containerjournal.com
Open in
urlscan Pro
2606:4700:10::6816:48a1
Public Scan
Submitted URL: http://go.mattermost.com/MTYxLUZCRS03MzMAAAGDYQDANTqqPYn8FxEGdgqxPh4Ey2TIt5p_ZKd1nsHJkpg3HhDTnEi4rMBMIMjAh4HUFqJyci8=
Effective URL: https://containerjournal.com/features/why-cloud-native-companies-should-support-open-source/?mkt_tok=MTYxLUZCRS03MzMAAAGDYQDA...
Submission: On March 25 via api from US — Scanned from DE
Effective URL: https://containerjournal.com/features/why-cloud-native-companies-should-support-open-source/?mkt_tok=MTYxLUZCRS03MzMAAAGDYQDA...
Submission: On March 25 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
https://containerjournal.com/
<form class="mega-search expand-to-right mega-search-closed" role="search" action="https://containerjournal.com/">
<span class="dashicons dashicons-search search-icon"></span>
<input type="submit" value="Search">
<input type="text" aria-label="Search..." data-placeholder="Search..." name="s" placeholder="">
</form>POST /features/why-cloud-native-companies-should-support-open-source/?mkt_tok=MTYxLUZCRS03MzMAAAGDYQDANZlaaqBaCPtWff2vL1O1PWRXhZ54WHzCIl167N678Jjj4f2PashEpZ96S2R_zUkCnId0cOM70rV7Y2kVnghdx4yBqGL77U8-34WN
<form method="post" enctype="multipart/form-data" id="gform_1"
action="/features/why-cloud-native-companies-should-support-open-source/?mkt_tok=MTYxLUZCRS03MzMAAAGDYQDANZlaaqBaCPtWff2vL1O1PWRXhZ54WHzCIl167N678Jjj4f2PashEpZ96S2R_zUkCnId0cOM70rV7Y2kVnghdx4yBqGL77U8-34WN">
<div class="gform_body gform-body">
<ul id="gform_fields_1" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_1_1" class="gfield gfield_contains_required field_sublabel_below field_description_below hidden_label gfield_visibility_visible"><label class="gfield_label" for="input_1_1">Email<span class="gfield_required"><span
class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_1_1" type="text" value="" class="large" tabindex="49" placeholder="Your Email" aria-required="true" aria-invalid="false">
</div>
</li>
<li id="field_1_2" class="gfield gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below field_description_below gfield_visibility_visible">
<div class="gsection_description"><a href="https://containerjournal.com/privacy-policy/">View Container Journal <u>Privacy Policy</u></a></div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_1" class="gform_button button" value="Subscribe Now" tabindex="50"
onclick="if(window["gf_submitting_1"]){return false;} window["gf_submitting_1"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_1"]){return false;} window["gf_submitting_1"]=true; jQuery("#gform_1").trigger("submit",[true]); }">
<input type="hidden" class="gform_hidden" name="is_submit_1" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="1">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_1" value="WyJbXSIsIjg3ZjNmN2Y5M2EzMTBkMDJjN2RjZGRmN2U2MzRmYjU4Il0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_1" id="gform_target_page_number_1" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_1" id="gform_source_page_number_1" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="1648228285084">
<script>
document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>Text Content
Friday, March 25, 2022 * Rafay Systems Provides Visibility Into GPUs on K8s Clusters * Containerization and Kubernetes Enable Flexible Service Delivery * Survey Surfaces Spike in Cloud-Native App Development * How VMware Tanzu Changes the Cloud Computing Equation * Anchore Extension Can Generate SBOMs for Container Apps * * * * CONTAINER JOURNAL Long Live Containerization! MENUMENU * Home * Webinars * Upcoming * On-Demand * Library * Contributors * About MENUMENU * Features * News * Latest News * News Releases * Container Ecosystems * Container Management * Container Networking * Container Security * Container Ecosystems Features Topics WHY CLOUD-NATIVE COMPANIES SHOULD SUPPORT OPEN SOURCE March 16, 2022March 15, 2022 Bill Doerrfeld 0 Comments bug bounty, cloud, cloud-native architecture, open source, open source contributor by Bill Doerrfeld Open source software (OSS) makes up the bedrock of our digital lives. And naturally, OSS is the foundation for most modern cloud-native infrastructure. In fact, a recent report from CNCF found a rise in open source projects to support the cloud-native movement. The CNCF study found that 96% of organizations now use Kubernetes. And in the past year, other cloud-native open source projects have grown exponentially too. For example, containerd adoption grew 500% year-over-year and Prometheus monitoring software grew 53%. Think an app is not using open source software? Think again—the majority of the time, you’d be wrong. In fact, 90% of enterprises now use open source. But in the wake of incidents like Log4j, all this reliance on open source for cloud-native architecture has sparked concern about whether or not we can trust the security and reliability of these projects. National Security Advisor Jake Sullivan recently stated that “open source software is a key national security concern.” Granted, it can be tricky to validate the provenance of each project and fully comprehend its low-level functionalities. Due to their sheer complexities, becoming an expert in every open source tool a company embeds would take several lifetimes. Still, the benefits of open source greatly outweigh the potential concerns—in addition to being freely available, open source increases portability and interoperability within the tech market. Plus, with so many developers contributing to a project, weaknesses and vulnerabilities can be discovered and addressed more quickly. Still, according to James Arlen, CISO, Aiven, companies should consider taking a more active role in nurturing these core projects. He recently shared with me some specific actions companies can take to nurture the OSS they rely so heavily upon. PROMOTING THE COMMON GOOD Open source software can help organizations avoid being held hostage by a single cloud, allowing for multi-cloud environments. But reaping the benefits of open source indeed requires communal input. According to Arlen, the onus is on companies to incentivize the improvement of OSS as part of the common good. So, what are some ways to support and improve open source? One method is direct monetary contribution. Arlen describes how at Aiven, the company pays salaries for security team members who spend half their time explicitly working on open source projects. Also, the company has contributed financial incentives for open source bug discoveries, even when the official open source project maintainers themselves had no bug bounty program. “A commitment to open source helps balance capitalist motives with the public-good nature of open source,” he said. Aside from direct monetary contributions, Arlen encourages more developers to take an active role in contributing to core packages that affect the broader ecosystem, as vulnerabilities in an underlying package, like Fedora, could impact many upstream services. Often, exposures are unintentional and only arise when two strains of code are combined, as was the case with a bug found in an implementation of Apache Flink-as-a-service, says Arlen. ONE FOR ALL AND ALL FOR ALL Open source projects have flourished due to significant communal effort. Arlen compares it to how Wikipedia usurped Encyclopedia Brittanica as the means to organize society’s collective understanding. Supporting open source does require effort, but there’s a sweet spot when all parties feel like they gave a bit too much, says Arlen. “Open source is really an implementation of Nash’s Theorem. If everybody doesn’t quite win, we all win.” It sounds like an idealistic trope, but it’s true that we tend to get farther when we help each other. Therefore, companies have an ethical reason to contribute directly to the projects they consume. While that might sound like an enormous burden, the effort doesn’t have to be that substantial. “If everyone submits one article, in the blink of an eye we have Wikipedia,” says Arlen. “The same thing happens in open source.” And, contributions don’t have to be purely technical, either. For example, there is certainly space for technical writers to build out better documentation for open source projects. “Contributions should be of material outcome, but they don’t need to be significant,” Arlen explains. If everyone volunteers, say, four hours a month toward fixing a bug in open source projects, the software world would be inherently safer. On that note, no test suite catches everything. Another helpful way to contribute is to submit bug reports to project maintainers. GIVE BACK TO CLOUD-NATIVE OPEN SOURCE “Any sufficiently advanced technology is indistinguishable from magic,” in the words of Arther C Clarke. And many open source packages work like magic to the beholder. “There is no human that understands all of Linux or all of macOS,” says Arlen. As such, it’s impossible to avoid vulnerabilities altogether, and complexity won’t cease to exist whether the software is open or closed. But open source’s transparency is another of its great strengths, as it affords greater visibility into bugs and vulnerabilities. We can’t get rid of open source. Top open source packages from the CNCF, for example, have been maturing for years and are relied on by thousands of software teams. And though directly using open source packages requires overcoming some maintenance hurdles, many abstractions exist to streamline their use. For example, most companies adopt Kubernetes via managed services such as EKS or GKS. Still, open source is at the root of these platforms and must be nurtured. Instead of punishing open source for its shortcomings, we need to build societal patterns that support this idea of the common good, says Arlen. Perhaps one day, this could materialize as a government-endorsed digtial ‘park ranger’ corps, whose responsibilities include upkeep of the digital infrastructure the globe relies on, he speculates. In the meantime, open source users have some actionable items: Give back to the community, introduce bug bounty programs and contribute however you can, even if it’s immaterial, Arlen advises. * Click to share on Twitter (Opens in new window) * Click to share on Facebook (Opens in new window) * Click to share on LinkedIn (Opens in new window) * Click to share on Reddit (Opens in new window) * RELATED CNCF: 80% of Orgs Want Open Source Cloud-Native SecurityNovember 1, 2021In "Container Security" Open Source for Better ObservabilitySeptember 28, 2021In "Container Management" Cloud Native Computing Foundation Announces Open Policy Agent GraduationFebruary 4, 2021In "News Releases" * ← Spectro Cloud Extends K8s Management Reach to the Edge * Docker, Inc. Improves File Sharing for Docker Desktop for Mac → BILL DOERRFELD Bill Doerrfeld is a tech journalist and analyst. His beat is cloud technologies, specifically the web API economy. He began researching APIs as an Associate Editor at ProgrammableWeb, and since 2015 has been the Editor at Nordic APIs, a high-impact blog on API strategy for providers. He loves discovering new trends, interviewing key contributors, and researching new technology. He also gets out into the world to speak occasionally. * * Bill Doerrfeld has 58 posts and counting. See all posts by Bill Doerrfeld TECHSTRONG TV – LIVE Watch latest episodes and shows SUBSCRIBE TO CJ NEWSLETTER Get breaking news, free eBooks and upcoming events delivered to your inbox. * Email* * View Container Journal Privacy Policy Δ MOST READ KUBERNETES: SEPARATING THE HYPE FROM PRODUCTION SUCCESS March 1, 2022 5 CNCF PROJECTS FOR STREAMING AND MESSAGING March 10, 2022 6 CNCF PROJECTS FOR CI/CD March 8, 2022 APPGATE EXTENDS SDP REACH TO KUBERNETES February 28, 2022 WHEN KUBERNETES SECURITY MEETS IAC SCANNING March 7, 2022 RECENT POSTS Container Management Features Latest News News Topics RAFAY SYSTEMS PROVIDES VISIBILITY INTO GPUS ON K8S CLUSTERS March 24, 2022 Mike Vizard 0 Comments Container Management Features Topics CONTAINERIZATION AND KUBERNETES ENABLE FLEXIBLE SERVICE DELIVERY March 24, 2022 Raymond James 0 Comments Container Management Features Latest News News Topics SURVEY SURFACES SPIKE IN CLOUD-NATIVE APP DEVELOPMENT March 23, 2022 Mike Vizard 0 Comments Container Ecosystems Features Topics HOW VMWARE TANZU CHANGES THE CLOUD COMPUTING EQUATION March 23, 2022 Mike Vizard 0 Comments Container Security Features News Topics ANCHORE EXTENSION CAN GENERATE SBOMS FOR CONTAINER APPS March 22, 2022 Mike Vizard 0 Comments UPCOMING WEBINARS * DevOps.com * Security Boulevard Getting Started With Reliability Management 12 April 2022 Keeping modern, complex and continuously changing applications running is not easy. Most IT organizations operate by going from one fire drill to the next. Reliability management helps shift teams from a reactive to a proactive stance to provide a fantastic digital experience and mitigate service disruptions The post Getting Started With Reliability Management appeared first on DevOps.com. [...] The Impact of Low-Code/No-Code on DevOps 11 April 2022 Regardless of which low-code or no-code tool is used, chances are good that the individual building an application using that tool is a professional developer. The fact is, it’s faster to build applications using low-code tools. Rather than allowing the application development backlog to become worse than it already is, many professional developers have concluded […] The post The Impact of Low-Code/No-Code on DevOps appeared first on DevOps.com. [...] How to Optimize Kubernetes for Security, Cost, Reliability and Scale 7 April 2022 As Kubernetes matures and adoption increases, one question keeps coming up: Am I doing it right? In organizations with hundreds (or even thousands) of clusters at work, finding ways to boost the efficiency and productivity of these important areas is critical. The post How to Optimize Kubernetes for Security, Cost, Reliability and Scale appeared first on DevOps.com. [...] Implementing Kubernetes Chargeback on AWS 6 April 2022 Implementing Kubernetes cost allocation is particularly challenging compared to other types of IT infrastructure. This is because Kubernetes is a multitenant platform that hosts short-lived containers and possesses no built-in mechanism for cost management. Kubecost offers a way for organizations to meet this need, with a free and open -source tool designed to help you […] The post Implementing Kubernetes Chargeback on AWS appeared first on DevOps.com. [...] Zero-Trust Architecture for Cloud-Native Apps on Hybrid Infrastructure 5 April 2022 Zero-trust architecture is now a requirement across the U.S. government and its appeal to organizations of all types is growing. What does this mean for application development and delivery? Service mesh is the federally recommended reference architecture for zero-trust. It is also a leading solution for applications running on hybrid architecture. The post Zero-Trust Architecture for Cloud-Native Apps on Hybrid Infrastructure appeared first on DevOps.com. [...] Surveying the AppSec Landscape 25 April 2022 Recent high-profile software supply chain breaches have naturally sharpened the focus on application security. However, as cybersecurity professionals know all too well, concern doesn’t always equate to action. In theory, the rise of DevSecOps best practices that shift responsibility for application security further left should reduce, or outright eliminate, the vulnerabilities that now routinely make.. The post Surveying the AppSec Landscape appeared first on Security Boulevard. [...] Using DevSecOps for Continuous Compliance and Security Automation 19 April 2022 Compliance and security practices often depend on manual, outdated methods that impede software delivery performance. Compliance breaches that occur late in the software delivery pipeline result in costly mistakes that are difficult to correct. In this webinar, we will discuss how leading companies are automating security and compliance within their continuous delivery pipelines, resulting in.. The post Using DevSecOps for Continuous Compliance and Security Automation appeared first on Security Boulevard. [...] GitHub Actions and Code Injection: Avoiding Vulnerable Configurations 13 April 2022 GitHub Actions is an increasingly popular DevOps tool because of its rich marketplace and ease of use. As part of our research into the GitHub Actions security landscape, we discovered several pitfalls in the workflow that could result in severe security consequences. For example, we noticed many developers using event input data to improve their.. The post GitHub Actions and Code Injection: Avoiding Vulnerable Configurations appeared first on Security Boulevard. [...] Top 3 Ways to Build Security Into DevOps 30 March 2022 DevOps teams have been tasked to deliver new applications rapidly and continuously, but security testing and remediation have failed to keep pace. Hackers have capitalized on this “speed over security” approach to AppSec and have developed new attack strategies targeted at the application layer. The post Top 3 Ways to Build Security Into DevOps appeared first on Security Boulevard. [...] Improving AppSec With Application Security Posture Management 29 March 2022 By now, everyone has heard of the *AST scanning technologies. Most have been around for 15+ years, yet organizations are still struggling to eliminate AppSec issues like SQL injection and XSS vulnerabilities because these scanning tools look at vulnerabilities through a vulnerability lens, not a contextual risk lens. The post Improving AppSec With Application Security Posture Management appeared first on Security Boulevard. [...] * * * * * About * Media Kit * Sponsor Info * Write for Container Journal * Copyright * TOS * Privacy Policy Copyright © 2022 Techstrong Group, Inc. All rights reserved. Notifications previousnextslideshow