- It will combine efforts from the Core Infrastructure Initiative, GitHub’s Open Source Security Coalition and other open source security work from founding governing board members
- The Linux Foundation added that with the formalisation of the group, the open governance structure is established
The Linux Foundation has announced the formation of the Open Source Security Foundation (OpenSSF). It is a cross-industry collaboration that will bring together leaders to improve the security of open source software (OSS) by building a broader community with targeted initiatives and best practices as per Linux Foundation.
It will combine efforts from the Core Infrastructure Initiative, GitHub’s Open Source Security Coalition and other open source security work from founding governing board members like GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others. It added that additional founding members include ElevenPaths, GitLab, HackerOne, Intel, Okta, Purdue, SAFECode, StackHawk, Trail of Bits, Uber and VMware.
It said, “Linux Foundation’s Core Infrastructure Initiative (CII), founded in response to the 2014 HThe eartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab, are just a couple of the projects that will be brought together under the new OpenSSF. The Foundation’s governance, technical community and its decisions will be transparent, and any specifications and projects developed will be vendor agnostic. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.”
Open governance structure
The Linux Foundation added that with the formalisation of the group, the open governance structure is established. It includes a Governing Board (GB), a Technical Advisory Council (TAC) and a separate oversight for each working group and project. It added that OpenSSF intends to host a variety of open source technical initiatives to support security for the world’s most critical open source software. All of this will be done in the open on GitHub.
Jim Zemlin, executive director at The Linux Foundation said, “We believe open source is a public good and across every industry we have a responsibility to come together to improve and support the security of open source software we all depend on. Ensuring open source security is one of the most important things we can do, and it requires all of us around the world to assist in the effort. The OpenSSF will provide that forum for a truly collaborative, cross-industry effort.”