Get the highlights in your inbox every week.
New software service for the supply chain, fuzzing Java, and more | Opensource.com
New software service for the supply chain, fuzzing Java, and more
A look at current open source community and industry trends.
As part of my role as a principal communication strategist at an enterprise software company with an open source development model, I publish a regular update about open source community, market, and industry trends. Here are some of my and their favorite articles from that update.
Without standardization, securing the software supply chain will be almost impossible. It's sigstore backers' hope that they can fix these issues. The goal is worth the effort. As Josh Aas, executive director of the Internet Security Research Group (ISRG) and Let's Encrypt, said "Securing a software deployment ought to start with making sure we're running the software we think we are. Sigstore represents a great opportunity to bring more confidence and transparency to the open-source software supply chain."
The impact: One of the core promises of open source is that "with enough eyes, all bugs are shallow," which is a claim that has been made for the security of the software as well. This effort (and others like it) represent an industry-wide approach to backing up that claim.
OSS-Fuzz has found more than 25,000 bugs in open source projects using fuzzing. We look forward to seeing how this technique can help secure and improve code written in JVM-based languages.
The impact: It is exciting to see what might have been an extra step in the development process being made easy and integral early on.
“Linaro’s goal is to empower the Arm ecosystem, making it easier for those with a need for a binary toolchain to have access before an official release", said Mike Holmes, Director of Foundation Technologies at
Linaro. “By having access to the monthly GNU Toolchain integration builds, developers can feel more confident that their system will be stable against the future full release.”
The impact: This should be an accelerant for developing the ARM ecosystem, which already seems to be growing by leaps and bounds.
Kubernetes is one of the most popular choices for container management and automation today. A highly efficient Kubernetes setup generates innumerable new metrics every day, making monitoring cluster health quite challenging. You might find yourself sifting through several different metrics without being entirely sure which ones are the most insightful and warrant utmost attention. As daunting a task as this may seem, you can hit the ground running by knowing which of these metrics provide the right kind of insights into the health of your Kubernetes clusters. In this article, we take you through a few Kubernetes health metrics that top our list.
The impact: It's not enough to see the forest for the trees; you need to see the forest and the trees. Kubernetes = forest; health metrics = trees.
I hope you enjoyed this list and come back next week for more open source community, market, and industry trends.