• Partnership enables acceleration of innovation, collaboration, and US competitiveness in areas of 5G, Edge, IOT, AI and Security

• New umbrella organization at the Linux Foundation, US GOV OPS, to host first project, OPS 5G (Open Programmable, Secure), to accelerate 5G, Edge & IoT technologies creation and deployment

• Open Ecosystem efforts aligns on a common open source architecture and set of open source projects and focuses on integrations and enhancements to the secure open source end to end 5G stack.

• Effort leverages the existing networking open source projects and community efforts at the Linux Foundation and industry disruptions like disaggregation, SDN/NFV, and cloud native. 

SAN FRANCISCO –  February 17, 2021 – The Linux Foundation (LF), the nonprofit organization enabling mass innovation through open source, today announced it has signed a collaboration agreement with the  Defense Advanced Research Projects Agency (DARPA) to create open source software that accelerates United States government technology research and development innovation.

Under the agreement, DARPA and the LF will create a broad collaboration umbrella (US Government Open Programmable Secure (US GOV OPS) that allows United States Government projects, their ecosystem, and open community to participate in accelerating innovation and security in the areas of 5G, Edge, AI, Standards, Programmability, and IOT among other technologies. The project formation encourages ecosystem players to support US Government initiatives to create the latest in technology software.

The project will launch as a standard open source project with neutral governance and a charter similar to other projects within the Linux Foundation. Additionally, the agreement enables collaboration with upstream and downstream communities such as LF Networking, LF Edge, and Zephyr, among others, to build on a secure code base for use by the US Government.

“DARPA’s use of open source software in the Open Programmable Secure 5G (OPS-5G) program leverages transparency, portability and open access inherent in this distribution model,” said Dr. Jonathan Smith, DARPA Information Innovation Office Program Manager. “Transparency enables advanced software tools and systems to be applied to the code base, while portability and open access will result in decoupling hardware and software ecosystems, enabling innovations by more entities across more technology areas.” 

“We are eager to ally with DARPA and its intent to accelerate secure, open source innovation and US competitiveness across breakthrough technologies,” said Arpit Joshipura, general manager, Networking, Edge, & IOT, the Linux Foundation. “This partnership enables transformational change across open software and systems, leveraging the best shared resources across the ecosystem.” 

The new US GOV OPS umbrella will include the Open Programmable Secure- 5G (OPS-5G) program as its first project, currently in formation with the help of DARPA, the US Navy and additional performers. The goal of OPS-5G is to create open source software and systems enabling secure end to end 5G and follow-on mobile networks. OPS-5G will create capabilities to address feature velocity in open source software, mitigating large scale Botnet of Things (BoT), network slicing on suspect gear, and adaptive adversaries operating at scale.

DARPA’s Dr. Jonathan Smith will be presenting at the upcoming Open Networking and Edge Executive Forum (ONEEF) a virtual event taking place March 10-12. This special Executive Edition of Open Networking & Edge Summit, the industry’s premier open networking & edge computing event, will feature executive leadership across the networking and edge ecosystems sharing their visions with a global audience in the Telco, Cloud and Enterprise verticals.

To learn more about US GOV OPS and OPS-5G, please visit www.usgovops.org.      

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

The post DARPA and the Linux Foundation Create Open Software Initiative to Accelerate US R&D Innovation, 5G End to End Stack appeared first on Linux Foundation.

USN-4734-1 fixed several vulnerabilities in wpa_supplicant. This
update provides the corresponding update for Ubuntu 14.04 ESM.

It was discovered that wpa_supplicant did not properly handle P2P
(Wi-Fi Direct) group information in some situations, leading to a
heap overflow. A physically proximate attacker could use this to cause a
denial of service or possibly execute arbitrary code. (CVE-2021-0326)

It was discovered that hostapd did not properly handle UPnP subscribe
messages in some circumstances. An attacker could use this to cause a
denial of service. (CVE-2020-12695)

Today, the Linux Foundation announced that Renesas’ Hisao Munakata has been re-elected to its board, representing the Gold Member community. GitLab’s Eric Johnson has been elected to represent the Silver Member community. Linux Foundation elected board directors serve 2-year terms.

Directors elected to the Linux Foundation’s board are committed to building sustainable ecosystems around open collaboration to accelerate technology development and industry adoption. The Linux Foundation expands the open collaboration communities it supports with community efforts focused on building open standards, open hardware, and open data. It is dedicated to improving diversity in open source communities and working on processes, tools, and best security practices in open development communities. 

Hisao Munakata, Renesas (Gold Member)

Renesas is a global semiconductor manufacturer that provides cutting-edge SoC (system-on-chip) devices for the automotive, industry, and infrastructure. As open source support became essential for the company, Munakata-san encouraged Renesas developers to follow an “upstream-first” scheme to minimize gaps from the mainline community codebase. The industry has now accepted this as standard practice, following Renesas’ direction and pioneering work. 

Munakata-san has served as an LF board director since 2019 and has reflected the voice from the embedded industry. 

Renesas, which joined the Linux Foundation in 2011, has ranked in the top twelve kernel development contributor firms in the past 14 years. Munakata-san serves pivotal roles in various LF projects such as the AGL (Automotive Grade Linux) Advisory Board, Yocto Project Advisory Board, Core Embedded Linux Project, and OpenSSF. In these roles, Munakata-san has supported many industry participants in these projects to achieve harmony. 

As cloud-native trends break barriers between enterprise and embedded systems, Munakata-san seeks to improve close collaboration across the industry and increase contribution from participants in the embedded systems space, focusing on safety in a post-COVID world.

Eric Johnson, GitLab (Silver Member)

Eric Johnson is the Chief Technology Officer at GitLab, Inc. — the first single application for the DevSecOps lifecycle. GitLab is a free, open core software used by more than 30 million registered users to collaborate, author, test, secure, and release software quickly and efficiently. 

At GitLab, Eric is responsible for the organization that integrates the work of over a hundred external open source contributors into GitLab’s codebase every month. During his tenure Eric has contributed to a 10x+ increase in annual recurring revenue and has scaled Engineering from 100 to more than 550 people while dramatically increasing team diversity in gender, ethnicity, and country-of-residence. He’s also helped turn GitLab, Inc. into one of the most productive engineering organizations in the world, as evidenced by their substantial monthly on-premise releases.

Eric is also a veteran of 4 previous enterprise technology startups in fields as varied as marketing technology, localization software, streaming video, and commercial drone hardware/software. He currently advises two startups in the medical trial software and recycling robotics industries. 

Eric brings his open source and Linux background to the Foundation. In his professional work, he has spent 17 years hands-on or managing teams that develop software that runs on Linux systems, administrating server clusters, orchestrating containers, open-sourcing privately built software, and contributing back to open source projects. Personally, he’s also administered a Linux home server for the past ten years.

As a Linux Foundation board member, Eric looks forward to using his execution-focused executive experience to turn ideas into results. Collaboration with the Linux Foundation has already begun with Distributed Developer ID and Digital Bill of Materials (DBoM). As a remote work expert with years of experience developing best practices, Eric will use his expertise to help the board, the Foundation, and its partners become more efficient in a remote, asynchronous, and geographically distributed way.

The post The Linux Foundation Announces the Election of Renesas’ Hisao Munakata and GitLab’s Eric Johnson to the Board of Directors appeared first on Linux Foundation.

Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, or execute arbitrary code. (CVE-2020-26976,
CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964)

It was discovered that responses received during the plaintext phase of
the STARTTLS connection setup were subsequently evaluated during the
encrypted session. A person in the middle could potentially exploit this
to perform a response injection attack. (CVE-2020-15685)