The extended Berkeley Packet Filter, which can run sandboxed programs in an operating system kernel, is moving beyond Linux. Credit: Thinkstock Companies including Microsoft, Google, and Facebook are backing an initiative to promote the extended Berkley Packet Filter (eBPF), technology that enables developers to safely embed programs in any piece of software including operating system kernels. Hosted by the Linux Foundation, the new eBPF Foundation, which was unveiled August 12, plans to expand eBPF and extend it beyond Linux. The eBPF Foundation will be the home for eBPF open source projects and drive adoption of eBPF and participation in the eBPF community. Other founding members include Netflix and Isovalent. With origins in the Linux kernel, eBPF enables running of sandboxed programs in an OS kernel, with kernel capabilities extended without changing kernel source code or loading kernel modules. It is becoming the method of choice for a range of infrastructure cases, the Linux Foundation said. Facebook, for example, has been using eBPF in its primary software-defined load balancer in its data centers while Google has used eBPF-based networking and security with managed Kubernetes offerings GKE and Anthos, via Cilium eBPF technology. Positioned as changing the way operating systems and infrastructure services are designed, eBPF bridges the boundary between kernel and user space. It is considered a leap forward in open source technology for networking, security, application profiling and tracing, and system observability use cases. With eBPF, the OS kernel becomes programmable, enabling infrastructure software to leverage existing layers, making them more intelligent, scalable, and feature-rich while not adding additional layers of complexity to the system. Software DevelopmentSecurityTechnology IndustryOpen SourceSmall and Medium Business