Open Source Security Foundation

Last updated
Open Source Security Foundation
AbbreviationOpenSSF
Predecessor Core Infrastructure Initiative
Formation2020;3 years ago (2020)
Type Nonprofit
PurposeConsolidating industry efforts to improve the security of open source software
Location
Region served
Worldwide
Membership
94 [1]
General Manager
Omkhar Arasaratnam
Parent organization
 Linux Foundation
Website openssf.org OOjs UI icon edit-ltr-progressive.svg

The Open Source Security Foundation (OpenSSF) is a cross-industry forum for collaborative improvement of open-source software security. [2] [3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem. [4]

Contents

History

The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project. [5] [6]

In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time general manager. [7] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new general manager, and Behlendorf became CTO of the organization. [8]

Activity

Working Groups and Projects

The OpenSSF houses various initiatives under its 8 current working groups. [9] [10] The OpenSSF also houses two projects: the code signing and verification service Sigstore [11] and Alpha-Omega, a large-scale effort to improve software supply chain security. [12]

Policy

The White House held a meeting on software security with government and private sector stakeholders on January 13, 2022. [13] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments. [14] [15] In August 2023, the OpenSSF served as an advisor for DARPA's AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity. [16] In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software. [17]

See also

Related Research Articles

<span class="mw-page-title-main">Apache HTTP Server</span> Open-source web server software

The Apache HTTP Server is a free and open-source cross-platform web server software, released under the terms of Apache License 2.0. It is developed and maintained by a community of developers under the auspices of the Apache Software Foundation.

<span class="mw-page-title-main">DARPA</span> Agency of the U.S. Department of Defense responsible for the development of new technologies

The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military.

<span class="mw-page-title-main">Nat Friedman</span> American Investor

Nathaniel Dourif Friedman is an American technology executive and investor. He was the chief executive officer (CEO) of GitHub, and former Chairman of the GNOME Foundation. Friedman is currently a board member at the Arc Institute, and an advisor of Midjourney.

<span class="mw-page-title-main">Synopsys</span> American software company

Synopsys is an American electronic design automation (EDA) company headquartered in Sunnyvale, California, that focuses on silicon design and verification, silicon intellectual property and software security and quality. Synopsys supplies tools and services to the semiconductor design and manufacturing industry. Products include tools for logic synthesis and physical design of integrated circuits, simulators for development, and debugging environments that assist in the design of the logic for chips and computer systems. As of 2023, the company is a component of both the Nasdaq-100 and S&P 500 indices.

<span class="mw-page-title-main">Brian Behlendorf</span> American computer programmer and executive

Brian Behlendorf is an American technologist, executive, computer programmer and leading figure in the open-source software movement. He was a primary developer of the Apache Web server, the most popular web server software on the Internet, and a founding member of the Apache Group, which later became the Apache Software Foundation. Behlendorf served as president of the foundation for three years. He has served on the board of the Mozilla Foundation since 2003, Benetech since 2009, and the Electronic Frontier Foundation since 2013. Behlendorf served as the General Manager of the Open Source Security Foundation (OpenSSF) from 2021-2023 and is currently the Chief Technology Officer of the OpenSSF.

<span class="mw-page-title-main">David Bader (computer scientist)</span> American computer scientist

David A. Bader is a Distinguished Professor and Director of the Institute for Data Science at the New Jersey Institute of Technology. Previously, he served as the Chair of the Georgia Institute of Technology School of Computational Science & Engineering, where he was also a founding professor, and the executive director of High-Performance Computing at the Georgia Tech College of Computing. In 2007, he was named the first director of the Sony Toshiba IBM Center of Competence for the Cell Processor at Georgia Tech.

<span class="mw-page-title-main">Linux Foundation</span> Non-profit technology consortium to develop the Linux operating system

The Linux Foundation (LF) is a non-profit organization established in 2000 to support Linux development and open-source software projects. In addition to providing a neutral home where Linux kernel development can be protected and accelerated, the LF is dedicated to building sustainable ecosystems around open-source projects to accelerate technology development and commercial adoption.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

SpiderOak Inc. is a US-based software company focused on satellite cybersecurity.

<span class="mw-page-title-main">Open-core model</span> Business model monetizing commercial open-source software

The open-core model is a business model for the monetization of commercially produced open-source software. Coined by Andrew Lampitt in 2008, the open-core model primarily involves offering a "core" or feature-limited version of a software product as free and open-source software, while offering "commercial" versions or add-ons as proprietary software.

Homeland Open Security Technology (HOST) is a five-year, $10 million program by the Department of Homeland Security's Science and Technology Directorate to promote the creation and use of open security and open-source software in the United States government and military, especially in areas pertaining to computer security.

The OpenPOWER Foundation is a collaboration around Power ISA-based products initiated by IBM and announced as the "OpenPOWER Consortium" on August 6, 2013. IBM is opening up technology surrounding their Power Architecture offerings, such as processor specifications, firmware and software with a liberal license, and will be using a collaborative development model with their partners.

<span class="mw-page-title-main">Briar (software)</span> Mesh-networking and messaging app

Briar is an open-source software communication technology, intended to provide secure and resilient peer-to-peer communications with no centralized servers and minimal reliance on external infrastructure. Messages can be transmitted through Bluetooth, Wi-Fi, over the internet via Tor or removable storage, such as USB sticks. All communication is end-to-end encrypted. Relevant content is stored in encrypted form on participating devices. Long-term plans for the project include support for distributed applications such as crisis mapping and collaborative document editing.

<span class="mw-page-title-main">GitLab</span> Open-source Git software package

GitLab Inc. is an open-core company that operates GitLab, a DevOps software package that can develop, secure, and operate software. The open source software project was created by Ukrainian developer Dmytro Zaporozhets and Dutch developer Sytse Sijbrandij. In 2018, GitLab Inc. was considered to be the first partly-Ukrainian unicorn.

<span class="mw-page-title-main">GPUOpen</span> Middleware software suite

GPUOpen is a middleware software suite originally developed by AMD's Radeon Technologies Group that offers advanced visual effects for computer games. It was released in 2016. GPUOpen serves as an alternative to, and a direct competitor of Nvidia GameWorks. GPUOpen is similar to GameWorks in that it encompasses several different graphics technologies as its main components that were previously independent and separate from one another. However, GPUOpen is entirely open source software, unlike GameWorks which is proprietary and closed.

<span class="mw-page-title-main">Librem</span> Computer line by Purism featuring free software

Librem is a line of computers manufactured by Purism, SPC featuring free (libre) software. The laptop line is designed to protect privacy and freedom by providing no non-free (proprietary) software in the operating system or kernel, avoiding the Intel Active Management Technology, and gradually freeing and securing firmware. Librem laptops feature hardware kill switches for the microphone, webcam, Bluetooth and Wi-Fi.

<span class="mw-page-title-main">OpenBMC</span> Open source implementation of the Baseboard Management Controllers (BMC) Firmware Stack

The OpenBMC project is a Linux Foundation collaborative open-source project that produces an open source implementation of the baseboard management controllers (BMC) firmware stack. OpenBMC is a Linux distribution for BMCs meant to work across heterogeneous systems that include enterprise, high-performance computing (HPC), telecommunications, and cloud-scale data centers.

Microsoft, a technology company historically known for its opposition to the open source software paradigm, turned to embrace the approach in the 2010s. From the 1970s through 2000s under CEOs Bill Gates and Steve Ballmer, Microsoft viewed the community creation and sharing of communal code, later to be known as free and open source software, as a threat to its business, and both executives spoke negatively against it. In the 2010s, as the industry turned towards cloud, embedded, and mobile computing—technologies powered by open source advances—CEO Satya Nadella led Microsoft towards open source adoption although Microsoft's traditional Windows business continued to grow throughout this period generating revenues of 26.8 billion in the third quarter of 2018, while Microsoft's Azure cloud revenues nearly doubled.

The Cloud Native Computing Foundation (CNCF) is a Linux Foundation project that was founded in 2015 to help advance container technology and align the tech industry around its evolution.

GitHub Copilot is a cloud-based artificial intelligence tool developed by GitHub and OpenAI to assist users of Visual Studio Code, Visual Studio, Neovim, and JetBrains integrated development environments (IDEs) by autocompleting code. Currently available by subscription to individual developers and to businesses, the tool was first announced by GitHub on 29 June 2021, and works best for users coding in Python, JavaScript, TypeScript, Ruby, and Go.

References

  1. "Members". Open Source Security Foundation. Retrieved 2023-05-22.
  2. "Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation". infoq.com. Retrieved 10 August 2022.
  3. "Uniting for better open-source security: The Open Source Security Foundation". ZDNet. Retrieved 10 August 2022.
  4. "OpenSSF details advancements in open-source security efforts". VentureBeat. 2022-06-21. Retrieved 2023-01-10.
  5. Anderson, Tim. "Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns". www.theregister.com. Retrieved 2023-05-22.
  6. "Home". Core Infrastructure Initiative. Retrieved 2023-01-20.
  7. "Tech giants commit $10M annually to Open Source Security Foundation". VentureBeat. 2021-10-13. Retrieved 2023-05-22.
  8. danwillis (2023-05-12). "Cross-industry organisation OpenSSF snaps up $5m". FinTech Global. Retrieved 2023-05-22.
  9. Zorz, Mirko (2023-05-18). "Enhancing open source security: Insights from the OpenSSF on addressing key challenges". Help Net Security. Retrieved 2023-05-22.
  10. "OpenSSF Working Groups". Open Source Security Foundation. Retrieved 2023-05-22.
  11. Vizard, Mike (2022-10-27). "Sigstore Code Signing Service Becomes Generally Available". DevOps.com. Retrieved 2023-05-22.
  12. Vaughan-Nichols, Steven J. (2022-10-06). "Alpha-Omega Dishes out Cash to Secure Open Source Projects". The New Stack. Retrieved 2023-05-22.
  13. House, The White (2022-01-14). "Readout of White House Meeting on Software Security". The White House. Retrieved 2023-05-22.
  14. Vaughan-Nichols, Steven J. (2023-01-24). "OpenSSF Aimed to Stem Open Source Security Problems in 2022". The New Stack. Retrieved 2023-05-22.
  15. Page, Carly (2022-05-16). "Tech giants pledge $$ to boost open source software security". TechCrunch. Retrieved 2023-05-22.
  16. "DARPA AI Cyber Challenge Aims to Secure Nation's Most Critical Software". www.darpa.mil. Retrieved 2023-09-27.
  17. Vasquez, Christian (2023-09-13). "Washington summit grapples with securing open source software". CyberScoop. Retrieved 2023-09-27.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.