Organization:Open Source Security Foundation

From HandWiki
Short description: Industry forum on software security
Open Source Security Foundation
OpenSSF logo.svg
AbbreviationOpenSSF
PredecessorCore Infrastructure Initiative
Formation2020; 4 years ago (2020)
TypeNonprofit
PurposeConsolidating industry efforts to improve the security of open source software
Location
Region served
Worldwide
Membership
94[1]
General Manager
Omkhar Arasaratnam
Parent organization
Linux Foundation
Website{{{1}}}

The Open Source Security Foundation (OpenSSF) is a cross-industry forum for collaborative improvement of open-source software security.[2][3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.[4]

History

The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project.[5][6]

In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time general manager.[7] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new general manager, and Behlendorf became CTO of the organization.[8]

Activity

Working Groups and Projects

The OpenSSF houses various initiatives under its 8 current working groups.[9][10] The OpenSSF also houses two projects: the code signing and verification service Sigstore[11] and Alpha-Omega, a large-scale effort to improve software supply chain security.[12]

Policy

The White House held a meeting on software security with government and private sector stakeholders on January 13, 2022.[13] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.[14][15] In August 2023, the OpenSSF served as an advisor for DARPA's AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity.[16] In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software.[17]

See also

References

  1. "Members" (in en-US). https://openssf.org/about/members/. 
  2. "Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation". https://www.infoq.com/news/2020/08/open-source-security-foundation/. Retrieved 10 August 2022. 
  3. "Uniting for better open-source security: The Open Source Security Foundation". https://www.zdnet.com/article/uniting-for-better-open-source-security-the-open-source-security-foundation/. Retrieved 10 August 2022. 
  4. "OpenSSF details advancements in open-source security efforts" (in en-US). 2022-06-21. https://venturebeat.com/security/openssf-details-advancements-in-open-source-security-efforts/. 
  5. Anderson, Tim. "Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns" (in en). https://www.theregister.com/2020/08/03/linux_foundation_forms_openssf/. 
  6. "Home" (in en-US). https://www.coreinfrastructure.org/. 
  7. "Tech giants commit $10M annually to Open Source Security Foundation" (in en-US). 2021-10-13. https://venturebeat.com/business/tech-giants-commit-10m-annually-to-open-source-security-foundation/. 
  8. danwillis (2023-05-12). "Cross-industry organisation OpenSSF snaps up $5m" (in en-GB). https://fintech.global/2023/05/12/cross-industry-organisation-openssf-snaps-up-5m/. 
  9. Zorz, Mirko (2023-05-18). "Enhancing open source security: Insights from the OpenSSF on addressing key challenges" (in en-US). https://www.helpnetsecurity.com/2023/05/18/brian-behlendorf-openssf-open-source-security/. 
  10. "OpenSSF Working Groups" (in en-US). https://openssf.org/community/openssf-working-groups/. 
  11. Vizard, Mike (2022-10-27). "Sigstore Code Signing Service Becomes Generally Available" (in en-US). https://devops.com/sigstore-code-signing-service-becomes-generally-available/. 
  12. Vaughan-Nichols, Steven J. (2022-10-06). "Alpha-Omega Dishes out Cash to Secure Open Source Projects" (in en-US). https://thenewstack.io/alpha-omega-dishes-out-cash-to-secure-open-source-projects/. 
  13. House, The White (2022-01-14). "Readout of White House Meeting on Software Security" (in en-US). https://www.whitehouse.gov/briefing-room/statements-releases/2022/01/13/readout-of-white-house-meeting-on-software-security/. 
  14. Vaughan-Nichols, Steven J. (2023-01-24). "OpenSSF Aimed to Stem Open Source Security Problems in 2022" (in en-US). https://thenewstack.io/openssf-aimed-to-stem-open-source-security-problems-in-2022/. 
  15. Page, Carly (2022-05-16). "Tech giants pledge $$ to boost open source software security" (in en-US). https://techcrunch.com/2022/05/16/white-house-open-source-security/. 
  16. "DARPA AI Cyber Challenge Aims to Secure Nation’s Most Critical Software". https://www.darpa.mil/news-events/2023-08-09. 
  17. Vasquez, Christian (2023-09-13). "Washington summit grapples with securing open source software" (in en-US). https://cyberscoop.com/openssf-open-source-security-summit/. 

External links



Retrieved from "https://handwiki.org/wiki/index.php?title=Organization:Open_Source_Security_Foundation&oldid=3397905"