Open Source Security Foundation Explained

Predecessor:Core Infrastructure Initiative
Abbreviation:OpenSSF
Type:Nonprofit
Purpose:Consolidating industry efforts to improve the security of open source software
Leader Title:General Manager
Leader Name:Omkhar Arasaratnam
Parent Organization:Linux Foundation
Open Source Security Foundation
Location:San Francisco, United States
Region Served:Worldwide
Membership:116[1]

The Open Source Security Foundation (OpenSSF) is a cross-industry forum for collaborative improvement of open-source software security.[2] [3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.[4]

History

The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project.[5] [6]

In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time general manager.[7] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new general manager, and Behlendorf became CTO of the organization.[8]

Activity

Working Groups and Projects

The OpenSSF houses various initiatives under its 10 current working groups.[9] [10] The OpenSSF also houses two projects: the code signing and verification service Sigstore[11] and Alpha-Omega, a large-scale effort to improve software supply chain security.[12]

Policy

The White House held a meeting on software security with government and private sector stakeholders on January 13, 2022.[13] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.[14] [15] In August 2023, the OpenSSF served as an advisor for DARPA's AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity.[16] In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software.[17]

See also

Notes and References

  1. Web site: Members . 2024-07-12 . Open Source Security Foundation . en-US.
  2. Web site: Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation. infoq.com. 10 August 2022.
  3. Web site: Uniting for better open-source security: The Open Source Security Foundation. ZDNet. 10 August 2022.
  4. Web site: 2022-06-21 . OpenSSF details advancements in open-source security efforts . 2023-01-10 . VentureBeat . en-US.
  5. Web site: Anderson . Tim . Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns . 2023-05-22 . www.theregister.com . en.
  6. Web site: Home . 2023-01-20 . Core Infrastructure Initiative . en-US.
  7. Web site: 2021-10-13 . Tech giants commit $10M annually to Open Source Security Foundation . 2023-05-22 . VentureBeat . en-US.
  8. Web site: danwillis . 2023-05-12 . Cross-industry organisation OpenSSF snaps up $5m . 2023-05-22 . FinTech Global . en-GB.
  9. Web site: Zorz . Mirko . 2024-07-12 . Enhancing open source security: Insights from the OpenSSF on addressing key challenges . 2023-05-22 . Help Net Security . en-US.
  10. Web site: OpenSSF Working Groups . 2023-05-22 . Open Source Security Foundation . en-US.
  11. Web site: Vizard . Mike . 2022-10-27 . Sigstore Code Signing Service Becomes Generally Available . 2023-05-22 . DevOps.com . en-US.
  12. Web site: Vaughan-Nichols . Steven J. . 2022-10-06 . Alpha-Omega Dishes out Cash to Secure Open Source Projects . 2023-05-22 . The New Stack . en-US.
  13. Web site: House . The White . 2022-01-14 . Readout of White House Meeting on Software Security . 2023-05-22 . The White House . en-US.
  14. Web site: Vaughan-Nichols . Steven J. . 2023-01-24 . OpenSSF Aimed to Stem Open Source Security Problems in 2022 . 2023-05-22 . The New Stack . en-US.
  15. Web site: Page . Carly . 2022-05-16 . Tech giants pledge $$ to boost open source software security . 2023-05-22 . TechCrunch . en-US.
  16. Web site: DARPA AI Cyber Challenge Aims to Secure Nation’s Most Critical Software. 2023-09-27 . www.darpa.mil.
  17. Web site: Vasquez . Christian . 2023-09-13 . Washington summit grapples with securing open source software . 2023-09-27 . CyberScoop . en-US.