To address the ongoing concerns in the industry regarding supply chain security, AWS has announced it is increasing its investment in the Open Source Security Foundation (OpenSSF) by $10 million over the next three years.  

“Security is our top priority at AWS,” said Mark Ryland, director of the Office of the CISO at AWS. “As a result, we are committed to contributing to the quality and safety of open source software. We see great value in contributing both engineering efforts and also projects, tools, training, and guidelines to help improve the security of open source software. These efforts benefit us, our customers, and the broader community.”

OpenSSF is an initiative that is working to identify and fix security vulnerabilities in open source software. 

The goals of OpenSSF include developing improved tooling, training, research, best practice, and vulnerability disclosure practices.

In October 2021, the Linux Foundation had announced that it raised $10 million for OpenSSF from a number of companies, including Amazon. 

“This pan-industry commitment is answering the call from the White House to raise the baseline for our collective cybersecurity wellbeing, as well as ‘paying it forward’ to open source communities to help them create secure software from which we all benefit,” said Jim Zemlin, executive director at the Linux Foundation, back in October 2021 at the time of the initial announcement. 

In addition to increasing its investment by $10 million, AWS is also promising to commit additional engineering personnel to contribute to open source projects.