Open Source Security Foundation

Industry forum on software security

Open Source Security Foundation

Abbreviation	OpenSSF
Predecessor	Core Infrastructure Initiative
Formation	2020; 5 years ago (2020)
Type	Nonprofit
Purpose	Consolidating industry efforts to improve the security of open source software
Location	San Francisco, United States
Region served	Worldwide
Membership	116^[1]
General Manager	Atoyeje Michael
Parent organization	Linux Foundation
Website	openssf.org Edit this at Wikidata

The Open Source Security Foundation (OpenSSF) is a cross-industry forum for collaborative improvement of open-source software security.^[2]^[3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.^[4]

History

[edit ]

The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project.^[5]^[6]

In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time general manager.^[7] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new general manager, and Behlendorf became CTO of the organization.^[8]

Activity

[edit ]

Working groups and projects

[edit ]

The OpenSSF houses various initiatives under its 10 current working groups.^[9]^[10] The OpenSSF also houses two projects: the code signing and verification service Sigstore^[11] and Alpha-Omega, a large-scale effort to improve software supply chain security.^[12]

Policy

[edit ]

The White House held a meeting on software security with government and private sector stakeholders on January 13, 2022.^[13] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received 30ドル million in funding commitments.^[14]^[15] In August 2023, the OpenSSF served as an advisor for DARPA's AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity.^[16] In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software.^[17]

References

[edit ]

^ "Members". Open Source Security Foundation. Retrieved 2024年07月12日.
^ "Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation". infoq.com. Retrieved 10 August 2022.
^ "Uniting for better open-source security: The Open Source Security Foundation". ZDNet. Retrieved 10 August 2022.
^ "OpenSSF details advancements in open-source security efforts". VentureBeat. 2022年06月21日. Retrieved 2023年01月10日.
^ Anderson, Tim. "Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns". www.theregister.com. Retrieved 2023年05月22日.
^ "Home". Core Infrastructure Initiative. Retrieved 2023年01月20日.
^ "Tech giants commit 10ドルM annually to Open Source Security Foundation". VentureBeat. 2021年10月13日. Retrieved 2023年05月22日.
^ danwillis (2023年05月12日). "Cross-industry organisation OpenSSF snaps up 5ドルm". FinTech Global. Retrieved 2023年05月22日.
^ Zorz, Mirko (2024年07月12日). "Enhancing open source security: Insights from the OpenSSF on addressing key challenges". Help Net Security. Retrieved 2023年05月22日.
^ "OpenSSF Working Groups". Open Source Security Foundation. Retrieved 2023年05月22日.
^ Vizard, Mike (2022年10月27日). "Sigstore Code Signing Service Becomes Generally Available". DevOps.com. Retrieved 2023年05月22日.
^ Vaughan-Nichols, Steven J. (2022年10月06日). "Alpha-Omega Dishes out Cash to Secure Open Source Projects". The New Stack. Retrieved 2023年05月22日.
^ House, The White (2022年01月14日). "Readout of White House Meeting on Software Security". The White House. Retrieved 2023年05月22日.
^ Vaughan-Nichols, Steven J. (2023年01月24日). "OpenSSF Aimed to Stem Open Source Security Problems in 2022". The New Stack. Retrieved 2023年05月22日.
^ Page, Carly (2022年05月16日). "Tech giants pledge $$ to boost open source software security". TechCrunch. Retrieved 2023年05月22日.
^ "DARPA AI Cyber Challenge Aims to Secure Nation's Most Critical Software". www.darpa.mil. Retrieved 2023年09月27日.
^ Vasquez, Christian (2023年09月13日). "Washington summit grapples with securing open source software". CyberScoop. Retrieved 2023年09月27日.

External links

[edit ]

Official website
OpenSSF on GitHub

v t e Linux Foundation
Sub-foundations	Cloud Native Computing Foundation Cloud Foundry OpenJS Foundation LF Energy Presto Foundation Open Source Security Foundation Overture Maps Foundation
Initiatives	Open Container Initiative Core Infrastructure Initiative OpenAPI Initiative
Projects	Open Mainframe Project SONiC Hyperledger

v
t
e

Free and open-source software

General

AFL
Apache
APSL
Artistic
Beerware
BSD
Creative Commons
CDDL
EPL
Free Software Foundation
- GNU GPL
- GNU AGPL
- GNU LGPL
ISC
MIT
MPL
Python
Python Software Foundation License
Shared Source Initiative
Sleepycat
Unlicense
WTFPL
zlib

Types and standards	Comparison of licenses Contributor License Agreement Copyleft Debian Free Software Guidelines Definition of Free Cultural Works Free license The Free Software Definition The Open Source Definition Open-source license Permissive software license Public domain

Challenges

History

Activity

Working groups and projects

Policy

See also

References

External links