Securing Open Source Code with the Linux Foundation – Security Boulevard

Posted on by

Today we are pleased to announce an important step in our mission to secure code. We have donated a sizable contribution to the LFx security module at the Linux Foundation so it now includes automatic scanning for secrets-in-code and non-inclusive language. Our contribution was announced on stage at the Linux Foundation Member Summit today in Napa.

LFx is a free, community resource that provides security and other services to open source developers and projects. Tens of millions of developers rely on projects hosted across the LFx platform. So in short, our alliance with the Linux Foundation means we can do a lot of good, for a lot of developers. And since over 99% of all codebases contain some open source code, its absolutely vital to give these developers the best tools to secure their code if we want to make a dent in code security.

At BluBracket we know how important it is to prevent secrets from ending up in code. And when its open source used by millions downstream, its even more crucial.

Why did we make this contribution? The security of our software supply chain must become a priority for all of us. As weve seen with high-profile attacks, hackers are going after code and becoming ever more sophisticated in their attacks on open source in order to get into commercial products. We must arm open source projects with the absolute best technology to keep their code safe, and we believe our contributed IPcombined with the vulnerability detection capabilities provided by Snyk and Linux Foundations own engineering team does exactly that.

Our contribution also helps projects quickly and easily find and replace non-inclusive language such as Master/Slave, etc. so projects can remain welcoming. Working with the Inclusive Naming Initiative, we are proud of how this tool has already been used by projects to solve this thorny issue.

We look forward to continued collaboration with the open source community on code security. As we work with these projects, we also expect to see innovation and improvements travel downstream to our corporate clients, which should result in enhanced code security up and down the software supply chain.LFX Security is free and available for use today at https://lfx.linuxfoundation.org/tools/security/

*** This is a Security Bloggers Network syndicated blog from BluBracket: Code Security & Secret Detection authored by blubracket. Read the original post at: https://blubracket.com/open-source-code-linux-foundation/

Read the original post:

Securing Open Source Code with the Linux Foundation - Security Boulevard

Related Posts
This entry was posted in $1$s. Bookmark the permalink.