KubeCon + CloudNativeCon Highlights Security for Open Source

Vulnerabilities in the life cycle of open-source software development can start from tiny crumbs but grow into substantial issues.

Joao-Pierre Ruth

October 15, 2021

2 Min Read
KubeCon + CloudNativeCon Highlights Security for Open Source
(Source: Pixabay)

This week’s KubeCon + CloudNativeCon North America in-person and virtual conference put security for open-source development back in the spotlight while also talking up cloud native’s rapid rise.

Pryanka Sharma, general manager of the Cloud Native Computing Foundation (CNCF), the event host; Jim Zemlin, executive director of the Linux Foundation; and Bryan Behlendorf, general manager of the Open Source Security Foundation (OpenSSF), spoke to analysts and press about the trajectory and scale of cloud native adoption. They also presented ways their teams aim to improve the security dilemmas tied to open-source development in this space.

Sharma said the CNCF, a branch of the Linux Foundation, includes some 114 projects, with more than 138,000 individual contributors from more than 86 countries. The growth of CNCF is naturally tied to the increased appetite for cloud native development and deployment among organizations. “Things are moving really fast for our ecosystem,” she said. “Every company is becoming a technology company and they’re adopting the paradigm of cloud native.”

Open-source cloud native projects that are incubated, graduated, and approved by the CNCF, are ready for enterprise use in production at any scale, Sharma said. “We think they are going to help every company out there with their deployments and workloads.”

The pace of open-source development continues to accelerate, Zemlin said, finding its way into most technology products or services, “Open source now, 30 years into Linux, is the dominant form of how software gets developed,” he said. “It really makes up the bulk of any modern application.”

Open source has driven innovation and fostered efficiency in digital transformation, Zemlin said. It lets organizations focus on proprietary code that is their “secret sauce” for the most vital business needs, he said, while using open frameworks as building blocks for the rest.

Securing open-source code

Big challenges remain ahead for open innovation communities, Zemlin said, so the Linux Foundation raised an additional $10 million for the Open Source Security Foundation, which is rounding out its first year of operation. “We think cybersecurity is one of the most immediate challenges in open source that can be pretty systematically addressed; it will never be perfectly solved,” he said.

Read the rest of this article on InformationWeek.

About the Author(s)

Joao-Pierre Ruth

Joao-Pierre S. Ruth has spent his career immersed in business and technology journalism first covering local industries in New Jersey, later as the New York editor for Xconomy delving into the city's tech startup community, and then as a freelancer for such outlets as TheStreet, Investopedia, and Street Fight. Joao-Pierre earned his bachelor's in English from Rutgers University. Follow him on Twitter: @jpruth.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights