Open Source Security Foundation

Last updated
Open Source Security Foundation
AbbreviationOpenSSF
Predecessor Core Infrastructure Initiative
Formation2020;4 years ago (2020)
Type Nonprofit
PurposeConsolidating industry efforts to improve the security of open source software
Location
Region served
Worldwide
Membership
94 [1]
General Manager
 Omkhar Arasaratnam
Parent organization
 Linux Foundation
Website openssf.org OOjs UI icon edit-ltr-progressive.svg

The Open Source Security Foundation (OpenSSF) is a cross-industry forum for collaborative improvement of open-source software security. [2] [3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem. [4]

Contents

History

The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project. [5] [6]

In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time general manager. [7] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new general manager, and Behlendorf became CTO of the organization. [8]

Activity

Working Groups and Projects

The OpenSSF houses various initiatives under its 8 current working groups. [9] [10] The OpenSSF also houses two projects: the code signing and verification service Sigstore [11] and Alpha-Omega, a large-scale effort to improve software supply chain security. [12]

Policy

The White House held a meeting on software security with government and private sector stakeholders on January 13, 2022. [13] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments. [14] [15] In August 2023, the OpenSSF served as an advisor for DARPA's AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity. [16] In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software. [17]

See also

Related Research Articles

<span class="mw-page-title-main">DARPA</span> Agency of the U.S. Department of Defense

The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military.

<span class="mw-page-title-main">Brian Behlendorf</span> American computer programmer and executive

Brian Behlendorf is an American technologist, executive, computer programmer and leading figure in the open-source software movement. He was a primary developer of the Apache Web server, the most popular web server software on the Internet, and a founding member of the Apache Group, which later became the Apache Software Foundation. Behlendorf served as president of the foundation for three years. He has served on the board of the Mozilla Foundation since 2003, Benetech since 2009, and the Electronic Frontier Foundation since 2013. Behlendorf served as the General Manager of the Open Source Security Foundation (OpenSSF) from 2021-2023 and is currently the Chief Technology Officer of the OpenSSF.

<span class="mw-page-title-main">David Bader (computer scientist)</span> American computer scientist

David A. Bader is a Distinguished Professor and Director of the Institute for Data Science at the New Jersey Institute of Technology. Previously, he served as the Chair of the Georgia Institute of Technology School of Computational Science & Engineering, where he was also a founding professor, and the executive director of High-Performance Computing at the Georgia Tech College of Computing. In 2007, he was named the first director of the Sony Toshiba IBM Center of Competence for the Cell Processor at Georgia Tech.

<span class="mw-page-title-main">Linux Foundation</span> Non-profit technology consortium to develop the Linux operating system

The Linux Foundation (LF) is a non-profit organization established in 2000 to support Linux development and open-source software projects.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

SpiderOak Inc. is a US-based software company focused on satellite cybersecurity.

Homeland Open Security Technology (HOST) is a five-year, $10 million program by the Department of Homeland Security's Science and Technology Directorate to promote the creation and use of open security and open-source software in the United States government and military, especially in areas pertaining to computer security.

The OpenPOWER Foundation is a collaboration around Power ISA-based products initiated by IBM and announced as the "OpenPOWER Consortium" on August 6, 2013. IBM's focus is to open up technology surrounding their Power Architecture offerings, such as processor specifications, firmware, and software with a liberal license, and will be using a collaborative development model with their partners.

<span class="mw-page-title-main">Briar (software)</span> Mesh-networking and messaging app

Briar is an open-source software communication technology, intended to provide secure and resilient peer-to-peer communications with no centralized servers and minimal reliance on external infrastructure. Messages can be transmitted through Bluetooth, Wi-Fi, over the internet via Tor or removable storage, such as USB sticks. All communication is end-to-end encrypted. Relevant content is stored in encrypted form on participating devices. Long-term plans for the project include support for distributed applications such as crisis mapping and collaborative document editing.

GitLab Inc. is an open-core company that operates GitLab, a DevOps software package that can develop, secure, and operate software. The open-source software project was created by Ukrainian developer Dmytro Zaporozhets and Dutch developer Sytse Sijbrandij. In 2018, GitLab Inc. was considered to be the first partly-Ukrainian unicorn.

<span class="mw-page-title-main">GPUOpen</span> Middleware software suite

GPUOpen is a middleware software suite originally developed by AMD's Radeon Technologies Group that offers advanced visual effects for computer games. It was released in 2016. GPUOpen serves as an alternative to, and a direct competitor of Nvidia GameWorks. GPUOpen is similar to GameWorks in that it encompasses several different graphics technologies as its main components that were previously independent and separate from one another. However, GPUOpen is partially open source software, unlike GameWorks which is proprietary and closed.

<span class="mw-page-title-main">Librem</span> Computer line by Purism featuring free software

Librem is a line of computers manufactured by Purism, SPC featuring free (libre) software. The laptop line is designed to protect privacy and freedom by providing no non-free (proprietary) software in the operating system or kernel, avoiding the Intel Active Management Technology, and gradually freeing and securing firmware. Librem laptops feature hardware kill switches for the microphone, webcam, Bluetooth and Wi-Fi.

The 2016 Cyber Grand Challenge (CGC) was a challenge created by The Defense Advanced Research Projects Agency (DARPA) in order to develop automatic defense systems that can discover, prove, and correct software flaws in real-time.

<span class="mw-page-title-main">OpenBMC</span> Open source implementation of the Baseboard Management Controllers (BMC) Firmware Stack

The OpenBMC project is a Linux Foundation collaborative open-source project that produces an open source implementation of the baseboard management controllers (BMC) firmware stack. OpenBMC is a Linux distribution for BMCs meant to work across heterogeneous systems that include enterprise, high-performance computing (HPC), telecommunications, and cloud-scale data centers.

Microsoft, a technology company historically known for its opposition to the open source software paradigm, turned to embrace the approach in the 2010s. From the 1970s through 2000s under CEOs Bill Gates and Steve Ballmer, Microsoft viewed the community creation and sharing of communal code, later to be known as free and open source software, as a threat to its business, and both executives spoke negatively against it. In the 2010s, as the industry turned towards cloud, embedded, and mobile computing—technologies powered by open source advances—CEO Satya Nadella led Microsoft towards open source adoption although Microsoft's traditional Windows business continued to grow throughout this period generating revenues of 26.8 billion in the third quarter of 2018, while Microsoft's Azure cloud revenues nearly doubled.

The Cloud Native Computing Foundation (CNCF) is a Linux Foundation project that was started in 2015 to help advance container technology and align the tech industry around its evolution.

GitHub Copilot is a code completion tool developed by GitHub and OpenAI that assists users of Visual Studio Code, Visual Studio, Neovim, and JetBrains integrated development environments (IDEs) by autocompleting code. Currently available by subscription to individual developers and to businesses, the generative artificial intelligence software was first announced by GitHub on 29 June 2021, and works best for users coding in Python, JavaScript, TypeScript, Ruby, and Go. In March 2023 GitHub announced plans for "Copilot X", which will incorporate a chatbot based on GPT-4, as well as support for voice commands, into Copilot.

<span class="mw-page-title-main">OpenHarmony</span> Family of open-source operating systems based on OpenHarmony

OpenAtom OpenHarmony, or abbreviated as OpenHarmony (OHOS), is a family of open-source distributed operating systems based on HarmonyOS derived from LiteOS, donated the L0-L2 branch source code by Huawei to the OpenAtom Foundation. Similar to HarmonyOS, the open-source distributed operating system is designed with a layered architecture, which consists of four layers from the bottom to the top, i.e., the kernel layer, system service layer, framework layer, and application layer. It is also an extensive collection of free software, which can be used as an operating system or can be used in parts with other operating systems via Kernel Abstraction Layer subsystems.

Over the years, the U.S. Defense Advanced Research Projects Agency (DARPA) has conducted a number of prize competitions to spur innovations. A prize competition allows DARPA to establish an ambitious goal, which makes way for novel approaches from the public that might otherwise appear too risky to undertake by experts in a particular discipline.

References

  1. "Members". Open Source Security Foundation. Retrieved 2023-05-22.
  2. "Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation". infoq.com. Retrieved 10 August 2022.
  3. "Uniting for better open-source security: The Open Source Security Foundation". ZDNet. Retrieved 10 August 2022.
  4. "OpenSSF details advancements in open-source security efforts". VentureBeat. 2022-06-21. Retrieved 2023-01-10.
  5. Anderson, Tim. "Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns". www.theregister.com. Retrieved 2023-05-22.
  6. "Home". Core Infrastructure Initiative. Retrieved 2023-01-20.
  7. "Tech giants commit $10M annually to Open Source Security Foundation". VentureBeat. 2021-10-13. Retrieved 2023-05-22.
  8. danwillis (2023-05-12). "Cross-industry organisation OpenSSF snaps up $5m". FinTech Global. Retrieved 2023-05-22.
  9. Zorz, Mirko (2023-05-18). "Enhancing open source security: Insights from the OpenSSF on addressing key challenges". Help Net Security. Retrieved 2023-05-22.
  10. "OpenSSF Working Groups". Open Source Security Foundation. Retrieved 2023-05-22.
  11. Vizard, Mike (2022-10-27). "Sigstore Code Signing Service Becomes Generally Available". DevOps.com. Retrieved 2023-05-22.
  12. Vaughan-Nichols, Steven J. (2022-10-06). "Alpha-Omega Dishes out Cash to Secure Open Source Projects". The New Stack. Retrieved 2023-05-22.
  13. House, The White (2022-01-14). "Readout of White House Meeting on Software Security". The White House. Retrieved 2023-05-22.
  14. Vaughan-Nichols, Steven J. (2023-01-24). "OpenSSF Aimed to Stem Open Source Security Problems in 2022". The New Stack. Retrieved 2023-05-22.
  15. Page, Carly (2022-05-16). "Tech giants pledge $$ to boost open source software security". TechCrunch. Retrieved 2023-05-22.
  16. "DARPA AI Cyber Challenge Aims to Secure Nation's Most Critical Software". www.darpa.mil. Retrieved 2023-09-27.
  17. Vasquez, Christian (2023-09-13). "Washington summit grapples with securing open source software". CyberScoop. Retrieved 2023-09-27.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.