Abbreviation | OpenSSF |
---|---|
Predecessor | Core Infrastructure Initiative |
Formation | 2020 |
Type | Nonprofit |
Purpose | Consolidating industry efforts to improve the security of open source software |
Location |
|
Region served | Worldwide |
Membership | 116 [1] |
General Manager | Omkhar Arasaratnam |
Parent organization | Linux Foundation |
Website | openssf |
The Open Source Security Foundation (OpenSSF) is a cross-industry forum for collaborative improvement of open-source software security. [2] [3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem. [4]
The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project. [5] [6]
In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time general manager. [7] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new general manager, and Behlendorf became CTO of the organization. [8]
The OpenSSF houses various initiatives under its 10 current working groups. [9] [10] The OpenSSF also houses two projects: the code signing and verification service Sigstore [11] and Alpha-Omega, a large-scale effort to improve software supply chain security. [12]
The White House held a meeting on software security with government and private sector stakeholders on January 13, 2022. [13] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments. [14] [15] In August 2023, the OpenSSF served as an advisor for DARPA's AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity. [16] In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software. [17]
The Apache HTTP Server is a free and open-source cross-platform web server, released under the terms of Apache License 2.0. It is developed and maintained by a community of developers under the auspices of the Apache Software Foundation.
The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military. Originally known as the Advanced Research Projects Agency (ARPA), the agency was created on February 7, 1958, by President Dwight D. Eisenhower in response to the Soviet launching of Sputnik 1 in 1957. By collaborating with academia, industry, and government partners, DARPA formulates and executes research and development projects to expand the frontiers of technology and science, often beyond immediate U.S. military requirements. The name of the organization first changed from its founding name, ARPA, to DARPA, in March 1972, changing back to ARPA in February 1993, then reverted to DARPA in March 1996.
Brian Behlendorf is an American technologist, executive, computer programmer and leading figure in the open-source software movement. He was a primary developer of the Apache Web server, the most popular web server software on the Internet, and a founding member of the Apache Group, which later became the Apache Software Foundation. Behlendorf served as president of the foundation for three years. He has served on the board of the Mozilla Foundation since 2003, Benetech since 2009, and the Electronic Frontier Foundation since 2013. Behlendorf served as the General Manager of the Open Source Security Foundation (OpenSSF) from 2021-2023 and is currently the Chief Technology Officer of the OpenSSF.
Peiter C. Zatko, better known as Mudge, is an American network security expert, open source programmer, writer, and hacker. He is currently the chief information officer of DARPA. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the computer and culture hacking cooperative the Cult of the Dead Cow.
The Linux Foundation (LF) is a non-profit organization established in 2000 to support Linux development and open-source software projects.
The open-core model is a business model for the monetization of commercially produced open-source software. The open-core model primarily involves offering a "core" or feature-limited version of a software product as free and open-source software, while offering "commercial" versions or add-ons as proprietary software. The term was coined by Andrew Lampitt in 2008.
Homeland Open Security Technology (HOST) is a five-year, $10 million program by the Department of Homeland Security's Science and Technology Directorate to promote the creation and use of open security and open-source software in the United States government and military, especially in areas pertaining to computer security.
System Package Data Exchange is an open standard capable of representing systems with digital components as bills of materials (BOMs). First designed to describe software components, SPDX can describe the components of software systems, AI models, software builds, security data, and other data packages. SPDX allows the expression of components, licenses, copyrights, security references and other metadata relating to systems.
The OpenPOWER Foundation is a collaboration around Power ISA-based products initiated by IBM and announced as the "OpenPOWER Consortium" on August 6, 2013. IBM's focus is to open up technology surrounding their Power Architecture offerings, such as processor specifications, firmware, and software with a liberal license, and will be using a collaborative development model with their partners.
Briar is an open-source software communication technology, intended to provide secure and resilient peer-to-peer communications with no centralized servers and minimal reliance on external infrastructure. Messages can be transmitted through Bluetooth, Wi-Fi, over the internet via Tor or removable storage, such as USB sticks. All communication is end-to-end encrypted. Relevant content is stored in encrypted form on participating devices. Long-term plans for the project include support for distributed applications such as crisis mapping and collaborative document editing.
Librem is a line of computers manufactured by Purism, SPC featuring free (libre) software. The laptop line is designed to protect privacy and freedom by providing no non-free (proprietary) software in the operating system or kernel, avoiding the Intel Active Management Technology, and gradually freeing and securing firmware. Librem laptops feature hardware kill switches for the microphone, webcam, Bluetooth and Wi-Fi.
The 2016 Cyber Grand Challenge (CGC) was a challenge created by The Defense Advanced Research Projects Agency (DARPA) in order to develop automatic defense systems that can discover, prove, and correct software flaws in real-time.
Wire is an encrypted communication and collaboration app created by Wire Swiss. It is available for iOS, Android, Windows, macOS, Linux, and web browsers such as Firefox. Wire offers a collaboration suite featuring messenger, voice calls, video calls, conference calls, file-sharing, and external collaboration – all protected by a secure end-to-end-encryption. Wire offers three solutions built on its security technology: Wire Pro – which offers Wire's collaboration feature for businesses, Wire Enterprise – includes Wire Pro capabilities with added features for large-scale or regulated organizations, and Wire Red – the on-demand crisis collaboration suite. They also offer Wire Personal, which is a secure messaging app for personal use.
PyTorch is a machine learning library based on the Torch library, used for applications such as computer vision and natural language processing, originally developed by Meta AI and now part of the Linux Foundation umbrella. It is one of the most popular deep learning frameworks, alongside others such as TensorFlow and PaddlePaddle, offering free and open-source software released under the modified BSD license. Although the Python interface is more polished and the primary focus of development, PyTorch also has a C++ interface.
The OpenBMC project is a Linux Foundation collaborative open-source project that produces an open source implementation of the baseboard management controllers (BMC) firmware stack. OpenBMC is a Linux distribution for BMCs meant to work across heterogeneous systems that include enterprise, high-performance computing (HPC), telecommunications, and cloud-scale data centers.
Software for COVID-19 pandemic mitigation takes many forms. It includes mobile apps for contact tracing and notifications about infection risks, vaccine passports, software for enabling – or improving the effectiveness of – lockdowns and social distancing, Web software for the creation of related information services, and research and development software. A common issue is that few apps interoperate, reducing their effectiveness.
GitHub Copilot is a code completion and automatic programming tool developed by GitHub and OpenAI that assists users of Visual Studio Code, Visual Studio, Neovim, and JetBrains integrated development environments (IDEs) by autocompleting code. Currently available by subscription to individual developers and to businesses, the generative artificial intelligence software was first announced by GitHub on 29 June 2021, and works best for users coding in Python, JavaScript, TypeScript, Ruby, and Go. In March 2023 GitHub announced plans for "Copilot X", which will incorporate a chatbot based on GPT-4, as well as support for voice commands, into Copilot.
OpenHarmony is a family of open-source distributed operating systems based on HarmonyOS derived from LiteOS, donated the L0-L2 branch source code by Huawei to the OpenAtom Foundation. Similar to HarmonyOS, the open-source distributed operating system is designed with a layered architecture, consisting of four layers from the bottom to the top: the kernel layer, system service layer, framework layer, and application layer. It is also an extensive collection of free software, which can be used as an operating system or in parts with other operating systems via Kernel Abstraction Layer subsystems.
Over the years, the U.S. Defense Advanced Research Projects Agency (DARPA) has conducted a number of prize competitions to spur innovations. A prize competition allows DARPA to establish an ambitious goal, which makes public way for novel approaches from the public that might otherwise appear too risky to undertake by experts in a particular discipline.
Rustls is an open-source implementation of the Transport Layer Security (TLS) cryptographic protocol written in the Rust programming language. TLS is essential to internet security, and Rustls aims to enable secure, fast TLS connections. Rustls uses Rust's enforcement of memory safety to reduce the risk of security vulnerabilities. It is part of efforts to improve internet security by replacing memory-unsafe software libraries, such as OpenSSL, with memory-safe alternatives.