Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 History 2 Activity 2.1 Working Groups and Projects 2.2 Policy 3 See also 4 References 5 External links

User:Llightex/Open Source Security Foundation

●User page ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●User contributions ●User logs ●View user groups ●Upload file ●Special pages ●Permanent link ●Page information ●Get shortened URL ●Download QR code Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia < User:Llightex

Open Source Security Foundation

Abbreviation	OpenSSF
Predecessor	Core Infrastructure Initiative
Formation	2020; 4 years ago (2020)
Type	Nonprofit
Purpose	Consolidating industry efforts to improve the security of open source software
Location	San Francisco, United States
Region served	Worldwide
Membership	94^[1]
General Manager	Omkhar Arasaratnam
Chief Technology Officer	Brian Behlendorf
Parent organization	Linux Foundation

The Open Source Security Foundation (OpenSSF) is a cross-industry forum for a collaborative effort to improve open-source software security.^[2]^[3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.^[4]

History[edit]

The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project.^[5]^[6] The list of founding governing board members includes GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat.^[7] Other founding members include GitLab, HackerOne, Intel, Okta, Purdue, Uber, and VMware.^[7]

In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time General Manager.^[8] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new General Manager, and Behlendorf became CTO of the organization.^[9]

Activity[edit]

Working Groups and Projects[edit]

The OpenSSF houses various initiatives under its working groups.^[10] The OpenSSF currently has eight working groups:^[11]

Best Practices for Open Source Developers
Securing Software Repositories
End Users
Security Tooling
Identifying Security Threats in Open Source Projects
Supply Chain Integrity
Securing Critical Projects
Vulnerability Disclosures

The OpenSSF also houses two projects: the code signing and verification service Sigstore^[12] and Alpha-Omega, a large-scale effort to improve software supply chain security.^[13]

Policy[edit]

After the Log4Shell vulnerability, the White House held a meeting on software security with government and private sector stakeholders on January 13, 2022.^[14] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.^[15]^[16]

References[edit]

^ "Members". Open Source Security Foundation. Retrieved 2023-05-22.

^ "Google, Microsoft, GitHub, and Others Join the Open Source Security Foundation". infoq.com. Retrieved 10 August 2022.

^ "Uniting for better open-source security: The Open Source Security Foundation". ZDNet. Retrieved 10 August 2022.

^ "OpenSSF details advancements in open-source security efforts". VentureBeat. 2022-06-21. Retrieved 2023-01-10.

^ Anderson, Tim. "Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns". www.theregister.com. Retrieved 2023-05-22.

^ "Home". Core Infrastructure Initiative. Retrieved 2023-01-20.

^ ^a ^b "Technology and Enterprise Leaders Combine Efforts to Improve Open Source Security - Open Source Security Foundation". openssf.org. 3 August 2020. Retrieved 10 August 2022.

^ "Tech giants commit $10M annually to Open Source Security Foundation". VentureBeat. 2021-10-13. Retrieved 2023-05-22.

^ danwillis (2023-05-12). "Cross-industry organisation OpenSSF snaps up $5m". FinTech Global. Retrieved 2023-05-22.

^ Zorz, Mirko (2023-05-18). "Enhancing open source security: Insights from the OpenSSF on addressing key challenges". Help Net Security. Retrieved 2023-05-22.

^ "OpenSSF Working Groups". Open Source Security Foundation. Retrieved 2023-05-22.

^ Vizard, Mike (2022-10-27). "Sigstore Code Signing Service Becomes Generally Available". DevOps.com. Retrieved 2023-05-22.

^ Vaughan-Nichols, Steven J. (2022-10-06). "Alpha-Omega Dishes out Cash to Secure Open Source Projects". The New Stack. Retrieved 2023-05-22.

^ House, The White (2022-01-14). "Readout of White House Meeting on Software Security". The White House. Retrieved 2023-05-22.

^ Vaughan-Nichols, Steven J. (2023-01-24). "OpenSSF Aimed to Stem Open Source Security Problems in 2022". The New Stack. Retrieved 2023-05-22.

^ Page, Carly (2022-05-16). "Tech giants pledge $$ to boost open source software security". TechCrunch. Retrieved 2023-05-22.

External links[edit]

Linux Foundation

Sub-foundations

Initiatives

Projects

Free and open-source software

General

Types and
standards

Challenges