Open Source Security Foundation

Last updated
Open Source Security Foundation
AbbreviationOpenSSF
Predecessor Core Infrastructure Initiative
Formation2020;5 years ago (2020)
Type Nonprofit
PurposeConsolidating industry efforts to improve the security of open source software
Location
Region served
Worldwide
Membership116 [1]
General Manager
 Atoyeje Michael
Parent organization
 Linux Foundation
Website openssf.org OOjs UI icon edit-ltr-progressive.svg

The Open Source Security Foundation (OpenSSF) is a cross-industry forum for collaborative improvement of open-source software security. [2] [3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem. [4]

Contents

History

The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project. [5] [6]

In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time general manager. [7] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new general manager, and Behlendorf became CTO of the organization. [8]

Activity

Working Groups and Projects

The OpenSSF houses various initiatives under its 10 current working groups. [9] [10] The OpenSSF also houses two projects: the code signing and verification service Sigstore [11] and Alpha-Omega, a large-scale effort to improve software supply chain security. [12]

Policy

The White House held a meeting on software security with government and private sector stakeholders on January 13, 2022. [13] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments. [14] [15] In August 2023, the OpenSSF served as an advisor for DARPA's AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity. [16] In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software. [17]

See also

References

  1. "Members". Open Source Security Foundation. Retrieved 2024-07-12.
  2. "Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation". infoq.com. Retrieved 10 August 2022.
  3. "Uniting for better open-source security: The Open Source Security Foundation". ZDNet. Retrieved 10 August 2022.
  4. "OpenSSF details advancements in open-source security efforts". VentureBeat. 2022-06-21. Retrieved 2023-01-10.
  5. Anderson, Tim. "Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns". www.theregister.com. Retrieved 2023-05-22.
  6. "Home". Core Infrastructure Initiative. Retrieved 2023-01-20.
  7. "Tech giants commit $10M annually to Open Source Security Foundation". VentureBeat. 2021-10-13. Retrieved 2023-05-22.
  8. danwillis (2023-05-12). "Cross-industry organisation OpenSSF snaps up $5m". FinTech Global. Retrieved 2023-05-22.
  9. Zorz, Mirko (2024-07-12). "Enhancing open source security: Insights from the OpenSSF on addressing key challenges". Help Net Security. Retrieved 2023-05-22.
  10. "OpenSSF Working Groups". Open Source Security Foundation. Retrieved 2023-05-22.
  11. Vizard, Mike (2022-10-27). "Sigstore Code Signing Service Becomes Generally Available". DevOps.com. Retrieved 2023-05-22.
  12. Vaughan-Nichols, Steven J. (2022-10-06). "Alpha-Omega Dishes out Cash to Secure Open Source Projects". The New Stack. Retrieved 2023-05-22.
  13. House, The White (2022-01-14). "Readout of White House Meeting on Software Security". The White House. Retrieved 2023-05-22.
  14. Vaughan-Nichols, Steven J. (2023-01-24). "OpenSSF Aimed to Stem Open Source Security Problems in 2022". The New Stack. Retrieved 2023-05-22.
  15. Page, Carly (2022-05-16). "Tech giants pledge $$ to boost open source software security". TechCrunch. Retrieved 2023-05-22.
  16. "DARPA AI Cyber Challenge Aims to Secure Nation's Most Critical Software". www.darpa.mil. Retrieved 2023-09-27.
  17. Vasquez, Christian (2023-09-13). "Washington summit grapples with securing open source software". CyberScoop. Retrieved 2023-09-27.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.