When this year ends 2021, the Linux Foundation there will be spent about 180 million of dollars, 20% more than in 2020, when according to The Register it spent 148 million dollars. This is reflected in its annual report, which also highlights the role of its new LFX platform. Of what was invested in 2021, only 3.4% has been spent on support for the Linux kernel. 56.3% goes to support other projects.
According to forecasts, the foundation’s income will be 177 million dollars, so expenses will exceed income. In terms of number of members, their number has increased 280 percent in the last five years. Of the total, 48% come from the American continent, 31% from the EMEA area and Russia, and another 21% from the Asia-Pacific region.
The focus on security and the software supply chain that the Linux Foundation has had in 2021 stands out. In this year, the Open Source Security Foundation has become a project with 10 million dollars of funding. It also highlights the ISO / IEZ standardization of the Data Exchange Software Package (SPDX), designed to facilitate the specification of a Software Material Declaration (SBOM).
The aforementioned LFX platform has also been developed. The Director of the Linux Foundation, Jim Zemlin, highlighted in the meeting of members of the entity, held last November, the complexity of the Linux and open source ecosystem as seen by the foundation. He also underscored that gaps in the software supply chain had increased dramatically in recent years.
On the other hand, in 2021, the number of virtual meetings held by the foundation has reached 29,000. In addition, 24.4 million lines of code have been added each week to the project and there are already 13,000 code repositories, while the foundation continues «processing contributor license agreements from tens of thousands to tens of thousands«.
These are the reasons that have led the Linux Foundation to create a toolkit that deals with the management of these complexities: LFX platform. It includes a panel that gives access to analytics on the status and security of the project. Obtaining these metrics without choosing specific tools or platforms for projects is complicated, and it is done through connectors to hundreds of sources. LFX is not yet complete, and some of its components are in the testing phase, but it is already available, and it is designed to be extensible. Its full launch is scheduled for the first quarter of 2022.
LFX security tools include statistical analysis based on various tools. In November, the scanning of secrets included in error in the code was presented, and a search for offensive language, as well as insensitive language, to be able to block it at will. In both cases, the tools are BluBracket. Among the secrets the tool scans are not only login credentials, but also personally identifiable information. Additionally, the tool also checks Git configurations for bugs.
The platform, which can be accessed from this website, also has a Project Control Center that automates project management. It does this with the provision of cloud infrastructure, member management, legal structure, partner license agreements, mailing lists or members committee.
In addition, it has a tool with which organizations can control the activity and status of the projects they are working on, as well as an individual control panel for collaborators. This includes not only code contributions, but also interaction with the community or events where people are involved. The individual dashboard can be connected to LinkedIn to show collaborations to contacts.
By 2022, the Linus Foundation promises «follow the events around in person«As he believes that they are critical to drive collaboration, more than virtual events. That does not mean that the foundation also hopes to improve its virtual events in 2022. Not only because of the pandemic, but also to reach regions where it does not have in-person events.