The Linux Foundation announces the establishment of the Open Source Security Foundation (OpenSSF) on its website. The new foundation aims to further consolidate industry efforts to improve the security of open-source software.
The OpenSSF is a cross-industry collaboration that seeks to bring leaders together to improve the security of Open Source Software (OSS) by building a broader community with targeted initiatives and best practices.
It combines the efforts of the Core Infrastructure Initiative, the open-source security coalition of GitHub and other open source security efforts of the founding members of GitHub, Google, IBM, JPMorgan Chase, Microsoft, the NCC Group, the OWASP Foundation, and Red Hat. Other founding members include ElevenPaths, GitLab, HackerOne, Intel, Okta, Purdue, SAFECode, StackHawk, Trail of Bits, Uber, and VMware.
Transparent and vendor-independent
The OpenSSF wants to bring together the industry’s most important open source security initiatives and the people and companies that support them. The Linux Foundation’s Core Infrastructure Initiative (CII), which was founded in response to the Heartbleed bug in 2014 , and the Open Source Security Coalition, which is operated by the GitHub Security Lab, are just a few of the projects that will be brought together under the OpenSSF should. The management of the foundation and its decisions should be transparent and all specifications and projects that are developed should be vendor-independent.
Open on GitHub
With the formalization of the group, an open management structure is to be established, which provides for a board of directors, a technical advisory board and separate supervision for each working group and each project. The OpenSSF intends to launch a variety of technical open-source initiatives to support the security of the most critical open source projects, all of which are to be conducted publicly on GitHub .