Abbreviation | OpenSSF |
---|---|
Predecessor | Core Infrastructure Initiative |
Formation | 2020; 4 years ago (2020) |
Type | Nonprofit |
Purpose | Consolidating industry efforts to improve the security of open source software |
Location | |
Region served | Worldwide |
Membership | 94[1] |
General Manager | Omkhar Arasaratnam |
Chief Technology Officer | Brian Behlendorf |
Parent organization | Linux Foundation |
The Open Source Security Foundation (OpenSSF) is a cross-industry forum for a collaborative effort to improve open-source software security.[2][3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.[4]
The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project.[5][6] The list of founding governing board members includes GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat.[7] Other founding members include GitLab, HackerOne, Intel, Okta, Purdue, Uber, and VMware.[7]
In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time General Manager.[8] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new General Manager, and Behlendorf became CTO of the organization.[9]
The OpenSSF houses various initiatives under its working groups.[10] The OpenSSF currently has eight working groups:[11]
The OpenSSF also houses two projects: the code signing and verification service Sigstore[12] and Alpha-Omega, a large-scale effort to improve software supply chain security.[13]
After the Log4Shell vulnerability, the White House held a meeting on software security with government and private sector stakeholders on January 13, 2022.[14] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.[15][16]
| |||
---|---|---|---|
General |
| ||
Software packages |
| ||
Community |
| ||
Organisations |
| ||
Licenses |
| ||
Challenges |
| ||
Related topics |
| ||
|