Welcome to the 7th edition of Open Source Matters: our regular publication about the latest happenings in open source! Let’s dive into the news.
The White House Convenes Meeting of Open Source Security Experts
It seems that not a single day passes by without news about the importance of software security. Given the tech industry’s immense dependence on open source software, it’s no surprise that open source projects are routinely the focus of attention. Log4j, cURL, Faker.js, OpenSSL: the list of open source projects that have fallen victim to major security breaches or maintainer burnout continues to grow.
To address this, the Biden administration brought together a group of leading open source experts from governmental agencies and the private sector to discuss three major topics:
- Preventing security defects and vulnerabilities in code and open source packages;
- Improving the process for finding defects and fixing them;
- Shortening the response time for distributing and implementing fixes.
Solutions include making it easier for developers to integrate security features into their code, securing the infrastructure used to build and distribute code, and using digital identities and code signing to improve reliability. You can find more details in Google’s response to the meeting.
DevToys: The Swiss Army Knife for Developers
DevToys is a new open source project from Microsoft that provides valuable tools for software developers. It includes tools to convert popular formats like JSON and YAML, encoders/decoders for HTML and Base64, hash generators, regex testing, Markdown preview, image compression, and many more tools to make the lives of developers much more effortless. It can even auto-detect the contents of your clipboard and automatically recommend the appropriate tool for the job.
One of the project’s creators stated that they were impressed with the developer tools available on other platforms like macOS and Linux. They wanted to replicate that experience for developers who work on Windows. It’s currently only available on Windows, but the community may also expand support to other platforms. Check out the code on GitHub.
Other Open Source News
Here are some other stories we’re following from around the web.
GnuPG Gains a Steady Source of Income From a New Business Venture
In recent years, open source funding has been a hot topic that has only gained momentum. GnuPG is a widespread open source implementation of the OpenPGP standard that enables users to encrypt data and communications using a private hash key. They recently announced that they’ve launched a new business venture that provides financial stability to the project maintainers. You can find out more about their business here.
Arduino’s Annual Open Source Report
Every year, Arduino releases a report about the state of its open source community and the extensive collection of hardware and software projects that make up its ecosystem. Here are some of the more interesting updates from this year’s report:
- Four new hardware devices for tasks including IoT connectivity and motor control
- Version 2 of the Arduino IDE that improves user experienc with features like autocompletion, code navigation, better debugging tools and an improved serial plotter
- A command line tool to lint Arduino code
- New GitHub Actions to autocompile code and provide quicker insight into errors, warnings, and memory impact
- The ecosystem grew by 896 new supporting libraries, 6,005 new library versions, and 326 tutorials
Check out the full report for more information.
New Open Source Projects
Here are some new open source projects that caught our attention:
- NeuVector – A lifecycle container security platform from Suse
- vAPI – An educational sandbox to help developers learn about API security
- Evolution Gym – A benchmark tool for robots that helps with optimization and design.
- DeepNull – A model for non-linear covariate effects to help improve phenotype prediction and association power in genomic studies.
- Ripple – An Open API standard to enable hardware/software interoperability and grow general purpose radar applications.