Skip to content

Perforce Launches New State of Open Source Survey in Collaboration With the Eclipse Foundation and Open Source Initiative

MINNEAPOLIS, SEPTEMBER 17, 2024 – Perforce Software, the DevOps company for global teams requiring speed, quality, security and compliance at scale along the development lifecycle, today launched its annual survey exploring open source software (OSS) usage in organizations worldwide. The survey’s findings will be the foundation for the 2025 State of Open Source Report, which offers a comprehensive assessment of the current landscape of OSS technologies and trends. This year’s survey was developed through a joint effort led by OpenLogic by Perforce in collaboration with the Eclipse Foundation and the Open Source Initiative (OSI). 

“We are delighted to partner once again with both the Eclipse Foundation and Open Source Initiative,” said Tzvika Shahaf, VP of Product Management at Perforce. “This year, we have added a new section on Big Data infrastructure, since data technologies was identified as one of the biggest areas of investment in the 2024 report. We hope to gain a better understanding of how enterprises are managing their Big Data stacks and the challenges they face.”

The survey, which will close on November 1, asks questions related to the day-to-day use and management of OSS, as well as governance and maturity. Response data will be compiled into a detailed report, with sections focused on different technology categories (i.e. operating systems, databases, programming languages) and topics such as security and compliance. 

The Eclipse Foundation is proud to participate in the 2025 State of Open Source survey and report. We view it as essential to our work of championing open source development and innovation,” said Thabang Mashologu, VP of Community and Outreach at the Eclipse Foundation. “The State of Open Source Report always provides invaluable insights that enable us to better support our community of open source contributors and organizations that rely on OSS for their business-critical applications.”

Since it was first published in 2019, the State of Open Source Report has been cited in numerous industry reports, as well as shared at top open source conferences around the world.

“This is our fourth year being involved in the State of Open Source Report, and there is never any shortage of surprises in the data,” said Stefano Maffulli, Executive Director, Open Source Initiative. “Now, however, the aim of the survey is not to determine whether or not organizations are using open source — we know they are — but to find out how they are handling complexities related to AI, licensing, and of course, security.”

Anyone using open source in their organization is invited to complete the 2025 State of Open Source Survey

About the Eclipse Foundation
The Eclipse Foundation provides our global community of individuals and organizations with a business-friendly environment for open source software collaboration and innovation. We host the Eclipse IDE, Adoptium, Software Defined Vehicle, Jakarta EE, and over 425 open source projects, including runtimes, tools, specifications, and frameworks for cloud and edge applications, IoT, AI, automotive, systems engineering, open processor designs, and many others. Headquartered in Brussels, Belgium, the Eclipse Foundation is an international non-profit association supported by over 350 members. To learn more, follow us on social media @EclipseFdn, LinkedIn or visit eclipse.org.

 

About the Open Source Initiative
The Open Source Initiative (OSI) is the steward of the Open Source Definition, setting the foundation for the global open source ecosystem. Founded in 1998, OSI protects and promotes open source software, development and communities, championing software freedom in society through education, collaboration and infrastructure. The OSI is a 501(c)3 non-profit, and anyone interested in supporting the defense of Open Source Definitions can join today at https://join.opensource.org.

About Perforce
The best run DevOps teams in the world choose Perforce. Perforce products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, improve security and compliance, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

UEM’s Role in Ensuring Security and Compliance in the Aviation Industry

Ensuring compliance with regulations and maintaining high-security standards has become crucial in the aviation industry. According to a report, the aviation industry scores a “B” on average. While this isn’t a failing grade, organizations with a B rating are 2.9x more likely to be victims of data breaches than those with an A rating[1]. Further, with the increasing integration of digital technologies in airports and airlines, managing the vast array of devices and protecting sensitive data has become more complex. 

UEM for aviation security
Ensuring Aviation Compliance and Security with UEM

Unified endpoint management (UEM) solutions are designed to address such compliance and security-related challenges by providing a centralized approach to managing and securing a wide range of devices and data.  

This blog highlights the compliance and security challenges in the aviation industry and the key features offered by Scalefusion to help airlines maintain security and compliance.

Compliance and Security Challenges in Aviation

1. Regulatory Compliance 

The aviation industry operates under a stringent regulatory framework to ensure safety, security, and efficiency. For instance, the International Civil Aviation Organization (ICAO) has set various international standards and regulations for security compliance in the aviation industry. 

For aviation data security, it mandates periodic offline secure backup and encryption of sensitive data to maintain information availability and integrity. Similarly, the physical security controls include, defining access management and control policies, background checks of personnel with administrative rights on databases, or with access to sensitive data. 

Similarly, for information, communication, and technology ICAO mandates access control policies and application of least privilege principles, software/hardware firewalls and network security, cryptography, organizational password policies, end-point protection, network monitoring and detection of anomalies, network separation, and device management. 

Moreover, due to the global nature of the aviation industry, compliance with GDPR is essential for airlines operating within or serving the European Union. GDPR imposes strict data privacy and protection rules, requiring airlines to implement robust data security practices. The challenge here is ensuring passenger data is collected, securely stored, and shared within a controlled environment and only with authorized airline personnel. Non-compliance can result in significant fines, up to 4% of the airline’s annual global turnover or €20 million, whichever is higher.[2]

2. Monitoring Airport Physical Infrastructure

Airports rely on a complex network of sensors and servers to ensure the smooth operation of various systems, from baggage handling and advertisement screens at airports to inflight cockpit devices and seatback entertainment screens. The challenge lies in continuously monitoring and maintaining this infrastructure to prevent disruptions and malicious attacks. Aviation organizations can leverage a robust endpoint management solution to manage and protect all endpoints from vulnerability threats. 

3. Authorized Access 

Ensuring that only authorized personnel access sensitive data is critical for maintaining data security and integrity. This involves implementing robust identity and access management (IAM) solutions to control who can access what information and when. The aviation industry has a diverse workforce, which includes pilots, ground staff, maintenance crews, and administrative personnel, managing each of their access rights is a tedious task for IT admins. A data breach in an airline company or an airport can have catastrophic consequences, leading to unauthorized access to flight control systems or passenger data. 

4. Securing Large Volumes of Customer-sensitive Data

The aviation industry manages vast amounts of sensitive customer data, including personal identification details, travel itineraries, and payment information. Protecting this data from breaches is crucial. Recent incidents highlight the urgency, a Hong Kong-based airline experienced a breach affecting 9.4 million passenger records, while a UK-based airline lost 9 million customer records to hackers[3]

Similarly, an Indian airline suffered a breach that exposed sensitive data, including credit card information and frequent flyer details, of approximately 4.5 million customers[4]. It is a crucial challenge to safeguard data during transmission and storage and ensure compliance with various data protection laws. 

Key Features of UEM for Adhering to Compliance and Upkeeping Security in the Aviation Industry

Unified endpoint management (UEM) solution transforms the above complexities into streamlined and secure operations. It serves as a centralized and intuitive solution to address the compliance and security challenges faced by airports. 

1. Centralized Management 

UEM solution extends centralized control through a unified dashboard or console. Devices in an airport environment operate 24/7, requiring constant monitoring from IT. A unified management console provides this visibility, helping minimize any oversight. By enabling IT admins to respond promptly to routine operations and any issues that arise UEM offers real-time visibility into the entire device ecosystem, providing instant insights into each device’s status, health, and performance.

2. Data Encryption

Robust data encryption is essential for protecting the confidentiality and integrity of passenger data, a critical requirement under GDPR. UEM solutions enforce strong passcode policies and ensure sensitive data stored on devices is encrypted, safeguarding it from unauthorized access. This feature addresses security concerns by preventing data breaches and ensuring compliance with ICAO data protection regulations.

3. Geofencing & Location Tracking

Geofencing and location tracking capabilities enhance the management and control of device whereabouts, ensuring streamlined operations and staff safety. For example, geofencing can restrict the ground staff’s access to no-entry areas such as runways. 

IT admins can monitor if airport personnel aren’t at their designated place and can quickly locate them with location tracking. while location tracking can quickly locate personnel. These features are important for streamlined operations and aviation staff safety.

4. OS Updates and Software Deployments

UEM allows admins to execute updates, patches, and software deployments seamlessly across all devices from a centralized dashboard. Regular updates ensure that devices are equipped with the latest features and security protocols, reducing the risk of vulnerabilities that could lead to non-compliance. This feature helps maintain the integrity and security of the device ecosystem, ensuring continuous compliance with regulatory standards.

5. Access Controls

Setting and managing access controls ensures that only authorized personnel can access specific device features or functionalities. UEM solutions for aviation offer a range of access control features, such as role-based access control, which provides user access based on their role in the organization. For instance, enforcing access controls will restrict the access of ground staff to sensitive files with customer information. These controls are essential for maintaining compliance with regulatory requirements and protecting sensitive data from unauthorized access.

6. Policy Enforcement

Consistent policy enforcement across all devices is critical for airport device management. A UEM solution allows administrators to set and enforce policies related to security, usage, and configurations, fostering a standardized and secure operational environment. 

Policies can vary based on staff roles, and UEM enables admins to create device and user groups to apply these policies seamlessly. Each airport is unique, and UEM offers customizable policies that administrators can tailor to the specific needs and nuances of their operational environment, ensuring UEM aligns seamlessly with the airport’s workflow.

7. Remote Lock and Wipe 

If a device gets lost or stolen, with remote wipe and lock feature, IT admins can erase all the sensitive data from the device. This feature prevents unauthorized access to confidential information, mitigating the risk of data breaches. UEM solutions help airports comply with data protection regulations and maintain a strong security posture by ensuring consistent data security.  

8. Kiosk Mode

Kiosk mode restricts devices to specific applications and functionalities, ensuring that they are used only for their intended purposes. This feature is particularly useful in securing devices used by passengers, such as self-service kiosks and seatback entertainment systems. It helps prevent unauthorized access and usage, thereby maintaining a secure and controlled environment. 

9. Broadcast Messages

Broadcast messages enable instant communication with all devices, which is essential during emergencies or critical updates. For instance, in the event of a security threat, IT teams at airports can quickly send out alerts and instructions to all managed devices, ensuring a coordinated and swift response. 

Ensure Compliance and Security in Aviation with UEM 

Aviation is a rapidly evolving and highly competitive industry, where operational excellence is necessary for maintaining compliance and security. Unified endpoint management (UEM) solutions like Scalefusion UEM offer various data and device security features, enabling airline IT professionals to manage diverse device ecosystems and safeguard sensitive information. 

As airports and airlines adopt digital transformation initiatives, the role of UEM becomes critical. Moreover, Scalefusion offers comprehensive capabilities that address aviation challenges – on the ground and in flight. Scalefusion enhances operational efficiency among the airline staff and delivers a safer, more connected travel experience for passengers while ensuring aviation safety and compliance and maintaining security. 

Contact our experts to schedule a demo and experience how Scalefusion UEM maintains compliance and security. Get started by signing up for a 14-day free trial today!

References 

1. Air Traffic Management

2. Iubenda

3. & 4.  SISA

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Linux Security Best Practices

Linux security is top of mind these days as CentOS Linux, one of the most popular open source Enterprise Linux distributions, just sunsetted its final version. No more updates or patches will be released from the community, and it is estimated that there are still tens of thousands of servers running end-of-life CentOS

Whether you are still on CentOS or on another Linux distro, knowing how to secure your Linux server is essential to protecting your systems and keeping unauthorized people and malicious code/malware out.

In this blog, read about Linux security best practices, including some setup/configuration “shortcuts” that can actually weaken your security and increase your risk.

Linux Security: Overview

There are many reasons why you should (or must) secure your Linux servers, but the top two that immediately come to mind are compliance and accountability. 

Compliance Requirements

There are a number of scenarios where securing your Linux server is mandatory. For example:

  • If you process or store any credit card information, there are requirements to secure your server.
  • If you handle medical data, there are HIPAA security requirements.
  • You may have security policies within your company that you need to adhere to.
  • If you interface with 3rd parties, there may be security agreements that all parties need to comply with.

If any of the above apply to your organization, securing your Linux server is not optional. 

Get more information about open source compliance >>

Accountability

  • Having tight security can furnish you with favorable answers when prospects or customers ask about your company’s security history, which is far better than the alternative (aka having a bad reputation due to lax security).  
  • If a security issue does occur, your company could be legally liable to have implemented certain security measures. 

Regardless of why you feel it is necessary to keep your Linux server secure (or how you justify it to others in your company), properly implemented Linux security measures will undoubtedly benefit your business beyond any potential inconveniences that may come to mind when security is mentioned.

Back to top

Common Linux Security Vulnerabilities 

When most people think about Linux vulnerabilities, they think of bugs in software which can result in potential security risks. Recently, CVE-2024-6387 and CVE-2024-6409 were disclosed, and both are vulnerabilities within the OpenSSH package on EL9 (and EL9-based distributions). Very few systems use insecure remote access methods like Telnet these days, but it used to be that you had a choice of having the default Telnet access and/or installing SSH. Luckily, SSH became the default for remote access, but it is still necessary to keep it up-to-date in order to continue enjoying the security that using it provides.

Security vulnerabilities can show up in almost any package. For instance, CVE-2021-43527 is a CVSS score 9.8 remote code execution vulnerability in nss, CVE-2022-25315 is a CVSS score 9.8 overflow/DoS/arbitrary code execution vulnerability in expat, and CVE-2021-35942 is a CVSS score 9.1 overflow/arbitrary memory read vulnerability in glibc. Last year, the high severity Looney Tunables vulnerability (CVE-2023-4911) impacted numerous Linux distributions including CentOS 8, and a critical libwebp vulnerability (CVE-2023-4863) allowed essential heap data structures to be overwritten in CentOS 7 and 8, as well as other open source software that uses the popular code library (NGINX, WordPress, Node.js, and others). 

Note: OpenLogic provides CentOS patches for CVEs with CVSS score of 7 or higher for our CentOS LTS customers.

Vulnerabilities (and the bad actors that exploit them) are somewhat beyond our control — but there are other things that can weaken Linux security we can address. I’m talking about choices that get made to save time/effort and make implementation easy, or issues that are do not seem high priority enough to get taken care of in a timely manner. 

Here are a few examples:

  • Using passwordless ssh keys so you don’t have to type your password over and over each day or having the system auto-login when it boots (“Nobody is allowed to touch my workstation.”)
  • Leaving root logged in at the console (“I’m the only one who comes into the data center.”)
  • Turning off SELinux (“It’s too difficult to get it working properly.”)
  • Not updating some or all of the packages on a system (“It’s working right now and I don’t want to risk breaking anything.”)
  • Leaving accounts on a system after an employee has left the company (“They can’t get into our network anymore so there’s no rush to remove their accounts.”)
  • Keeping mission-critical systems running on End-of-Life distributions (“I have too many other things on my to-do list and these have been working just fine for years!”)

Main point: cutting corners when it comes to Linux security is never a good idea and can come back to haunt you.

Back to top

8 Steps to Secure Your Linux Server

In addition to not doing any of the shortcuts above, here are 8 best practices that you should consider:

  1. Harden systems to specific security standards (CIS Benchmarks, PCI-DSS, STIG, etc.) 

Even if there aren’t any explicit requirements to do this, it’s a good idea. This can be made easier by using pre-hardened images. These images can either be created in-house or obtained from a trusted 3rd party like OpenLogic.

Most benchmarks will test and configure the system through hundreds of checks, such as automatically disconnecting idle sessions, and raise flags if auto-login is enabled, or accounts without passwords are detected, and so on. 

    2. Use (and require) strong passwords

Social media is filled with fun little quizzes about your pet’s name, your childhood address, what year you were married, and so forth. First of all, don’t fall for these social engineering tricks that try to get you to share information commonly used in passwords or security questions. If you do accidentally share info like this, a strong password means hackers won’t have enough information to easily figure out how to access your accounts.

Security benchmarks typically configure the system to enforce this, too.

    3. Keep systems updated

You not only need to keep the OS updated but also all of the apps (and any dependencies) on the system.

The fear of breaking something due to an update can be alleviated by having a lab/staging environment where you can test updates (and other changes) in isolation before deploying to production.

If a lab/staging environment is not available, consider a phased deployment to a few systems that, if problems occur, can be taken offline, repaired, and then brought back online.

    4. Plan to migrate systems before they reach end of life (EOL)

True Enterprise Linux distributions have known lifecycles from release through end of life. This information can be used to plan when to upgrade from one OS to another from the start instead of near (or after) the published EOL date.

If they do reach EOL, procure long-term support for the OS and packages/services (such as the CentOS support available from OpenLogic for 5 years after the EOL date).

    5. Implement MFA (Multi-Factor Authentication)

MFA adds another layer of access security for each account so a misplaced Post-It note with your new password on it or a lost thumb drive that contains an SSH key doesn’t automatically allow access to whomever sees/finds it.

    6. Use system configuration to deploy and validate configuration and security consistently

Not only can tools like Ansible or Puppet help with the initial launch of your systems, they can also be used to maintain ongoing compliance and updates of those systems, and reduce MTTR in Disaster Recover (DR) situations in the event that systems need to be rebuilt from scratch.

Comparing configuration management tools for enforcing Linux security? Here’s what to know about Ansible vs. Puppet >>

    7. Incorporate SELinux from the start (and don’t disable it or leave it in passive mode)

The most common SELinux-related problems that are difficult to resolve are due to development and testing (and sometimes, staging) being done with SELinux disabled and the placement of files and directories being where SELinux doesn’t know how to handle them. Then, when SELinux is finally enabled (typically in staging but sometimes in production), everything breaks and SELinux is disabled again and left that way. By placing your files in locations that adhere to SELinux’s expectations, local SELinux policies can be minimized or eliminated.

    8. Stay on top of account maintenance

By incorporating centralized authentication such as some combination of FreeIPA, Directory Services, SSO, Kerberos, and RADIUS, it becomes very easy to activate, deactivate, or update accounts and their permissions. Most high-end network gear also supports centralized authentication so your entire infrastructure can be secured the same way.

If you don’t have centralized authentication, use tools (like the aforementioned Ansible or Puppet) to keep accounts stored locally on each system in-sync.

Back to top

Final Thoughts 

Unfortunately, there is no shortage of bad actors looking to compromise your system to steal data or otherwise cause harm to your business. Having a secure Linux server and strong Linux security measures means you can sleep well at night because you’re not worried about all of the potential attacks that you have no defenses against, and you’re not prepared for. 

About Perforce
The best run DevOps teams in the world choose Perforce. Perforce products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, improve security and compliance, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.