source projects or helping to overcome entry barriers for more traditional sectors, like finance or energy industry)”
OSPOlogy, along with the TODO Associates program, aims to bring together all these projects to introduce them to the OSPO community and drive insightful discussions. These are some of the topics proposed by the community for 2022:
How to start an OSPOs within the Energy sectorHow to start an OSPOs within the Finance sectorMeasuring the impact of the open source projects that matters to your organizationOpen Source Compliance best practices in the lens of an OSPO
OSPOlogy is not just limited to LF projects and the TODO Community. Outside initiatives, foundations, or vendors that work closely with OSPOs and help the OSPO movement are also welcome to join.
We have just created a CFP form so people can easily add their OSPO topics for upcoming OSPOlogy sessions:
In order to propose a topic, interested folks just need to open an issue using the call for papers GitHub form.
Significant advancements and community shifts have occurred since (the year when TODO Group was formed) in the open source ecosystem and the way organizations advance in their open source journey. By that time, most of the OSPOs were gathered in the bay area and led by software companies, requesting to share limited information due to the uncertainty across this industry.
However, this early version of TODO is far behind what it (and OSPOs) represent in the present day.
With digital transformation forcing all organizations to be open source forward and OSPOs adopted by multiple sectors, the TODO Group is composed of a worldwide community of open source professionals working in collaboration to drive Open Source Initiatives to the next level.
It is well known that the TODO group members are also OSPO mentors and advocates who have been working in the open source industry for years.
At TODO group, we know the huge value these experienced OSPO leaders can bring to the community since they can help to pave the path for the new generation of OSPOs, cultivating the open source ecosystem. Two main challenges mark 2022:
Provide Structure and Guidance within the OSPO Industry based on the experience of Mature OSPO professionals across sectors and stages.Collaborate with other communities to enhance this guidance
New OSPO challenges are coming, and new TODO milestones and initiatives are taking shape to adapt to help the OSPO movement succeed across sectors. You will hear from TODO 2022 strategic goals and direction news very soon!
Through LF Research, the Linux Foundation is uniquely positioned to create the definitive repository of insights into open source. By engaging with our community members and leveraging the full resources of our data sources, including a new and improved LFX, we’re not only shining a light on the scope of the projects that comprise much of the open source paradigm but contextualizing their impact. In the process, we’re creating both a knowledge hub and an ecosystem-wide knowledge network. Because, after all, research is a team sport.
Taking inspiration from research on open innovation, LF Research will explore open source amidst the challenges of the current era. These include challenges like the COVID-19 pandemic, climate risk, and accelerating digital transformation — all changing what it means to be a technology company or an organization that deeply relies on innovation. By publishing a new suite of research deliverables that aid in strategy formation and decision-making, LF Research intends to create shared value for all stakeholders in our community and inspire greater levels of participation in it.
The 2021 Linux Foundation Report on Diversity, Equity, and Inclusion in Open Source, produced in partnership with AWS, CHAOSS, Comcast, Fujitsu, GitHub, GitLab, Hitachi, Huawei, Intel, NEC, Panasonic, Red Hat, Renesas, and VMware, seeks to understand the demographics and dynamics concerning overall participation in open source communities and to identify gaps to be addressed, all as a means to advancing inclusive cultures within open source environments. This research aims to drive data-driven decisions on future programming and interventions to benefit the people who develop and ultimately use open source technologies. Enterprise Digital Transformation, Techlash, Political Polarization, Social Media Ecosystem, and Content Moderation are all cited as trends that have exposed and amplified exclusionary narratives and designs, mandating increased awareness, and recalibrating individual and organizational attention. Beyond the survey findings that identify the state of DEI, this research explores a number of DEI initiatives and their efficacy and recommends action items for the entire stakeholder ecosystem to further their efforts and build inclusion by design.
The Software Bill of Materials (SBOM) Readiness Survey (estimated release: Q1 2022), produced in partnership with the Open Source Security Foundation, OpenChain, and SPDX, is the Linux Foundation’s first project in a series designed to explore ways to better secure the software supply chains. With a focus on SBOMs, the findings are based on a worldwide survey of IT professionals who understand their organization’s approach to software development, procurement, compliance, or security. An important driver for this survey is the recent U.S. Executive Order on Cybersecurity, which focuses on producing and consuming SBOMs.
The Fourth Annual Open Source Program Management (OSPO) Survey, produced In collaboration with the TODO Group and The New Stack, examines the prevalence and outcomes of open source programs, including the key benefits and barriers to adoption.The 2021 State of Open Source in Financial Services Report produced in partnership with FINOS, Scott Logic, Wipro, and GitHub, explores the state of open source in the financial services sector. The report identifies current levels of consumption and contribution of open source software and standards in this industry and the governance, cultural, and aspirational issues of open source among banks, asset managers, and hedge funds.The 2021 Data and Storage Trends Survey, produced in collaboration with the SODA Foundation, identifies the current challenges, gaps, and trends for data and storage in the era of cloud-native, edge, AI, and 5G.The 9th Annual Open Source Jobs Report, produced in partnership with edX, provides actionable insights on the state of open source talent that employers can use to inform their hiring, training, and diversity awareness efforts.
By Arpit Joshipura, GM Networking and Edge, The Linux Foundation
As we wrap up the second year of living through a global pandemic, I wanted to take a moment to both look ahead to next year, as well as recognize how the open networking and edge industry has shifted over the past year. Read below for a list of what we can expect in 2022, as well as a brief “report card” on where my industry predictions from last year landed.
This will be enabled by Super Blueprints (which bring end-to-end open source projects together), and we’ll see more multi-org collaboration (e.g., Standards Bodies, Alliances, and Foundations) re-aggregating to solve common problems. Edge computing will serve as the glue that binds common IoT frameworks together across vertical industries.
Given that what started as a pandemic could become endemic, there will be an internal tussle between Realists (making money off of 4G), Engineers currently coding 5G, and Visionaries looking to 6G and beyond. (In other words, the cycle continues).
Collaboration among governments and other global organizations against “bad actors” will penetrate geopolitical walls to bring a global ecosystem together, via open source.
There is no longer a clear way to track Cloud, Telecom, Enterprise, and other markets individually. There is a big market realignment in progress, with new killer use cases.
Enabled by Open Source Software — many vertical industries will not even know (or care) how the pipe traverses across their last mile to central cloud and edges (led by Manufacturing, Retail, Energy, Healthcare & Automotive).
What did I miss? I would love to have your comments on LinkedIn.
Now let’s take a look at where my predictions from last year actually landed…
We could not imagine what was on the horizon ahead of us as we saw COVID peek its head in late 2019. Locally and globally, we’ve weathered many challenges, adjusted our sails, and applied new tools and approaches to continue our momentum. As we now approach 2022, our hopes aim even higher as we pursue new horizons and strengthen our established communities. We’re emerging stronger and better equipped to tackle these great challenges and your help has made it all possible.
Your willingness to engage in our local, virtual, and large-scale in-person events were invaluable. These meetings demonstrated that the bonds within our hosted communities and families of open source foundations remain strong. Thank you for coming back to the events and making them successful.
In 2021, we continued to see organizations embrace open collaboration and open source principles, accelerating new innovations, approaches, and best practices. Not only have we seen compelling new project additions this year, but these projects are bringing new organizations into our community. In 2021, the LF welcomed a new organization nearly every day.
As we look to 2022, we see a diverse and growing pipeline of new projects across open source and standards. We see new demand to guide and develop projects in 5G, supply chain security, open data, and open governance networks. Throughout the continuing challenges of 2021, we remain focused on open collaboration as the means for enabling the technologies and solutions of the future.
We thank our communities and members for your continued confidence in our ability to navigate a challenging business environment and your lasting and productive partnerships. We wish you prosperity and success in 2022.
Our yearly achievements would not be possible without the efforts of the Linux Foundation’s communities and members. Read our 2021 Annual Report here.
The post Thanking our Communities and Members, and Building Positive Momentum in 2022 appeared first on Linux Foundation.
In 2021, we continued to double down on our commitment to enact positive change for underrepresented and marginalized people by introducing new and progressing existing programs for inclusivity, racial justice, and diversity.
Unique ideas and contributions — that originate from a diverse community, from all walks of life, cultures, countries, and skin colors — are vital for building sustainable and healthy open source communities. Individuals from diverse backgrounds inject new and innovative ideas to advance an inclusive and welcoming ecosystem for all.
Creating diverse communities requires effort and commitment. The Linux Foundation is addressing the need to build inclusive and welcoming spaces through various initiatives, including some of those expanded upon below.
The Linux Foundation has put diversity, equity, and inclusion (DEI) at the top of its inaugural research agenda, and for a good reason. It is the social imperative of our time. New research identifies the state of DEI in open source communities, the challenges and opportunities within them, and draws conclusions around what initiatives are helpful and where we need to do more collectively.
Earlier this year, we engaged member organizations from the Linux Foundation Board to provide financial support for survey translation into ten different languages and enable further qualitative research to be conducted for a richer perspective. LF Research is grateful to AWS, CHAOSS, Comcast, Fujitsu, GitHub, GitLab, Hitachi, Huawei, Intel, NEC, Panasonic, Red Hat, Renesas, and VMware for their support and leadership in this important piece of research.
We are also grateful to the members of our community who participated in the DEI survey. In addition, more than two dozen individuals across the open source community participated in interviews with the research team adding further insight to the survey findings.
The research shows that while a majority of respondents feel welcome in open source, many in underrepresented communities do not. We hope that the data and insights that this project provides will be a catalyst for strengthening existing DEI initiatives and creating new ones.
Communities that adopt inclusive language and actions will be able to attract and retain individuals from diverse backgrounds. The Linux kernel community adopted inclusive language in the Linux 5.8 release, showing its commitment to Diversity and Inclusion.
For other projects, the Inclusive Naming Initiative launched at KubeCon North America to standardize inclusive language across the industry. It released a training course, LFC103: Inclusive Strategies for Open Source Communities, to support this.
We are also focusing on Science and Research to Advance Diversity and Inclusion in Software Engineering. Our new Software Developer Diversity and Inclusion (SDDI) project will draw on science and research to deliver resources and best practices in increasing diversity in software engineering.
The Open Hardware Diversity Alliance is a RISC-V incubating project with the mission of bringing together the open hardware community to provide programs, networking opportunities, and learning to encourage participation and support to the professional advancement of women and underrepresented individuals in open source hardware.
Creating diverse communities requires effort and commitment to creating inclusive and welcoming spaces. Recognizing that communities that adopt inclusive language and actions attract and retain more individuals from diverse backgrounds, the Linux kernel community adopted inclusive language in the Linux 5.8 release. Understanding if this sort of change has been effective is a topic of active research. The Diversity, Equity, and Inclusion Micro-Conference at Linux Plumbers Conference 2021 took the pulse of the Linux kernel community as it turned 30 this year and discussed some next steps. Experts from the DEI research community shared their perspectives and preliminary research with Linux community members.
A multifaceted discussion on various research topics related to diversity was informative. A few takeaways are:
Diversity spans geography, gender, and language.Inclusive language efforts have to take language barriers into account.Implicit and explicit mentoring efforts help attract developers from diverse backgrounds.Mentoring programs with opportunity to work with experts are successful in attracting developers from diverse backgrounds.
The challenges to work on:
How do we retain new developers?How do we evolve new developers into maintaining code?
As we look back at the year, the LFX Mentorship program will wrap 2021 with 23 new Linux kernel developers, 181 new open source developers across all LFX projects, and 5285 received applications. We started the LFX Mentorship program in 2019 with just three new developers, and we’ve come a long way since then. As we look back at the year, the LFX Mentorship program will wrap 2021 with 23 new Linux kernel developers and 181 new open source developers across all LFX projects, with 5285 applications received.
The LF Mentorship program, with the help from the Event teams, reached out to Historically Black Colleges (HBCUs) and colleges with a larger number of Hispanic students before the Summer session and to all 2021 applicants to get feedback on the programs and platform.
We have had limited success from the first reach out in attracting and selecting applicants, and the second one was successful. Here is what people had to say about what attracted them to our program:
The top two responses tied at 83%:
Ability to work 1:1 with experienced open source contributors.Opportunity to experiment and ability to learn to contribute effectively to current open source projects.
The opportunity to facilitate jobs and internships came in second place with 55%, and paid opportunities came in third place at 49%.
The important takeaways are that the program offers the ability to work with experts and the opportunity to experiment. A few mentioned that the program’s emphasis on support for students and developers who are entirely new to open source is why they applied, aligning with the program’s goals and objectives.
Learn more about LFX Mentorships at https://lfx.linuxfoundation.org/tools/mentorship/
The LFX Mentorship program and the LF Events teams collaborated with 22 experts in the open source communities to provide unstructured self-learning resources under the LF Live Mentorship Series umbrella. The series provides expert knowledge and valuable interactive discussion across various topics related to the Linux Kernel and other OS projects, primarily development. We made these 22 webinars available for free, and we will conclude this year with two more. We thank all our mentors for taking the time to share their knowledge and expertise.
Let’s take a look at how these programs enable new developers to find jobs and career opportunities. You can read the stories of Linux Kernel Mentorship program graduates breaking the open source glass ceiling by Nithya Ruff and Jennifer Cloer.
We are also planning to reach out to all our graduates since the inception of this program in 2019. The goal is to see where their open source journeys took them after graduating, and we will share the results.
The LFX Mentorship and LF Events team collaborated on a Mentee Showcase to connect our graduates with prospective employers from our member companies. In this virtual event, mentees will share their accomplishments with others. There are plenty of open source jobs, and employers are looking for talent. Additionally, this event allows us to thank our mentors who share their knowledge to train new talent. Some of our mentors do this in their spare time without expectations. We are hoping to make this an annual event.
A recent Linux kernel community research confirmed the busy maintainer problem we talked about for a couple of years. Next year, this is one area of focus to add mentorship projects and webinars to provide resources to develop maintainer talent within open source communities.
As we talk about the stats and numbers, let’s not lose sight of the big picture. It’s all about:
Making a difference and empowering people by offering both structured and unstructured learning opportunities. We are paying them to learn and making the resources available for free and accessible to all.Developing new talent and making the new talent available to the Linux ecosystem. Helping build communities to continue developing open source code to keep the Linux ecosystem healthy and sustainable.
In February of 2021, the Linux Foundation announced it would host seven Call for Code for Racial Justice projects, an initiative driven by IBM and Creator David Clark Cause to urge the global developer ecosystem and open source community to contribute to solutions that can help confront racial inequalities. These include two new cloud-based Solution Starter applications:
Fair Change is a platform to help record, catalog, and access evidence of potentially racially charged incidents to help enable transparency, reeducation, and reform as a matter of public interest and safety. TakeTwo aims to help mitigate bias in digital content, whether overt or subtle, focusing on text across news articles, headlines, web pages, blogs, and even code.
In addition to the two new apps, the Linux Foundation now hosts five evolving open source projects from Call for Code for Racial Justice:
Five Fifths Voter: This web app empowers minorities to exercise their right to vote and helps ensure their voice is heard by determining optimal voting strategies and limiting suppression issues.Legit-Info: Local legislation can significantly impact areas as far as jobs, the environment, and safety. Legit-Info helps individuals understand the legislation that shapes their lives.Incident Accuracy Reporting System: This platform allows witnesses and victims to corroborate evidence or provide additional information from multiple sources against an official police report.Open Sentencing: To help public defenders better serve their clients and make a stronger case, Open Sentencing shows racial bias in data such as demographics.Truth Loop: This app helps communities understand the policies, regulations, and legislation that will most impact them.
The post Addressing Diversity, Equity, and Inclusion in 2021 and Beyond appeared first on Linux Foundation.
Eighty-two percent of respondents to global survey feel welcome in the open source community, while barriers to participation include time, personal background, and some exclusionary behaviors
SAN FRANCISCO, Calif., December 14, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the release of its latest LF Research study, “Diversity, Equity, and Inclusion in Open Source.”
The study, which includes the results of both qualitative interviews and a worldwide survey with more than 7,000 initial responses from the open source community, was created to increase the industry’s collective understanding of the state of Diversity, Equity, and Inclusion (DEI) in open source and to inform important DEI practices. The sponsors of this research include Amazon Web Services (AWS), CHAOSS Community, Comcast, Fujitsu, GitHub, GitLab, Hitachi, Huawei, Intel, NEC, Panasonic, Red Hat, Renesas, and VMware.
“The open source community is growing at an unprecedented pace and it’s imperative that we understand that growth in the context of diversity, equity. and inclusion so that we can collectively implement best practices that result in inclusive communities,” said Hilary Carter, Vice President of Research at the Linux Foundation. “The Diversity, Equity, and Inclusion in Open Source study gives us valuable insights that can lead to a more diverse global open source community.”
Study after study has revealed that diversity among technology builders leads to better, more robust technologies. But the industry continues to struggle with increasing diversity, and the open source software community is no exception. Building and sustaining inclusive communities can attract a more diverse talent pool and prioritizes the next generation of open source technologies. The Linux Foundation’s Diversity, Equity, and Inclusion in Open Source study aims to identify the state of DEI in open source communities, the challenges and opportunities within them, and draw conclusions around creating improvements in much-needed areas.
“Understanding data behind Diversity, Equity, and Inclusion in the open source community allows us to identify areas for focus and improvement. The open source community will greatly benefit from the actions we take to grow engagement and make it a welcoming place for everyone,” said Nithya Ruff, Comcast Fellow, Head of Comcast Cable Open Source Program Office, and Linux Foundation board chair.
Key findings from the study include:
Eighty-two percent of respondents feel welcome in open source, but different groups had different perspectives overall. The 18 percent of those that do not feel welcome are from disproportionately underrepresented groups: people with disabilities, transgender people, and racial and ethnic minorities in North America.
Increasing open source diversity reflects growing global adoption, but there is still much room to improve.
As the global adoption of open source technologies grows rapidly, so, too, is diversity within open source communities. But there remains a lot of room for growth: 82 percent of respondents identify as male, 74 percent identify as heterosexual, and 71 percent are between the ages of 25-54.
Time is a top determinant for open source participation
Time-related barriers to access and exposure in open source include discretionary and unpaid time, time for onboarding, networking, and professional development, as well as time zones.
Exclusionary behaviors can have a cascading effect on contributors’ experience and retention.
Exclusionary behavior has cascading effects on feelings of belonging, opportunities to participate, achieve leadership, and retention. While toxic experiences are generally infrequent, rejection of contributions, interpersonal tensions, stereotyping, and aggressive language are far more frequently experienced by certain groups (2-3 times higher frequency than the study average).
People’s backgrounds can impact equitable access to open source participation early in their careers, compounding representation in leadership later on.
Just 16 percent of students’ universities offer open source as part of their curricula. This, along with unreliable connectivity, geographic, economic, and professional disparities narrow an individual’s opportunity to contribute.
“Understanding the state of Diversity, Equity, and Inclusion in the open source community is critical for business strategy and nurturing an inclusive culture,” said Demetris Cheatham, senior director, Diversity and Inclusion Strategy at GitHub. “This newest data, encompassing both qualitative and quantitative research from the Linux Foundation, helps direct our attention on the things that matter most to our employees and the great community and industry.”
The study also points to societal changes and trends that are impacting DEI in the workplace. Enterprise Digital Transformation, Techlash, Political Polarization, Social Media Ecosystem and Content Moderation are all cited as trends that have exposed and amplified exclusionary narratives and designs, mandating increased awareness, and recalibrating individual and organizational attention.
To download the complete study, please visit:
For more information on the Linux Foundation’s DEI initiatives, please visit: https://www.linuxfoundation.org/diversity-inclusivity/
About the Linux Foundation
Founded in 2000, the Linux Foundation and its projects are supported by more than 1,800 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
The post Linux Foundation Research Reveals New Open Source Diversity, Equity, and Inclusion Trends appeared first on Linux Foundation.