Open Source Security Foundation: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 14:27, 22 March 2021 edit BoldLuis (talk \| contribs) Extended confirmed users 6,187 edits m Undid revision 1013601716 by BoldLuis (talk) typo Tag: Undo ← Previous edit		Latest revision as of 13:50, 1 July 2025 edit undo 197.211.52.176 (talk) No edit summary Tags: Mobile edit Mobile web edit
(33 intermediate revisions by 19 users not shown)
Line 1: {{Short description\|Industry forum on software security}} {{Infobox organization \| logo = OpenSSF_logo.svg \| predecessor = [[Core Infrastructure Initiative]] \| abbreviation = OpenSSF \| formation = {{Start date and age\|2020}} \| type = [[Nonprofit organization\|Nonprofit]] ~~\| type =~~ \| purpose = Consolidating industry efforts to improve the security of open source software \| key_people = \| leader_title = General Manager \| leader_name = [[Atoyeje Michael]] \| parent_organization = [[Linux Foundation]] \| volunteers = \| slogan = Line 13 ⟶ 17: \| logo_size = \| founder = \| ___location = [[San Francisco]], [[United States]] \| region_served = Worldwide \| revenue = \| endowment = \| employees = \| membership = 116<ref>{{Cite web \|title=Members \|url=https://openssf.org/about/members/ \|access-date=2024-07-12 \|website=Open Source Security Foundation \|language=en-US}}</ref> ~~\| membership =~~ \| website = {{Official URL~~\|https://openssf.org/~~}} }} The '''Open Source Security Foundation''' ('''OpenSSF''') is a cross-industry forum for a collaborative ~~effort~~improvement ~~to improve~~of [[open -source]] [[software security]].<ref>[{{cite web\|url=https://www.infoq.com/news/2020/08/open-source-security-foundation/ \|title=Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation]\|website=infoq.com\|accessdate=10 August 2022}}</ref><ref>[{{cite web\|url=https://www.zdnet.com/article/uniting-for-better-open-source-security-the-open-source-security-foundation/ \|title=Uniting for better open-source security: The Open Source Security Foundation \| website=ZDNet\|accessdate=10 August 2022}}</ref> Part of the [[Linux Foundation]], the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.<ref>{{Cite web \|date=2022-06-21 \|title=OpenSSF details advancements in open-source security efforts \|url=https://venturebeat.com/security/openssf-details-advancements-in-open-source-security-efforts/ \|access-date=2023-01-10 \|website=VentureBeat \|language=en-US}}</ref> ==History== The list of founding governing board members includes [[GitHub]], [[Google]], [[IBM]], [[JPMorgan Chase]], [[Microsoft]], [[NCC Group]], [[OWASP\|OWASP Foundation]] and [[Red Hat]].<ref name="openssf">[https://openssf.org/press-release/2020/08/03/technology-and-enterprise-leaders-combine-efforts-to-improve-open-source-security/ Technology and Enterprise Leaders Combine Efforts to Improve Open Source Security - Open Source Security Foundation]</ref> Other founding members include [[GitLab]], [[HackerOne]], [[Intel]], [[Okta (identity management)\|Okta]], [[Purdue]], [[Uber]], [[WhiteSource]], and [[VMware]].<ref name="openssf" /> The OpenSSF was formed in August 2020 as the successor to the [[Core Infrastructure Initiative]], another Linux Foundation project.<ref>{{Cite web \|last=Anderson \|first=Tim \|title=Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns \|url=https://www.theregister.com/2020/08/03/linux_foundation_forms_openssf/ \|access-date=2023-05-22 \|website=www.theregister.com \|language=en}}</ref><ref>{{Cite web \|title=Home \|url=https://www.coreinfrastructure.org/ \|access-date=2023-01-20 \|website=Core Infrastructure Initiative \|language=en-US}}</ref> In October 2021, [[Brian Behlendorf]] was announced as the OpenSSF's first full-time general manager.<ref>{{Cite web \|date=2021-10-13 \|title=Tech giants commit $10M annually to Open Source Security Foundation \|url=https://venturebeat.com/business/tech-giants-commit-10m-annually-to-open-source-security-foundation/ \|access-date=2023-05-22 \|website=VentureBeat \|language=en-US}}</ref> In May 2023, OpenSSF announced [[Omkhar Arasaratnam]] as its new general manager, and Behlendorf became CTO of the organization.<ref>{{Cite web \|last=danwillis \|date=2023-05-12 \|title=Cross-industry organisation OpenSSF snaps up $5m \|url=https://fintech.global/2023/05/12/cross-industry-organisation-openssf-snaps-up-5m/ \|access-date=2023-05-22 \|website=FinTech Global \|language=en-GB}}</ref> ==Activity== ===Working Groups and Projects=== The OpenSSF houses various initiatives under its 10 current working groups.<ref>{{Cite web \|last=Zorz \|first=Mirko \|date=2024-07-12 \|title=Enhancing open source security: Insights from the OpenSSF on addressing key challenges \|url=https://www.helpnetsecurity.com/2023/05/18/brian-behlendorf-openssf-open-source-security/ \|access-date=2023-05-22 \|website=Help Net Security \|language=en-US}}</ref><ref>{{Cite web \|title=OpenSSF Working Groups \|url=https://openssf.org/community/openssf-working-groups/ \|access-date=2023-05-22 \|website=Open Source Security Foundation \|language=en-US}}</ref> The OpenSSF also houses two projects: the code signing and verification service Sigstore<ref>{{Cite web \|last=Vizard \|first=Mike \|date=2022-10-27 \|title=Sigstore Code Signing Service Becomes Generally Available \|url=https://devops.com/sigstore-code-signing-service-becomes-generally-available/ \|access-date=2023-05-22 \|website=DevOps.com \|language=en-US}}</ref> and Alpha-Omega, a large-scale effort to improve software supply chain security.<ref>{{Cite web \|last=Vaughan-Nichols \|first=Steven J. \|date=2022-10-06 \|title=Alpha-Omega Dishes out Cash to Secure Open Source Projects \|url=https://thenewstack.io/alpha-omega-dishes-out-cash-to-secure-open-source-projects/ \|access-date=2023-05-22 \|website=The New Stack \|language=en-US}}</ref> ===Policy=== The [[White House]] held a meeting on software security with government and private sector stakeholders on January 13, 2022.<ref>{{Cite web \|last=House \|first=The White \|date=2022-01-14 \|title=Readout of White House Meeting on Software Security \|url=https://bidenwhitehouse.archives.gov/briefing-room/statements-releases/2022/01/13/readout-of-white-house-meeting-on-software-security/ \|access-date=2023-05-22 \|website=The White House \|language=en-US}}</ref> In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.<ref>{{Cite web \|last=Vaughan-Nichols \|first=Steven J. \|date=2023-01-24 \|title=OpenSSF Aimed to Stem Open Source Security Problems in 2022 \|url=https://thenewstack.io/openssf-aimed-to-stem-open-source-security-problems-in-2022/ \|access-date=2023-05-22 \|website=The New Stack \|language=en-US}}</ref><ref>{{Cite web \|last=Page \|first=Carly \|date=2022-05-16 \|title=Tech giants pledge $$ to boost open source software security \|url=https://techcrunch.com/2022/05/16/white-house-open-source-security/ \|access-date=2023-05-22 \|website=TechCrunch \|language=en-US}}</ref> In August 2023, the OpenSSF served as an advisor for [[DARPA]]'s AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity.<ref>{{Cite web \|url=https://www.darpa.mil/news-events/2023-08-09 \|access-date=2023-09-27 \|website=www.darpa.mil\|title=DARPA AI Cyber Challenge Aims to Secure Nation’s Most Critical Software}}</ref> In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software.<ref>{{Cite web \|last=Vasquez \|first=Christian \|date=2023-09-13 \|title=Washington summit grapples with securing open source software \|url=https://cyberscoop.com/openssf-open-source-security-summit/ \|access-date=2023-09-27 \|website=CyberScoop \|language=en-US}}</ref> ==See also== {{Portal\|Free and open-source software}} * [[~~Open-source software~~Computer security]] * [[~~The~~Open ~~Linux~~Security Foundation]] [[Open Security Foundation]] ==References== Line 36 ⟶ 53: ==External links== {{Official website\|https://openssf.org/}} {{GitHub\|ossf\|OpenSSF}} [https://github.com/ossf Open Source Security Foundation (OpenSSF) · GitHub] {{Linux Foundation}} {{FLOSS}} [[Category:Free software project foundations based in the United States]] [[Category:Organizations established in 2020]]