All Posts By

ciilf

Linux Foundation’s Core Infrastructure Initiative Issues Call for Grant Proposals

By Announcements

CII aims to extend funding to other, critical and underfunded projects

DUSSELDORF, Germany, LinuxCon and CloudOpen, October 13, 2014 – The Core Infrastructure Initiative (CII), a project hosted by The Linux Foundation that enables technology companies, industry stakeholders and esteemed developers to collaboratively identify and fund critical open source projects that are in need of assistance, today issued a call for new grant proposals for open source projects seeking industry support.

While there are not formal requirements for proposals, grant requests should describe the history of the project, how it represents core Internet infrastructure and how the project would benefit from funding for developers, code audits or other measures. Grant proposals can be submitted on an ongoing basis. Decisions are made by CII’s twenty-member steering group, which is informed by an esteemed Advisory Board of community and industry experts.

CII earlier this year made initial grants to OpenSSL, NTP and OpenSSH. These grants have been used for code audits, hiring more developers and providing infrastructure.

“Our initial grants to OpenSSL, NTP and OpenSSH are already helping those core projects we all rely on,” said Linux Foundation Executive Director Jim Zemlin. “CII is now ready to expand the positive impact we hope to have on more open source projects that are critical to the Internet’s infrastructure.”

Grants proposals may be made online at https://www.linuxfoundation.org/programs/core-infrastructure-initiative

The members of the CII are Adobe, Amazon Web Services, Bloomberg, Cisco, Dell, Facebook, Fujitsu, Google, HP, Hitachi, Huawei, IBM, Intel, Microsoft, NEC, NetApp, Qualcomm, Rackspace, salesforce.com and VMware.

About The Linux Foundation

The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the Linux operating system and collaborative software development by marshaling the resources of its members and the open source community. The Linux Foundation provides a neutral forum for collaboration and education by hosting Collaborative Projects, Linux conferences, including LinuxCon and generating original research and content that advances the understanding of Linux and collaborative software development. More information can be found at http://www.linuxfoundation.org.

The Linux Foundation, Linux Standard Base, MeeGo, Tizen and Yocto Project are trademarks of The Linux Foundation. OpenBEL is a trademark of OpenBEL Consortium. OpenDaylight is a trademark of the OpenDaylight Project, Linux is a trademark of Linus Torvalds

# # #

Core Infrastructure Initiative Adds New Members to Fund and Support Critical Open Source Projects

By Announcements

The Linux Foundation’s CII adds Hitachi and NEC to roster of companies working to identify and fund open source projects in need of assistance

Chicago, Ill. LINUXCON & CLOUDOPEN, August 20, 2014 – The Core Infrastructure Initiative (CII), a project hosted by The Linux Foundation that enables technology companies, industry stakeholders and esteemed developers to collaboratively identify and fund open source projects that are in need of assistance, today announced new backers. Hitachi and NEC will work with existing CII members to collaboratively identify and support the critical infrastructure projects most in need of support.

These newest backers join other members of CII who include Adobe, Amazon Web Services, Bloomberg, Cisco, Dell, Facebook, Fujitsu, Google, HP, Huawei, IBM, Intel, Microsoft, NetApp, Rackspace, salesforce.com and VMware. Comments from the newest members are included below.

“Hitachi and NEC are prioritizing support for some of the world’s most important open source projects and will help the industry move from crisis-driven responses to a measured, proactive approach to funding projects that are most in need,” said Jim Zemlin, executive director at The Linux Foundation. “Open source projects are the foundation for most of today’s global infrastructure and need be supported by the companies and users who rely on them.”

CII provides funding for fellowships for key developers to work full-time on open source projects, security audits, computing and test infrastructure, travel, face-to-face meeting coordination and other support. The Steering Committee, comprised of members of the Initiative, and the Advisory Board of industry stakeholders and esteemed developers, are tasked with identifying underfunded open source projects that support critical infrastructure and administering the funds through The Linux Foundation.

Projects currently receiving funding include Network Time Protocol, Open Crypto Audit Project (OCAP), OpenSSH and OpenSSL. Other projects are under consideration and will be funded as assessments are completed and budget allows.

The Advisory Board includes Linux kernel developer Alan Cox; security and cryptography researcher Matthew Green; Radio Free Asia’s Open Technology Fund Director Dan Meredith; professor of law and legal history at Columbia University and founder of Software Freedom Law Center Eben Moglen; Fellow at the Berckman Center for Internet & Society at Harvard Law School Bruce Schneier; Program Officer for Human Rights for MacArthur Foundation; Eric Spears; and Linux kernel developer Ted Ts’o.

The computing industry has increasingly come to rely upon shared source code to foster innovation. But as this shared code has become ever more critical to society and more complex to build and maintain, there are certain projects that have not received the level of support commensurate with their importance. CII changes funding requests from the reactive post-crisis asks of today to proactive reviews identifying the needs of the most important projects. By raising funds at a neutral organization like The Linux Foundation, the industry can effectively give these projects the support they need while ensuring that open source projects retain their independence and community-based dynamism.

Hitachi

“The Core Infrastructure Initiative is going to address the needs in today’s software industry – a neutral, collaborative project that allows companies to support the work of today’s most critical open source projects,” said Susumu Okuhara, General Manager of Service Development Operation, IT Platform R&D Management Division, Hitachi. “We’re proud to be a part of this group and look forward to the impact it can have on the long-term health of our global infrastructure.”

NEC

“NEC has long valued Linux and open source software and supported their development,” said Naoki Hashitani, vice president, NEC. “CII gives us the opportunity to extend the support to open source projects and developers who might not be funded or supported if there were not initiatives like CII.”

Anyone can donate to the Core Infrastructure Initiative fund. To join or donate or find out more information about the Core Infrastructure please visithttps://www.linuxfoundation.org/programs/core-infrastructure-initiative

Additional Resources

News Release: Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation Form New Initiative to Support Critical Open Source Projects

News Release: The Linux Foundation’s Core Infrastructure Initiative Announces New Backers, First Projects to Receive Support and Advisory Board Members

About The Linux Foundation

The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the Linux operating system and collaborative software development by marshaling the resources of its members and the open source community. The Linux Foundation provides a neutral forum for collaboration and education by hosting Collaborative Projects, Linux conferences, including LinuxCon and generating original research and content that advances the understanding of Linux and collaborative software development. More information can be found at http://www.linuxfoundation.org.

The Linux Foundation, Linux Standard Base, MeeGo, Tizen and Yocto Project are trademarks of The Linux Foundation. OpenBEL is a trademark of OpenBEL Consortium. OpenDaylight is a trademark of the OpenDaylight Project, Linux is a trademark of Linus Torvalds

# # #

Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation Form New Initiative to Support Critical Open Source Projects

By Announcements

Newly formed Core Infrastructure Initiative is the industry’s collective response to the Heartbleed crisis

SAN FRANCISCO, April 24, 2014 – The Linux Foundation today announced it has formed a new project to fund and support critical elements of the global information infrastructure. The Core Infrastructure Initiative enables technology companies to collaboratively identify and fund open source projects that are in need of assistance, while allowing the developers to continue their work under the community norms that have made open source so successful. Founding backers of the Initiative include Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation.

The first project under consideration to receive funds from the Initiative will be OpenSSL, which could receive fellowship funding for key developers as well as other resources to assist the project in improving its security, enabling outside reviews, and improving responsiveness to patch requests.

The Core Infrastructure Initiative is a multi-million dollar project organized by The Linux Foundation to fund open source projects that are in the critical path for core computing and Internet functions. Galvanized by the Heartbleed OpenSSL crisis, the Initiative’s funds will be administered by The Linux Foundation and a steering group comprised of backers of the project as well as key open source developers and other industry stakeholders. Support from the initiative will include funding for fellowships for key developers to work full-time on open source projects, security audits, computing and test infrastructure, travel, face-to-face meeting coordination and other support.

“We are expanding the work we already do for the Linux kernel to other projects that may need support,” said Jim Zemlin, executive director of The Linux Foundation. “Our global economy is built on top of many open source projects. Just as The Linux Foundation has funded Linus Torvalds to be able to focus 100% on Linux development, we will now be able to support additional developers and maintainers to work full-time supporting other essential open source projects. We are thankful for these industry leaders’ commitment to ensuring the continued growth and reliability of critical open source projects such as OpenSSL.”

“Maintaining the health of the community projects that produce software critical to the security and safety of Internet commerce is in everyone’s interest,” said Professor Eben Moglen of Columbia Law School, Founding Director of the Software Freedom Law Center. “The Linux Foundation, and the companies joining this Initiative, are enabling these dedicated programmers to continue maintaining and improving the free and open source software that makes the Net work safely for us all. This is business and community collaboration in the public interest, and we should all be grateful to The Linux Foundation for making it happen.”

Open source historically has produced high quality and highly secure software. For instance, the most recent Coverity Open Scan study of software quality has shown that open source code quality surpasses proprietary code quality. But as all software has grown in complexity  –  with interoperability between highly complex systems now the standard – the needs for developer support has grown.

Similarly, the computing industry has increasingly come to rely upon shared source code to foster innovation. But as this shared code has become ever more critical to society and more complex to build and maintain, there are certain projects that have not received the level of support to commensurate with their importance. For instance, the OpenSSL project has in past years received about $2,000 per year in donations. The Core Infrastructure Initiative will change funding requests from the reactive post-crisis asks of today to proactive reviews identifying the needs of the most important projects. By raising funds at a neutral organization like The Linux Foundation, the industry will effectively give these projects the support they need while ensuring that open source projects retain their independence and community-based dynamism.

Anyone can donate to the Core Infrastructure Initiative fund. To join or donate or find out more information about the Core Infrastructure please visithttps://www.linuxfoundation.org/programs/core-infrastructure-initiative

Founding Member Comments

Amazon Web Services

“Open source software is important to organizations like AWS that deliver secure Internet experiences and services for customers,” said Steve Schmidt, Chief Information Security Officer, Amazon Web Services, Inc.  “We are pleased to be part of the Core Infrastructure Initiative and to work with the Linux Foundation to foster continued innovation and security in key open source projects that can benefit us all.”

Cisco

“By creating the Core Infrastructure Initiative, the Linux Foundation has once again stepped up to the challenge of supporting open source projects at the heart of today’s Internet,” said Colin Kincaid, VP Product Management and Architecture, Cisco. “Supporting dedicated open source collaborators and contributors is vital to the success and growth of innovation.”

Dell

“Protecting and supporting the work of open source developers and the projects that provide the underpinning of the world’s technology infrastructure is of the highest priority,” said Don Ferguson, Software CTO and Sr. Fellow, Dell. “The Core Infrastructure Initiative gives the industry a way to do this effectively. We are proud to be involved in this very important work.”

Facebook

“Open source software makes today’s computing infrastructure possible. Facebook is excited to support these projects and the developers who maintain them. This initiative will help ensure that these core components of internet infrastructure get the assistance they need to respond to new threats and to reach new levels of scale,” said Doug Beaver, Engineering Director of Traffic & Edge, Facebook.

Fujitsu

“In the nearly two decades that Fujitsu has actively supported Linux, we have gained an understanding that open source software is an essential element of today’s computing infrastructure,” said Takashi Fujiwara, Head of Platform Software Business Unit, Fujitsu Limited. “We are keen to participate in the Core Infrastructure Initiative as it will enable us to more easily support critical open source projects and key developers of the world’s most important code.”

Google

“Google has been a longtime supporter of the Linux Foundation and open source in general, so we’re proud to join the Core Infrastructure Initiative. We believe that an open-source approach to online security will ensure that code is constantly improving, making the web a safer place for us all,” said Chris DiBona, Director of Engineering for Open Source at Google.

IBM

“The Linux Foundation is well positioned to manage this initiative to improve security for the open source community,” said Hira Advani, IBM Software Group Chief Security Compliance Officer. “IBM has a long history of supporting open source standards and thousands of IBM researchers, programmers and engineers around the world are contributing to this community. We look forward to working with the foundation and other founding members of the Core Infrastructure Initiative to better enable the open source community to meet the evolving needs of businesses and governmental organizations.”

Intel

“Intel is committed to support the development of open source technology and Linux,” said Imad Sousou, Intel vice president and general manager of the Intel Open Source Technology Center. “As an active and long term contributor to open source community, Intel believes the Core Infrastructure Initiative can help provide long term, sustainable support to Linux, the world’s most important open source standard.”

Microsoft

“Security is an industry-wide concern requiring industry-wide collaboration. The Core Infrastructure Initiative aligns with our participation in open source and the advancement of secure development across all platforms, devices and services.” – Steve Lipner, partner director of software security, Microsoft.

NetApp

“We are pleased to support the important and timely Core Infrastructure Initiative, along with our industry partners,” said Dan Neault, Senior Vice President, Datacenter Solutions, NetApp. “Computer security is of paramount importance to our industry, and our participation reflects NetApp’s commitment to the open source community and the software that we each rely on every day in our business and personal lives.”

Rackspace

“We believe the Core Infrastructure Initiative will improve the security of the Internet,” said John Engates, CTO, Rackspace. “Open source code powers everything we do online. We look forward to working with the Linux Foundation, our other company partners, and the open source community to make sure these projects get the support they need.”

VMware

“The Core Infrastructure Initiative is critical. The new model of computing involves a set of choices for customers – on premise, off premise, hybrid – and we must ensure the safety and security across all of those environments,” commented Ray O’Farrell, senior vice president, Cloud Infrastructure R&D, VMware. “We welcome the opportunity to support and contribute to the success of open source and are eager to participate in the Core Infrastructure Initiative.”

About The Linux Foundation

The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the Linux operating system and collaborative software development by marshaling the resources of its members and the open source community. The Linux Foundation provides a neutral forum for collaboration and education by hosting Collaborative Projects, Linux conferences, including LinuxCon and generating original research and content that advances the understanding of Linux and collaborative software development. More information can be found at http://www.linuxfoundation.org.

The Linux Foundation, Linux Standard Base, MeeGo, Tizen and Yocto Project are trademarks of The Linux Foundation. OpenBEL is a trademark of OpenBEL Consortium.OpenDaylight is a trademark of OpenDaylight Project. Linux is a trademark of Linus Torvalds.

# # #

Deep Dive on CII’s Best Practices Badge Program on Linux.com

By Blogs

Earlier this month, we announced the Core Infrastructure Initiative (CII) Best Practices Badges Program, a free program that seeks to determine security, quality and stability of open source software.

We received many inquiries from interested companies and developers for additional information about the CII badge program after its launch. Addressing the program’s most pressing questions on Linux.com are Emily Ratliff, senior director of infrastructure security at The Linux Foundation and Dr. David Wheeler, open source and security research expert.

Determining software security is an industry-wide challenge for both proprietary and open source. The CII Best Practices Badge Program addresses this challenge by helping projects determine if they meet open source best practices quickly (generally, in less than an hour) and through a trusted source. Projects displaying a CII badge showcase the project’s commitment to security.

Read the Q&A here.