The Linux Foundation has announced a new collaboration effort to improve open-source security. The Open Source Security Foundation (OpenSSF) aims to consolidate industry efforts with targeted initiatives and best practices.
According to the Linux Foundation, OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all as open-source software has become more pervasive in data centers, consumer devices, and services.
In addition, projects such as The Linux Foundation’s Core Infrastructure Initiative (CII), which was created in response to the 2014 HeartBleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab, will be brought together under the new OpenSSF.
“We believe open source is a public good and across every industry we have a responsibility to come together to improve and support the security of open source software we all depend on,” said Jim Zemlin, the executive director at The Linux Foundation. “Ensuring open source security is one of the most important things we can do and it requires all of us around the world to assist in the effort. The OpenSSF will provide that forum for a truly collaborative, cross-industry effort.”
Initial members include efforts from the Core Infrastructure Initiative, GitHub’s Open Source Security Coalition and other open source security work from founding governing board members GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others.
OpenSSF intends to host a variety of open source technical initiatives to support security for the world’s most critical open source software, all of which will be done in the open on GitHub, the Linux Foundation stated.
More details on the initiatives are available here.