Welcome to the 5th edition of Open Source Matters: our regular publication about the latest happenings in open source! Let’s dive into the news.
The Open Source Security Foundation Lands $10M in Sponsorships
Last August, the Linux Foundation launched OpenSSF, an organization that’s focused on supply chain security. Now, the Linux Foundation has announced they’ve received $10M in sponsorships from a number of tech giants including Amazon, Facebook, Microsoft, Red Hat, Dell, JPMorgan Chase, and others. According to Sonatype, supply chain attacks have increased 650% in 2021. Concerns about this reached a point where even the White House weighed in back in May to issue a cybersecurity executive order aimed at improving cybersecurity among US interests. According to the OpenSSF, the funding will be used to provide education around secure coding practices, as well as to improve automation, prioritization, and remediation of open source software vulnerabilities.
SFC Sues Vizio Over Consumer Rights to GPL Code
The Software Freedom Conservancy (SFC) is a legal organization that defends open source software and licenses in court. They recently sued popular TV manufacturer Vizio over copyleft provisions in the GPLv2, which require all modifications to the code to be distributed whenever someone repackages and distributes the code.
The SFC accused Vizio of violating the GPL license in SmartCast OS: the operating system they use on their smart TVs. The SFC has a long history of bringing suits like this against major tech companies, but this one is different on one key factor: the SFC is suing Vizio as a consumer of their TVs. Historically, the SFC has focused on suits that protect the rights of the developers who built the software, i.e., the copyright holders, but they also believe consumers should be afforded the same rights as said developers. They hope to use this suit to establish case law that provides consumer protections as well, which has the potential to open the door for a wide range of future lawsuits against tech companies who violate the GPL.
MIT Releases an Open Source AI Platform for Developing New 3D Printing Materials
MIT has teamed up with BASF, a chemical company, to create an AI-driven process to help with the discovery of 3D printing materials. Named AutoOED (Automated Optimal Experiment Design), it can create hundreds of material iterations in the time it would take a chemist to do just a small number manually. Their goal is to increase the speed at which 3D printed materials can be invented and reduce material waste in the process.
New Open Source Projects We’re Watching
- ControlFlag – An automated debugging tool from Intel that uses machine learning to identify anomalous patterns in software and firmware code.
- ThreatMapper – A security tool from Deepfence that automatically scans, maps, and ranks cloud application vulnerabilities.
- Sysmon – The popular system monitoring tool for Windows has now been released as open source for Linux.
- Mariana Trench – A tool from Facebook that identifies and prevents security and privacy bugs in Android and Java applications.
- Ottr – Serverless public key infrastructure from Airbnb that handles end-to-end certificate rotations.
- NextArch Foundation – A new Linux Foundation initiative to develop a next-generation architecture that supports compatibility between microservices.
- SCENIC – A JAX library from Google that helps researchers build large-scale machine learning prototypes for computer vision.
- AWH-Geo – An atmospheric water harvester from Alphabet that produces clean water from air.