![]() | |
Abbreviation | OpenSSF |
---|---|
Predecessor | Core Infrastructure Initiative |
Formation | 2020 |
Type | Nonprofit |
Purpose | Consolidating industry efforts to improve the security of open source software |
Location |
|
Region served | Worldwide |
Membership | 116 [1] |
General Manager | Atoyeje Michael |
Parent organization | Linux Foundation |
Website | openssf |
The Open Source Security Foundation (OpenSSF) is a cross-industry forum for collaborative improvement of open-source software security. [2] [3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem. [4]
The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project. [5] [6]
In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time general manager. [7] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new general manager, and Behlendorf became CTO of the organization. [8]
The OpenSSF houses various initiatives under its 10 current working groups. [9] [10] The OpenSSF also houses two projects: the code signing and verification service Sigstore [11] and Alpha-Omega, a large-scale effort to improve software supply chain security. [12]
The White House held a meeting on software security with government and private sector stakeholders on January 13, 2022. [13] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments. [14] [15] In August 2023, the OpenSSF served as an advisor for DARPA's AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity. [16] In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software. [17]