Linux Foundation Adds Software Supply Chain Security To LFX (zdnet.com) 12
An anonymous reader quotes a report from ZDNet: LFX supports projects and empowers open source teams by enabling them to write better, more secure code, drive engagement, and grow sustainable software ecosystems," the Linux Foundation says. Now, to address the growing threat of software supply chain attacks, the foundation is upgrading its LFX Security module to deal with these attacks. Jim Zemlin, the Linux Foundation's executive director, announced this new tooling today at the Linux Foundation Membership Summit.
Enhanced and free to use, LFX Security makes it easier for open source projects to secure their code. Specifically, the LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing automated vulnerability detection capabilities. Software security firm BluBracket is contributing this functionality to the LFX as part of its mission to make software safer and more secure. This functionality builds on contributions from open source developer security company Snyk, helping make LFX the leading vulnerability detection platform for the open source community. [...] LFX Security will be further scaled out in 2022, helping to solve challenges for hundreds of thousands of critical open source projects under the Open Source Security Foundation. LFX Security is free and available now.
Enhanced and free to use, LFX Security makes it easier for open source projects to secure their code. Specifically, the LFX Security module now includes automatic scanning for secrets-in-code and non-inclusive language, adding to its existing automated vulnerability detection capabilities. Software security firm BluBracket is contributing this functionality to the LFX as part of its mission to make software safer and more secure. This functionality builds on contributions from open source developer security company Snyk, helping make LFX the leading vulnerability detection platform for the open source community. [...] LFX Security will be further scaled out in 2022, helping to solve challenges for hundreds of thousands of critical open source projects under the Open Source Security Foundation. LFX Security is free and available now.
I'm sooo happy (Score:5, Funny)
I always felt the need to be protected from non inclusive language.
non-inclusive language (Score:5, Interesting)
Also what is it, who defines it?
Are people who use it excluded?
Re: non-inclusive language (Score:2)
Re: (Score:2, Insightful)
Anything an LGTQ SJW identifies as assault is assault, according to them, including using the word "master" and "slave" to describe database relationship.
Re: (Score:2)
Isn't excluding "master" offensive against BDSM community?
Re: (Score:2)
Wasted effort. (Score:4, Insightful)
Worrying about "non-inclusive language" removes attention from actual security problems. I'm pretty sure this exact argument caused people to get booted out the Linux Foundation but it doesn't make it less true.
Jumping the shark? (Score:3, Insightful)
...empowers open source teams by enabling them to write better, more secure code, drive engagement, and grow sustainable software ecosystems," the Linux Foundation says.
When I read buzzwords and phrases such as "empowers", "enabling", "drive engagement", and "grow sustainable software ecosystems"... well damn, I just realized that 'sentence' is almost entirely comprised of empty and meaningless bullshit. It sounds like some HR twat market-droid wannabe, (or some market-droid twat HR wannabe), is verbally jerking off. When I hear that crap from a non-profit foundation devoted to Open Source and Free Standards, I fear that co-option by the private sector might not be far behind.
Re:Jumping the shark? (Score:4, Informative)
The Linux Foundation jumped the shark long ago. Most 'initiatives' are just letting various companies give them money to use Linux Foundation owned brands for their marketing purposes. They used to focus on initiatives to promote the ecosystem, but none of the distributions really care and ultimately the foundation moved on to other places driven by 'sponsor' funds telling them what to do, more for the sake of the vendor than for any community benefit.
Re: (Score:2)
Exactly, similar deal, leveraging a hype word to advance the agenda of proprietary vendors under the guise of a customer friendly buzzword to hijack.
I might have been a bit harsh as I'm sure some initiatives are still solid, but as a brand I am more skeptical of a 'Linux Foundation' association despite being enthusiastic about all manner of open source projects.