Industries cannot advance without standards. Trains could not operate across a continent. I could not connect to the world from my computer through WiFi to an Internet. Standards may be recognized by governments or they may be de facto industry standards. The key benefit from standards is interoperability. At some level, competing proprietary products can interoperate. I can send a text from my iPhone to your Android phone. I support standards in the name of interoperability. I say this as preamble to three pieces of news coming from the Linux Foundation.
EdgeX Foundry Announces Jakarta, the Project’s First Long Term Support Release
EdgeX Foundry, a Linux Foundation project under the LF Edge project umbrella, announced the release of version 2.1 of EdgeX, codenamed ‘Jakarta.’ The project’s ninth release, it follows the recent Ireland release, which was the project’s second major release (version 2.0). Jakarta is significant in that it is EdgeX’s first release to offer long term support (LTS).
“Our Jakarta release is a stabilization release,” said Jim White, the EdgeX Foundry Technical Steering Committee (TSC) Chairman and co-founder of the project. “As such, it is our project community’s pledge to adopters that EdgeX offers you a stable version of the platform that you can expect the community to stand behind and support for a period of two years. We stand with you in support of EdgeX in real world, commercial deployments of the platform.”
“Only a few open-source projects offer long term support; the rapid change of open source projects and the effort needed to LTS is significant,” said Arpit Joshipura, general manager, Networking, Edge and IoT, at the Linux Foundation. “By including LTS, EdgeX demonstrates it understands the needs of the operational technology (OT) user base, and how products in this space must work and operate over longer periods of time than traditional IT solutions,” said Arpit Joshipura. “This is a big milestone for any open source community, and we are incredibly proud of EdgeX Foundry for this achievement.”
The EdgeX long term support policy states that the community will work as quickly as possible and give “best effort and development priority to fix major flaws as soon as possible.” Major flaws by the project are defined as
• bugs causing the system or service to crash and where there is no work around for the function
• bugs for a feature/function that does not work and there is no work around for the function
• a security issue deemed a critical or high-level CVE (per CVSS)
The project has further stipulated in its LTS policy that “no new major functionality (at the discretion of the TSC) will be added” to the LTS version after the release happens.
The next EdgeX release, codenamed “Kamakura,” is set for Spring 2022. The community has held its semi-annual planning session to lay out the goals and objectives of this release. Kamakura is likely to be another dot-release that will again be backward compatible with all EdgeX 2.x releases (Ireland and Jakarta). Major additions currently under consideration and being developed by the community include:
• Initial north to south message bus. Improved security secrets seeding and allowing for delayed service starts.
• Metrics collection
• Dynamic device profiles. Better (native) Windows support
• Improve testing – including real hardware testing
• A second version release of the EdgeX Command Line Interface (CLI) which, compatible with EdgeX v2.x.
The Cyber-Investigation Analysis Standard Expression Transitions to Linux Foundation
The Linux Foundation announced the Cyber-investigation Analysis Standard Expression (CASE) is becoming a community project as part of the Cyber Domain Ontology (CDO) project under the Linux Foundation. CASE is an ontology-based specification that supports automated combination and intelligent analysis of cyber-investigation information. CASE concentrates on advancing interoperability and analytics across a broad range of cyber-investigation domains, including digital forensics and incident response (DFIR).
“Becoming part of the Linux Foundation is a major milestone for CASE that will significantly benefit the broader open source and cyber-investigation communities,” said Eoghan Casey, Presiding Director of CASE. “As an evolving standard supporting structured expression and exchange of cyber-investigation information, CASE will substantially enhance efforts to address growing challenges in the modern world, including cyberattacks, ransomware, online fraud, sexual exploitation, and terrorism. Our objective is to create a culture of common comprehension and collaborative problem solving across cyber-investigation domains.”
Organizations involved in joint operations or intrusion investigations can efficiently and consistently exchange information in standard format with CASE, breaking down data silos and increasing visibility across all information sources. Tools that support CASE facilitate correlation of differing data sources and exploration of investigative questions, giving analysts a more comprehensive and cohesive view of available information, opening new opportunities for searching, pivoting, contextual analysis, pattern recognition, machine learning and visualization.
Development of CASE began in 2014 as a collaboration between the DoD Cyber Crime Center (DC3) and MITRE, led by Dr. Eoghan Casey and Sean Barnum, involving the National Institute of Standards and Technology (NIST). In response to international interest, this initiative became an open source evolving standard, with hundreds of participants in industry, government and academia around the globe. Early contributors include the Netherlands Forensic Institute (NFI), the Italian Institute of Legal Informatics and Judicial Systems (IGSG-CNR), FireEye, and University of Lausanne. CASE governance and community coordination were formalized with support of Harm van Beek, Rich Brown, Ryan Griffith, Cory Hall, Christopher Hargreaves, Jessica Hyde, Deborah Nichols, and Martin Westman. Growing international involvement is tracked on the CASE website.
CASE, built on the Hansken trace model developed and implemented by the NFI, aligns with and extends the Unified Cyber Ontology (UCO). This year has seen the release of UCO 0.7.0, and most recently CASE 0.5.0. CASE and UCO now both are built on SHACL constraints, providing an instance data validation capability. Currently, CASE is developing a representation for Inferences, both human formulated and computer generated, to bind investigative conclusions to supporting evidence and associated chain of custody.
Linux Foundation to Host the Cloud Hypervisor Project
The Linux Foundation announced it will host the Cloud Hypervisor project, which delivers a Virtual Machine Monitor for modern Cloud workloads. Written in Rust with a strong focus on security, features include CPU, memory and device hot plug; support for running Windows and Linux guests; device offload with vhost-user; and a minimal and compact footprint.
The project is supported by Alibaba, ARM, ByteDance, Intel and Microsoft and represented by founding member constituents that include Arjan van de Ven, Fellow at Intel; K. Y Srinivasan, Distinguished Engineer and VP at Microsoft; Michael Zhao, Staff Engineer at ARM, Gerry Liu, Senior Staff Engineer at Alibaba, and Felix Zhang, Senior Software Engineer at ByteDance. Initial focus for the Cloud Hypervisor project will be security and modern operation for Cloud.
K.Y Srinivasan, Advisory Board member from Microsoft adds: “Cloud Hypervisor has matured to the point that moving it to the Linux Foundation is the right move at the right time. As LF continues to standardize key components of the software stack for managing/orchestrating modern workloads, we feel that the Cloud Hypervisor will be an important part of the overall stack. Being part of LF will help us accelerate development and adoption of this key technology.”
