New Open Source Security Foundation (OpenSSF) collaboration strengthens industry efforts for open source software security
SAN FRANCISCO, August 3, 2020 / PRNewswire / – The Linux Foundation today announced the creation of the Open Source Security Foundation (OpenSSF). OpenSSF is a cross-sectoral collaboration that brings together open source software (OSS) security leaders by creating broader network paints with specific projects and more productive practices. It combines the efforts of the Central Infrastructure Initiative, the GitHub Open Source Security Coalition, and other open source security paintings through founding members of GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation, and Red Hat, among others. Other founding members come with ElevenPaths, GitLab, HackerOne, Intel, Okta, Purdue, SAFECode, StackHawk, Trail of Bits, Uber and VMware.
Open source software is ubiquitous in knowledge centers, devices, and customer services, which is priced for technologists and businesses. Because of its progression process, the open source that eventually reaches end users has a chain of participants and depinitions. It is vitally important that those guilty of protecting their user or organization are able to perceive and verify the security of this chain of disagreements.
OpenSSF combines the industry’s leading open source security projects and Americans and corporations that integrate them. The Linux Foundation’s Central Infrastructure Initiative (CII), founded in reaction to the 2014 Heartbleed error, and the Open Source Security Coalition, founded through the GitHub Security Laboratory, are just a few of the projects that will be combined as a component of the new OpenSSF. The Foundation’s governance, technical network and decisions will be transparent, and the specifications and projects developed will be independent of the supplier. OpenSSF is committed to working in combination and functioning upstream and with existing communities to promote open source security for all.
“We believe that open source is a smart audience and in each and every sector we have a duty to come together to improve and help the security of open source software that we all depend on,” said Jim Zemlin, ceo of the Linux Foundation. “Ensuring the security of open source is one of the greatest vital things we can do, and it forces us all, around the world, to make a contribution to this effort. OpenSSF will provide this forum for collaboration and a sectoral effort.”
With the formalization of the organization, the open government design is established and includes a Board of Directors (GB), a Technical Advisory Board (TAC) and separate supervision for each organization and project underway. OpenSSF intends to host a variety of open source technical projects for the security of the world’s most critical open source software, all of which will be performed in open mode on GitHub.
For more information and to make a contribution to the project, visit https://openssf.org
Threats, Risk and Mitigation Resources for Open Source Ecosystems, Open Source Security Coalition Vulnerabilities at the Core, Harvard Innovation Science Lab and Linux Foundation Red Hat Product Security Risk Report, Red Hat
GitHub Board Quotes “All industries use open source software, and it is our collective duty to help maintain a healthy and safe ecosystem,” said Jamie Cool, vice president of product management and security at GitHub. “GitHub founded the Open Source Security Coalition in 2019 to bring industry leaders together around this project and ensure that the addition of open source software is something that all developers can do with confidence. We look to the next step in the evolution of the coalition and as a founding member of the Open Source Security Foundation.”
Learn on the GitHub blog.
Google “Security is a priority for Google and our users. We have developed physically powerful internal security equipment and systems for internal consumption of open source software, for our users and for our OSS products. We believe in creating safer products for everyone with powerful impacts, and we’re excited to paint with the widest network paints through OpenSSF. We look forward to sharing our inventions and executing them in combination to improve the security of open source software that we all rely on,” said Google Cloud Director of Product Security James Higgins.
IBM “Open source has become commonplace in the enterprise. As such, open source chain security is of paramount importance to IBM and our customers,” said Christopher Ferris, a member of IBM and CTO Open Technology. “The launch of The Open Source Security Foundation marks a vital step in providing open source communities with the data and equipment they want for their secure engineering practices, and data developers want to decide wisely about their open source.
JPMorgan Chase “The development, creation and use of open source software is a very sensible priority for JPMorgan Chase. We are committed to working with the network through the Open Source Security Foundation to ensure that open source software for everything is accepted as true and secure,” said Lori Beer, global information director at JPMorgan Chase.
Microsoft “With open source now at the heart of the generation strategy of almost every single company, securing open source software is an essential component to securing the source chain of each and every company, adding ours,” said Mark Russinovich, Chief Technology Officer at Microsoft Azure. “As with open source, creating greater security is a network-led process. At Microsoft, we are delighted to be a founding member of the Open Source Security Foundation and look forward to creating components with the network to create new security responses that will help all of us. “
Learn on the Microsoft blog.
NCC Group: Internet security and privacy are essential for the coverage of critical people, organizations and infrastructure, as well as for the long term of democracy and our civil liberties. Given the basic role that open source plays in powering our world, creating scalable resources and teams to help software maintainers, developers, and users perceive and the security of their projects is a vital step toward a safer and more secure world. together, we can begin to repair, or even save, security vulnerabilities on a scale that was not possible in the past,” said Jennifer Fernick, head of studies at the NCC Group specializing in global cybersecurity.
OWASP “Joining Linux Foundation and Open Source Security Foundation is at the heart of our project to advance the state of application security, especially since OpenSSF is already aligned with OWASP’s core philosophies of openness, transparency and innovation,” said Andrew van der Stock, OWASP’s CEO, the Open Web Application Security project. “We look forward to running with all organizations compromised the state of software security and running in combination on projects of important interest to software developers, organizations, and governments around the world.”
Red Hat Red Hat is relentless in its commitment to open source and its participation in the good fortunes of initial assignments. We believe that protection is an essential component of healthy allocation communities,” said Chris Wright, Red Hat’s chief technology officer.” Now is the time for us to join other leaders than ever before to make sure key assignments are secure and usable across our products, across businesses, and in the hybrid cloud. We are very happy to help you create this Open Source Software Foundation. “
Additional Quotes from ElevenPaths Founding Members “The security of a corporate application or service is primarily based on the security of all its parties. The vast majority of commercial programs and installations are not fully developed internally because they use open source parts that help improve the progression cycle and extend its functionality. Therefore, it is imperative to ensure that all open source parts comply with the most productive practices in safe progression and periodic reviews are performed to have a positive effect on all software that uses “Join Open Source Security The Foundation is fully aligned with our vision and principles”.
GitLab “GitLab is very happy to play a role in creating the Open Source Security Foundation (OpenSSF) to deepen cross-sectoral collaboration and promote the security of open source projects, as it is the key to the long term of technology,” said David DeSanto, Product Manager of Secure and Defend at GitLab. “According to GitLab’s ‘everyone can contribute’ project, we look forward to supporting and contributing to the network to bring a combination of security-conscious developers to replace open source progression in a collaborative and basic way.”
HackerOne “Open Source Software Drives HackerOne,” said Reed Loden, Director of Open Source Security at HackerOne. “Having interaction with our network fuels our software, infrastructure and style. As a component of our project to make the Internet more secure, we need to make the security of open source projects less difficult. For more than 3 years, we have provided The Open Source Network is our flexible platform and for a long time we have supported projects like Bug Bounty Internet. Joining the Linux Foundation and the Open Source Security Foundation allows us to continue our project and make the Internet more secure. Some of the biggest visionaries in security. We look forward to seeing the replacement we can do together.”
Intel “The industry wants to combine paints to advance generation and drive open source security initiatives. Hardware and software are inextricably connected to ensure the security, transparency, and acceptance of open source software. With OpenSSF, Intel will continue to play a key role in mobilizing the industry as a total and resolving cloud security issues on the edge,” said Anand Pashupathy, Intel’s Managing Director of Systems Security Software.
SAFECode “Open source software is a major component of the current software source chain and therefore represents a significant fraction of the software on which Americans and organizations depend. Supporting the secure progression of open source software is vitally important to SAFECode members and the software network,” Steve said. Lipner, CEO of SAFECode. “We look to the future to harness our software security joy as we participate in the Open Source Security Foundation project to create a cross-sectoral collaborative network for open source software security.
StackHawk “The use of open source has certainly reached a critical mass, with dependency trees and increasing software complexity. Equipping engineering groups to deliver secure programs in an undeniable and scalable manner is at the heart of our StackHawk project. Extremely happy to be one of the founding members of the Open Source Security Foundation to make sure this can be a real software progression and we look forward to continue the partnership with the community,” said Joni Klippert, founder and CEO of StackHawk.
Uber “Security and privacy are at the heart of Uber’s considerations to ensure that we are guilty administrators of our users’ data. We focus on mitigating all types of software vulnerabilities and, as such, the security of open source software is a very sensible priority. Historically, we have worked with other industry leaders to help build a strong safety net around open source software and are excited to expand those efforts with OpenSSF,” said Rob Fletcher, senior director of security engineering.
VMware “Strengthening the posture, policies and security processes in the open network and in widely used open projects strengthens the entire software ecosystem, for all players,” said Joshua Lock, Head of Security Technologies, Open Source Technology Center, VMware. “VMware strongly supports the purpose of making our software ecosystem more resilient and secure.”
About the Linux Foundation Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world leader in collaboration in open source software, open standards, open knowledge, and open hardware. Linux Foundation projects are essential for global infrastructure, adding Linux, Kubernetes, Node.js, etc. The Linux Foundation’s approach focuses on leveraging the most productive practices and bringing together the wishes of taxpayers, users and solution providers to create sustainable models of collaborative openness. For more information, visit linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of The Linux Foundation trademarks, please visit our Trademark Usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
Media Contact Jennifer Cloerre THINKit [email protected]
Check the content to download the media: http://www.prnewswire.com/news-releases/technology-and-enterprise-leaders-combine-efforts-to-improve-open-source-security-301104545.html
SOURCE The Linux Foundation