How Intel is making open source accessible to all developers
In this Help Net Security interview, Arun Gupta, Vice President and General Manager for Open Ecosystem, Intel, discusses the company’s commitment to fostering an open ecosystem as a cornerstone of its software strategy. He explains how this approach empowers developers and shapes Intel’s broader technology and business objectives, enhancing platform innovation.
Gupta emphasizes that by actively participating in open-source initiatives, Intel aims to lower complexity and improve security, ultimately enabling developers to create impactful solutions in the evolving landscape of artificial intelligence and beyond.
Intel has committed to fostering an open ecosystem as part of its overall software strategy. Can you elaborate on what “open ecosystem” means in this context and how it’s shaping the company’s broader business and technology goals?
Today, developers working in artificial intelligence (AI) and beyond are faced with challenges that impede widespread deployment of solutions that range from client and edge to data center and cloud. Intel is committed to addressing these challenges with a broad software-defined, silicon-accelerated approach that is grounded in openness, choice, trust and security.
Intel fosters an open ecosystem strategy to empower developers to innovate across all layers of the software stack; our platforms, tools and solutions are designed to lower complexity and improve productivity, portability and performance while keeping workloads secure. As part of this strategy, Intel actively participates in open source and has done so from the beginning. We believe innovation thrives in a collaborative environment.
We have been the largest corporate contributor to Linux since 2007, and a top contributor to PyTorch, TensorFlow, OpenJDK and Kubernetes. Our engineers contribute to hundreds of open source projects – most of which are done upstream and are available in downstream distros to ensure software is optimized for Intel architecture – and develop, design and release open source software to the community. With this strategy, Intel also works closely with industry groups like the Linux Foundation, AI Alliance, the LF AI & Data Foundation and the Cloud Native Computing Foundation, and adheres to their respective codes of conduct, making AI more accessible to all.
Shifting from a closed to an open source culture can be complex. What internal cultural changes did Intel embrace to support this strategy, and how does the company measure success in these cultural shifts?
An open culture has been the norm at Intel for multiple decades. We have been contributing to the GNU Compiler Collection (GCC) since 1989, and both our depth and breadth of contributions to open source projects have increased since then. Now, we contribute to 300+ open source community-managed projects and have 750+ Intel-managed open source projects.
This open culture is directly tied to our customer-first value. Intel products are available in a wide range of compute platforms including data center, cloud, client, network and edge. Our customers expect open source projects to work in the most optimal manner, out of the box. There are dedicated teams within Intel that contribute to these open source projects and ensure they can leverage the latest features of our silicon.
Employees in the company are encouraged to take different roles in an open source project. This could be the role of a maintainer, an administrative role in an open source foundation, or other chop-wood-carry-water roles that are essential to keeping open source projects running.
We also have a flourishing InnerSource practice. This allows engineers to learn the practice of open source inside the company. A unified source control system has allowed us to have a consistent security footprint across the repos, enables easier discovery, and more consistency. It provides a safe ground for developers to practice open source skills and fosters a sense of trust and collaboration amongst team members that are typical in open source projects.
In addition, engineers are encouraged to speak at annual open source conferences like KubeCon, PyTorch Conference and ApacheCon. This allows them to meet other fellow developers and come back with a renewed sense of energy for contributions to open source. You can read more at Intel’s Commitment to Open Source.
Security is often a concern with open source software. What strategies does Intel employ to ensure security within its open source projects, and how does it address security vulnerabilities?
At Intel, we continue to invest resources in the next generation of software security technologies and to advance security within the community.
We have a vibrant Open Source Program Office (OSPO). They keep track of open source consumption and production and perform risk assessments on the identified projects. This allows them to prioritize security through tracking Common Vulnerabilities and Exposures (CVEs) and establishing upgrade schedules. They provide advocacy on secure coding practices, dependency management, and choosing reliable dependencies. They work very closely with legal and security teams inside Intel to enforce these policies.
We are actively involved in Open Source Security Foundation (OpenSSF), of which Intel was a founding member. OpenSSF is a collaborative effort that brings together leaders to improve the security of open source software through the development and promotion of technologies, standards and best practices. I took over the Governing Board responsibilities for Intel over a year ago, and it’s been a unique opportunity to actively shape the direction and impact of an organization that is committed to improving the posture of open source security for all.
We actively monitor all the public repositories and ensure they are actively maintained. We have processes in place to mitigate systemic vulnerabilities in Intel-managed open source projects that might propagate into the technology ecosystem. We also run OpenSSF scorecard across all our public repositories. This automated tool uses a pre-defined set of heuristics associated with software security and provides a cumulative score across all the heuristics. These scores help us identify specific areas to improve to strengthen the security posture of ongoing projects.
Additionally, we have mature processes in place to ensure ongoing security assurance, including our Security Development Lifecycle (SDL), Product Security Incident Response Team (PSIRT) and Bug Bounty program. As new threats emerge and vulnerabilities are found, Intel remains committed to growing, adapting and relentlessly advancing security assurance through bug bounty programs, coordinated vulnerability disclosures and impactful researcher collaboration.
At Intel, we continue to broaden our software portfolio to adapt to an open source environment – enabling better security is at the forefront of this mission, alongside enhancing AI capabilities and improving performance. These advancements are aimed at providing enterprise developers with improved reliability and protection in their open ecosystems.
Generative AI (GenAI) is growing, and Intel is investing in open source AI frameworks. How does Intel approach the unique challenges of open source in GenAI, and what differentiates its approach from proprietary AI solutions?
Intel is dedicated in leading the industry through open ecosystems because we believe it is the only way to adopt AI responsibly. Proprietary AI systems restrict access to code to the company that creates it, leaving innovation up to a small number of companies with ample resources, whereas open ecosystems level that playing field. As such, Intel has embraced industry collaboration and the sharing of information to drive industry-wide technological advances forward.
In April, LF AI & Data launched the Open Platform for Enterprise AI (OPEA) to bring industry players – including Intel – together to create enterprise GenAI solutions in an open ecosystem. Now with more than 45 partners (the newest additions being AMD, ByteDance and Infosys) and 20+ GenAI use cases, the program continues to gain momentum. In September, we helped oversee the OPEA 1.0 release, which included new microservice optimizations and experiential LLM model training support, among other features.
We hope that OPEA will allow for open competition and collaboration to enable the creation of open, multi-provider, robust and composable GenAI solutions that harness the best innovation across the ecosystem. Intel’s leadership and engagement in projects like OPEA can provide the industry with standardized, secure and performant GenAI solutions that the enterprise can innovate on top of.
Open source relies heavily on collaboration. How is Intel fostering a developer-friendly environment and contributing to a vibrant ecosystem that aligns with the company’s innovation goals?
At Intel, we’re committed to expanding choice and trust for developers, and fostering an open ecosystem is the foundation of this approach. An open ecosystem helps enable many different players, including Intel, to disrupt and create new markets. Our open source contributions ensure developers can deploy solutions to any corner of the globe without vendor lock-in. This approach helps enable them to make a global impact, be more productive and drive community innovation.
We learn what developers need to innovate through a range of initiatives. For example, we engage with college students at the undergraduate and graduate level. This allows students to build necessary skills to contribute to open source projects. Students are often the most vocal champions of Intel technology and create a viral effect by sharing knowledge with others at the university.
Intel actively empowers developers by delivering content through diverse channels such as events, hackathons, workshops, tutorials, blogs, videos, podcasts and more. We meet the developers where they are and follow a methodology where a deeply technical content is delivered to developers by developers. It allows them to build solutions and gain knowledge that can be directly applied in their environment.
We apply a “think globally, act locally” philosophy as it enhances relevance and engagement by tailoring initiatives to meet the unique needs of specific communities. We have local teams in different geographic regions that help us scale the delivery of a consistent developer strategy across the world. By localizing content and experiences, developers are more easily able to connect with Intel and participate in trainings enthusiastically. Acting locally builds trust and authentic relationships, fostering a sense of community and loyalty. In addition, it enables adaptability, allowing us to respond swiftly to regional changes or trends.
Must read:
- 33 open-source cybersecurity solutions you didn’t know you needed
- 20 free cybersecurity tools you might have missed
- 15 open-source cybersecurity tools you’ll wish you’d known earlier
- 20 essential open-source cybersecurity tools that save you time