Jim Zemlin sits down with Stu Miniman & John Furrier at Open Source Summit 2017 in Los Angeles, CA
#OSSummit #theCUBE
https://siliconangle.com/2017/09/12/wake-equifax-breach-linux-foundation-unveils-open-source-chaoss-ossummit/
In wake of Equifax breach, Linux Foundation unveils open source CHAOSS
“An unmanageable mess” is how Paul Gillin, senior editor for Wikibon Inc. and SiliconANGLE Media Inc., described the open-source software community last year. Both proprietary legacies and open-source-native companies have since tried to bring order to the confusion. Now, the open-source community has resolved to pull itself together.
“We take seriously that that code runs modern society,” said Jim Zemlin (pictured), executive director at The Linux Foundation. “It keeps us private — or doesn’t, as we saw with Equifax hack, which was a CVE [Common Vulnerabilities and Exposures ID] and an open-source project.”
Equifax itself has blamed open-source Apache Struts software for last week’s breach, which affected at least 143 million people.
Zemlin spoke with John Furrier (@furrier) and Stu Miniman (@stu), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during this week’s Open Source Summit in Los Angeles. (* Disclosure below.)
Codies
In the nick of time, open-source leaders have joined forces on Community Health Analytics for Open-Source Software, or CHAOSS, a new Linux Foundation project announced on September 11. The project provides transparency and health and security metrics for open-source projects, Zemlin explained.
“If you don’t have a healthy project, you kind of don’t want to bet your company on this project by using it in a production system,” Zemlin said.
CHAOSS will monitor open-source project health on a number of levels, including:
How many developers are contributing?
Are there code-quality metrics that could be looked at?
Do they have security practices, like a responsible disclosure policy and a security mailing list?
Have they recently fuzzed (tested) their code?
For anyone unsure, the role Linux plays in open source can be clearly seen in CHAOSS, according to Zemlin. “We are the roadies, the supporting cast, the plumbers and the janitors of the system,” he said. “The real rock stars are the developers.”
However, these menial aids and assists might save coders a breach affecting 143 million people and a high-profile slamming in the press. “Throw your code up on GitHub — you don’t need The Linux Foundation, right? Why do we even exist? The answer is to do things like [CHAOSS],” Zimler concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Open Source Summit 2017. (* Disclosure: TheCUBE is a paid media partner for Open Source Summit 2017. Neither The Linux Foundation nor Red Hat Inc. have editorial control over content on theCUBE or SiliconANGLE.)
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Open Source Summit 2017 | Los Angeles. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For Open Source Summit 2017 | Los Angeles
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for Open Source Summit 2017 | Los Angeles.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Open Source Summit 2017 | Los Angeles. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to Open Source Summit 2017 | Los Angeles
Please sign in with LinkedIn to continue to Open Source Summit 2017 | Los Angeles. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Jim Zemlin, Linux Foundation | Open Source Summit 2017
Jim Zemlin sits down with Stu Miniman & John Furrier at Open Source Summit 2017 in Los Angeles, CA
#OSSummit #theCUBE
https://siliconangle.com/2017/09/12/wake-equifax-breach-linux-foundation-unveils-open-source-chaoss-ossummit/
In wake of Equifax breach, Linux Foundation unveils open source CHAOSS
“An unmanageable mess” is how Paul Gillin, senior editor for Wikibon Inc. and SiliconANGLE Media Inc., described the open-source software community last year. Both proprietary legacies and open-source-native companies have since tried to bring order to the confusion. Now, the open-source community has resolved to pull itself together.
“We take seriously that that code runs modern society,” said Jim Zemlin (pictured), executive director at The Linux Foundation. “It keeps us private — or doesn’t, as we saw with Equifax hack, which was a CVE [Common Vulnerabilities and Exposures ID] and an open-source project.”
Equifax itself has blamed open-source Apache Struts software for last week’s breach, which affected at least 143 million people.
Zemlin spoke with John Furrier (@furrier) and Stu Miniman (@stu), co-hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during this week’s Open Source Summit in Los Angeles. (* Disclosure below.)
Codies
In the nick of time, open-source leaders have joined forces on Community Health Analytics for Open-Source Software, or CHAOSS, a new Linux Foundation project announced on September 11. The project provides transparency and health and security metrics for open-source projects, Zemlin explained.
“If you don’t have a healthy project, you kind of don’t want to bet your company on this project by using it in a production system,” Zemlin said.
CHAOSS will monitor open-source project health on a number of levels, including:
How many developers are contributing?
Are there code-quality metrics that could be looked at?
Do they have security practices, like a responsible disclosure policy and a security mailing list?
Have they recently fuzzed (tested) their code?
For anyone unsure, the role Linux plays in open source can be clearly seen in CHAOSS, according to Zemlin. “We are the roadies, the supporting cast, the plumbers and the janitors of the system,” he said. “The real rock stars are the developers.”
However, these menial aids and assists might save coders a breach affecting 143 million people and a high-profile slamming in the press. “Throw your code up on GitHub — you don’t need The Linux Foundation, right? Why do we even exist? The answer is to do things like [CHAOSS],” Zimler concluded.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Open Source Summit 2017. (* Disclosure: TheCUBE is a paid media partner for Open Source Summit 2017. Neither The Linux Foundation nor Red Hat Inc. have editorial control over content on theCUBE or SiliconANGLE.)
