Jump to content

User:Llightex/Open Source Security Foundation

From Wikipedia, the free encyclopedia
Open Source Security Foundation
AbbreviationOpenSSF
PredecessorCore Infrastructure Initiative
Formation2020; 4 years ago (2020)
TypeNonprofit
PurposeConsolidating industry efforts to improve the security of open source software
Location
Region served
Worldwide
Membership
94[1]
General Manager
Omkhar Arasaratnam
Chief Technology Officer
Brian Behlendorf
Parent organization
Linux Foundation

The Open Source Security Foundation (OpenSSF) is a cross-industry forum for a collaborative effort to improve open-source software security.[2][3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.[4]

History

[edit]

The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project.[5][6] The list of founding governing board members includes GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat.[7] Other founding members include GitLab, HackerOne, Intel, Okta, Purdue, Uber, and VMware.[7]

In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time General Manager.[8] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new General Manager, and Behlendorf became CTO of the organization.[9]

Activity

[edit]

Working Groups and Projects

[edit]

The OpenSSF houses various initiatives under its working groups.[10] The OpenSSF currently has eight working groups:[11]

  • Best Practices for Open Source Developers
  • Securing Software Repositories
  • End Users
  • Security Tooling
  • Identifying Security Threats in Open Source Projects
  • Supply Chain Integrity
  • Securing Critical Projects
  • Vulnerability Disclosures

The OpenSSF also houses two projects: the code signing and verification service Sigstore[12] and Alpha-Omega, a large-scale effort to improve software supply chain security.[13]

Policy

[edit]

After the Log4Shell vulnerability, the White House held a meeting on software security with government and private sector stakeholders on January 13, 2022.[14] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.[15][16]

See also

[edit]

References

[edit]
  1. ^ "Members". Open Source Security Foundation. Retrieved 2023-05-22.
  2. ^ "Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation". infoq.com. Retrieved 10 August 2022.
  3. ^ "Uniting for better open-source security: The Open Source Security Foundation". ZDNet. Retrieved 10 August 2022.
  4. ^ "OpenSSF details advancements in open-source security efforts". VentureBeat. 2022-06-21. Retrieved 2023-01-10.
  5. ^ Anderson, Tim. "Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns". www.theregister.com. Retrieved 2023-05-22.
  6. ^ "Home". Core Infrastructure Initiative. Retrieved 2023-01-20.
  7. ^ a b "Technology and Enterprise Leaders Combine Efforts to Improve Open Source Security - Open Source Security Foundation". openssf.org. 3 August 2020. Retrieved 10 August 2022.
  8. ^ "Tech giants commit $10M annually to Open Source Security Foundation". VentureBeat. 2021-10-13. Retrieved 2023-05-22.
  9. ^ danwillis (2023-05-12). "Cross-industry organisation OpenSSF snaps up $5m". FinTech Global. Retrieved 2023-05-22.
  10. ^ Zorz, Mirko (2023-05-18). "Enhancing open source security: Insights from the OpenSSF on addressing key challenges". Help Net Security. Retrieved 2023-05-22.
  11. ^ "OpenSSF Working Groups". Open Source Security Foundation. Retrieved 2023-05-22.
  12. ^ Vizard, Mike (2022-10-27). "Sigstore Code Signing Service Becomes Generally Available". DevOps.com. Retrieved 2023-05-22.
  13. ^ Vaughan-Nichols, Steven J. (2022-10-06). "Alpha-Omega Dishes out Cash to Secure Open Source Projects". The New Stack. Retrieved 2023-05-22.
  14. ^ House, The White (2022-01-14). "Readout of White House Meeting on Software Security". The White House. Retrieved 2023-05-22.
  15. ^ Vaughan-Nichols, Steven J. (2023-01-24). "OpenSSF Aimed to Stem Open Source Security Problems in 2022". The New Stack. Retrieved 2023-05-22.
  16. ^ Page, Carly (2022-05-16). "Tech giants pledge $$ to boost open source software security". TechCrunch. Retrieved 2023-05-22.
[edit]