The Linux Foundation aims to improve open source software security
Open source software has become commonplace in all sorts of environments. But its very nature means that those responsible for their users' or organization's security need to be able to understand and verify its security.
Today The Linux Foundation is announcing the formation of the Open Source Security Foundation (OpenSSF). This is a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community with targeted initiatives and best practices.
The OpenSSF combines efforts from the Core Infrastructure Initiative, GitHub's Open Source Security Coalition and other open source security work from founding governing board members GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others. Additional founding members include ElevenPaths, GitLab, HackerOne, Intel, Purdue, SAFEcode, StackHawk, Trail of Bits, Uber and VMware.
"We believe open source is a public good and across every industry we have a responsibility to come together to improve and support the security of open source software we all depend on," says Jim Zemlin, executive director at The Linux Foundation. "Ensuring open source security is one of the most important things we can do and it requires all of us around the world to assist in the effort. The OpenSSF will provide that forum for a truly collaborative, cross-industry effort."
The formal creation of the group includes setting up a Governing Board, a Technical Advisory Council and separate oversight for each working group and project. OpenSSF intends to host a variety of open source technical initiatives to support security for the world's most critical open source software, all of which will be done in the open on GitHub.
You can find out more about the project and how to get involved on the OpenSSF site.