Open Source Security Foundation: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 13:37, 4 August 2023 edit Pabsoluterince (talk \| contribs) Extended confirmed users, Pending changes reviewers 4,114 edits m rewording first sentence ← Previous edit		Latest revision as of 13:50, 1 July 2025 edit undo 197.211.52.176 (talk) No edit summary Tags: Mobile edit Mobile web edit
(19 intermediate revisions by 14 users not shown)
Line 1: {{Short description\|Industry forum on software security}} ~~{{Paid contributions\|date=August 2023}}~~ {{Infobox organization \| logo = OpenSSF_logo.svg \| predecessor = [[Core Infrastructure Initiative]] \| abbreviation = OpenSSF \| formation = {{Start date and age\|2020}} Line 10 ⟶ 9: \| key_people = \| leader_title = General Manager \| leader_name = ~~Omkhar~~[[Atoyeje ~~Arasaratnam~~Michael]] ~~\| leader_title2 = Chief Technology Officer~~ ~~\| leader_name2 = [[Brian Behlendorf]]~~ \| parent_organization = [[Linux Foundation]] \| volunteers = Line 20 ⟶ 17: \| logo_size = \| founder = \| ___location = [[San Francisco]], [[United States]] \| region_served = Worldwide \| revenue = \| endowment = \| employees = \| membership = 94116<ref>{{Cite web \|title=Members \|url=https://openssf.org/about/members/ \|access-date=~~2023~~2024-0507-2212 \|website=Open Source Security Foundation \|language=en-US}}</ref> \| website = {{Official URL}} }} The '''Open Source Security Foundation''' ('''OpenSSF''') is a cross-industry forum for collaborative improvement of [[open-source software security]].<ref>{{cite web\|url=https://www.infoq.com/news/2020/08/open-source-security-foundation/\|title=Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation\|website=infoq.com\|accessdate=10 August 2022}}</ref><ref>{{cite web\|url=https://www.zdnet.com/article/uniting-for-better-open-source-security-the-open-source-security-foundation/\|title=Uniting for better open-source security: The Open Source Security Foundation\|website=ZDNet\|accessdate=10 August 2022}}</ref> Part of the [[Linux Foundation]], the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.<ref>{{Cite web \|date=2022-06-21 \|title=OpenSSF details advancements in open-source security efforts \|url=https://venturebeat.com/security/openssf-details-advancements-in-open-source-security-efforts/ \|access-date=2023-01-10 \|website=VentureBeat \|language=en-US}}</ref> ==History== Line 34 ⟶ 31: The OpenSSF was formed in August 2020 as the successor to the [[Core Infrastructure Initiative]], another Linux Foundation project.<ref>{{Cite web \|last=Anderson \|first=Tim \|title=Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns \|url=https://www.theregister.com/2020/08/03/linux_foundation_forms_openssf/ \|access-date=2023-05-22 \|website=www.theregister.com \|language=en}}</ref><ref>{{Cite web \|title=Home \|url=https://www.coreinfrastructure.org/ \|access-date=2023-01-20 \|website=Core Infrastructure Initiative \|language=en-US}}</ref> In October 2021, [[Brian Behlendorf]] was announced as the OpenSSF's first full-time ~~General~~general ~~Manager~~manager.<ref>{{Cite web \|date=2021-10-13 \|title=Tech giants commit $10M annually to Open Source Security Foundation \|url=https://venturebeat.com/business/tech-giants-commit-10m-annually-to-open-source-security-foundation/ \|access-date=2023-05-22 \|website=VentureBeat \|language=en-US}}</ref> In May 2023, OpenSSF announced [[Omkhar Arasaratnam]] as its new ~~General~~general ~~Manager~~manager, and Behlendorf became CTO of the organization.<ref>{{Cite web \|last=danwillis \|date=2023-05-12 \|title=Cross-industry organisation OpenSSF snaps up $5m \|url=https://fintech.global/2023/05/12/cross-industry-organisation-openssf-snaps-up-5m/ \|access-date=2023-05-22 \|website=FinTech Global \|language=en-GB}}</ref> ==Activity== Line 40 ⟶ 37: ===Working Groups and Projects=== The OpenSSF houses various initiatives under its 810 current working groups.<ref>{{Cite web \|last=Zorz \|first=Mirko \|date=~~2023~~2024-0507-1812 \|title=Enhancing open source security: Insights from the OpenSSF on addressing key challenges \|url=https://www.helpnetsecurity.com/2023/05/18/brian-behlendorf-openssf-open-source-security/ \|access-date=2023-05-22 \|website=Help Net Security \|language=en-US}}</ref><ref>{{Cite web \|title=OpenSSF Working Groups \|url=https://openssf.org/community/openssf-working-groups/ \|access-date=2023-05-22 \|website=Open Source Security Foundation \|language=en-US}}</ref> The OpenSSF also houses two projects: the code signing and verification service [[Sigstore]]<ref>{{Cite web \|last=Vizard \|first=Mike \|date=2022-10-27 \|title=Sigstore Code Signing Service Becomes Generally Available \|url=https://devops.com/sigstore-code-signing-service-becomes-generally-available/ \|access-date=2023-05-22 \|website=DevOps.com \|language=en-US}}</ref> and Alpha-Omega, a large-scale effort to improve software supply chain security.<ref>{{Cite web \|last=Vaughan-Nichols \|first=Steven J. \|date=2022-10-06 \|title=Alpha-Omega Dishes out Cash to Secure Open Source Projects \|url=https://thenewstack.io/alpha-omega-dishes-out-cash-to-secure-open-source-projects/ \|access-date=2023-05-22 \|website=The New Stack \|language=en-US}}</ref> ===Policy=== ~~After the~~The [[~~Log4Shell]] vulnerability, the~~ White House]] held a meeting on software security with government and private sector stakeholders on January 13, 2022.<ref>{{Cite web \|last=House \|first=The White \|date=2022-01-14 \|title=Readout of White House Meeting on Software Security \|url=https://~~www~~bidenwhitehouse.~~whitehouse~~archives.gov/briefing-room/statements-releases/2022/01/13/readout-of-white-house-meeting-on-software-security/ \|access-date=2023-05-22 \|website=The White House \|language=en-US}}</ref> In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.<ref>{{Cite web \|last=Vaughan-Nichols \|first=Steven J. \|date=2023-01-24 \|title=OpenSSF Aimed to Stem Open Source Security Problems in 2022 \|url=https://thenewstack.io/openssf-aimed-to-stem-open-source-security-problems-in-2022/ \|access-date=2023-05-22 \|website=The New Stack \|language=en-US}}</ref><ref>{{Cite web \|last=Page \|first=Carly \|date=2022-05-16 \|title=Tech giants pledge $$ to boost open source software security \|url=https://techcrunch.com/2022/05/16/white-house-open-source-security/ \|access-date=2023-05-22 \|website=TechCrunch \|language=en-US}}</ref> In August 2023, the OpenSSF served as an advisor for [[DARPA]]'s AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity.<ref>{{Cite web \|url=https://www.darpa.mil/news-events/2023-08-09 \|access-date=2023-09-27 \|website=www.darpa.mil\|title=DARPA AI Cyber Challenge Aims to Secure Nation’s Most Critical Software}}</ref> In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software.<ref>{{Cite web \|last=Vasquez \|first=Christian \|date=2023-09-13 \|title=Washington summit grapples with securing open source software \|url=https://cyberscoop.com/openssf-open-source-security-summit/ \|access-date=2023-09-27 \|website=CyberScoop \|language=en-US}}</ref> ==See also== Line 61 ⟶ 58: {{FLOSS}} [[Category:Free software project foundations based in the United States]] [[Category:Organizations established in 2020]]