KubeCon + CloudNativeCon Highlights Security for Open Source

This week’s KubeCon + CloudNativeCon North America in-person and virtual conference put security for open-source development back in the spotlight while also talking up cloud native’s rapid rise.

Pryanka Sharma, general manager of the Cloud Native Computing Foundation (CNCF), the event host; Jim Zemlin, executive director of the Linux Foundation; and Bryan Behlendorf, general manager of the Open Source Security Foundation (OpenSSF), spoke to analysts and press about the trajectory and scale of cloud native adoption. They also presented ways their teams aim to improve the security dilemmas tied to open-source development in this space.

Sharma said the CNCF, a branch of the Linux Foundation, includes some 114 projects, with more than 138,000 individual contributors from more than 86 countries. The growth of CNCF is naturally tied to the increased appetite for cloud native development and deployment among organizations. “Things are moving really fast for our ecosystem,” she said. “Every company is becoming a technology company and they’re adopting the paradigm of cloud native.”

Open-source cloud native projects that are incubated, graduated, and approved by the CNCF, are ready for enterprise use in production at any scale, Sharma said. “We think they are going to help every company out there with their deployments and workloads.”

The pace of open-source development continues to accelerate, Zemlin said, finding its way into most technology products or services, “Open source now, 30 years into Linux, is the dominant form of how software gets developed,” he said. “It really makes up the bulk of any modern application.”

Open source has driven innovation and fostered efficiency in digital transformation, Zemlin said. It lets organizations focus on proprietary code that is their “secret sauce” for the most vital business needs, he said, while using open frameworks as building blocks for the rest.

Securing open-source code

Big challenges remain ahead for open innovation communities, Zemlin said, so the Linux Foundation raised an additional $10 million for the Open Source Security Foundation, which is rounding out its first year of operation. “We think cybersecurity is one of the most immediate challenges in open source that can be pretty systematically addressed; it will never be perfectly solved,” he said.

Read the rest of this article on InformationWeek.