- New members include Accurics, Anchore, Bloomberg Finance, Cisco Systems, Codethink, Cybertrust Japan, OpenUK, ShiftLeft, Sonatype and Tidelift
- The new Scorecard 2.0 is also available now and includes new security checks, scaled up the number of projects being scored, and made this data easily accessible for analysis
OpenSSF, a cross-industry collaboration to secure the open source ecosystem has announced new membership commitments to advance open source security education and best practices. New members include Accurics, Anchore, Bloomberg Finance, Cisco Systems, Codethink, Cybertrust Japan, OpenUK, ShiftLeft, Sonatype and Tidelift.
Open source software (OSS) has become pervasive in data centers, consumer devices and services, representing its value among technologists and businesses alike. Due to this, open source has a chain of contributors and dependencies before it ultimately reaches its end users. It is important that those responsible for their user or organization’s security are able to understand and verify the security of this dependency supply chain.
Kay Williams, Governing Board Chair, OpenSSF, and Supply Chain Security Lead, Azure Office of the CTO, Microsoft said, “The massive support we’re seeing for the OpenSSF and its initiatives is a reflection of the industry-wide commitment to secure open source software. “We welcome the latest OpenSSF new members and look forward to their contributions.”
The new Scorecard 2.0 is also available now and includes new security checks, scaled up the number of projects being scored, and made this data easily accessible for analysis.
The OpenSSF is a cross-industry collaboration that brings together technology leaders to improve the security of OSS. Its working groups include Securing Critical Projects, Security Tooling, Identifying Security Threats, Vulnerability Disclosures, Digital Identity Attestation, and Best Practices.