SAN FRANCISCO, Aug. 17, 2022 The Open Source Security Foundation (OpenSSF), a cross-industry organization hosted at the Linux Foundation that brings together the world's most important software supply chain security initiatives, on Wednesday announced 13 new members from leading financial services, technology, employment, software development, cybersecurity, telecommunications, and academic sectors.
New premier member, Capital One, joins the OpenSSF Governing Board. New general member commitments come from Akamai, Indeed, Kasten by Veeam, Scantist, SHE BASH, Socket Security, Sysdig, Timesys, and ZTE Corporation. New associate members include Eclipse Foundation, Purdue University, and TODO Group. "We are excited to welcome new members to the OpenSSF," says Brian Behlendorf, General Manager of OpenSSF. "As open source software security vulnerabilities continue to draw attention from governments and businesses around the world, interest in the work of the OpenSSF has been rapidly increasing."
"A growing community of organizations, developers, researchers, and security professionals are investing the time and resources needed to strengthen open source security," said Jamie Thomas, OpenSSF Board Chair and IBM Enterprise Security Executive. "New members of OpenSSF are joining at a time when cross-industry collaboration and innovation are needed more than ever to proactively respond to pervasive cybersecurity threats."
Resolving the systemic issues that led to major security vulnerabilities like the Log4shell incident emphasizes the urgency and importance of the work of OpenSSF. A recent Cyber Safety Review Board report declared that Log4j has become an "endemic vulnerability" that will be exploited for years to come and that the 10-point mobilization plan introduced earlier this year at the Open Source Software Security Summit II by the OpenSSF will improve the resiliency and security of open source software.
OpenSSF will host a full day of sessions on Tuesday, Sept. 13, at OpenSSF Day EU on the eve of Open Source Summit Europe (OSS EU) in Dublin. Working Group leaders and community members will host sessions, panels, and fireside chats about ongoing work to secure the software supply chain and the future of open source security. Registration and attendance are free for all those attending the OSS EU.
Premier Member Quote
Capital One
"Today some of the most groundbreaking digital experiences created for customers are based on open source software. As a company that widely adopts this technology, Capital One is incredibly proud to join the OpenSSF and the world's technology leaders as we collaborate to strengthen the software security supply chain. As a highly regulated company, we are seasoned in managing compliance and governance and advocate for standardization, automation and collaboration. We look forward to working together to identify solutions that advance the OpenOSSF mission and give back to the open source community."
General Member Quotes
Akamai
"Improving the security of open source software so central to the internet ecosystem is one of the most critical security challenges we face today. Only by gaining visibility into the network and the software supply chain can we reliably address security flaws when they occur at the code level. The technology community must support the open source communities we depend on with financial and technological resources to limit our collective risk. As a leading security and cloud services provider, we look forward to contributing to the Open Source Security Foundation and helping to advance this important work."
Kasten by Veeam
"We are honored to be part of the Open Source Security Foundation (OpenSSF) and champion this initiative alongside our peers. Kasten by Veeam has an open source heritage, and with Kubernetes data protection as our core offering, security remains a critical underpinning for Kasten K10 design and implementation. As Kubernetes adoption continues to fuel Digital Transformation journeys for enterprises, more attention is rightfully being placed on security, especially with the inexorable rise of ransomware attacks. Kasten by Veeam is committed to ensuring the security and data protection of cloud native environments to better protect business applications."
Scantist
"On one hand, the software industry is benefiting substantially from the rapid growth of open source, which has become the basic building blocks of the digital world. On the other hand, open source security is becoming more critical and all these risks are multiplied by the interdependent nature of open source. Now as a member of OpenSSF, we would like to contribute to the OpenSSF missions based on our recent research on open source ecosystem analysis to provide a quantitative view to understand the complexity and security of open source. We want to become the active participant, evangelist and ambassador for OSS governance in southeast Asia to promote open source software supply chain security."
SHE BASH
"Since our inception, SHE BASH has witnessed a variety of predatory industry practices that get shielded from extensive scrutiny via the protective veil of closed source. At our core, open source software is a public institution that enables everyone to build their future.
"The combination of decades of apathy and the incentive mechanisms that sustain a culture of 'don't care' has allowed our company to stand out among tech's largest and most culpable companies. We have always considered 'best practice first' as one of the main value propositions we can provide as a company, albeit a small one. Open Source Software provided us the level playing field to make differences in key technological shifts within the public sector, and the evolution of these shifts are the development of best practices born from the open source that sustains all software life today. It's a true honor to be of assistance to the work OpenSSF is leading to remedy large structural mistakes that grew from decades of neglect."
Socket Security
"As maintainers of open source packages which are installed over 1 billion times per month, the Socket team is intimately familiar with the massive growth in open source dependency usage. Modern applications use thousands of dependencies written by hundreds of maintainers, and installing even one package leads to dozens of transitive dependencies coming along for the ride. Unfortunately, it is far too easy for a bad actor to infiltrate the software supply chain and wreak havoc. That's why Socket is proud to join OpenSSF and do our part to make open source safe for everyone with our industry-leading approach to software composition analysis which is used by thousands of companies to detect and prevent supply chain attacks. The Socket team is excited to work with other OpenSSF member companies to safeguard the open source ecosystem for everyone."
Sysdig
Sysdig is proud to be part of OpenSSF and work together to help guide open source security standards and secure the software supply chain. As a cloud security company built on open source, we believe the industry must come together to strengthen software for the common good. Having created and contributed Falco to the CNCF to help secure the runtime, we look forward to continuing open collaboration in the OpenSSF. The future of security is open, and what we do now will shape software forever."
Timesys
"With software supply chain breaches up more than 650%, securing the software supply chain is a big focus. We've been working for more than 5 years developing technology to help secure, monitor, and maintain open source-based embedded Linux and Android devices from exposures and vulnerabilities. We are so excited to be joining up on this community effort with OpenSSF and to be a part of the Linux Foundation again. By sharing technology and collaborating to build ecosystems that accelerate open-source technology development, device manufacturers and consumers everywhere will be able to rest easier knowing they are secure."
ZTE Corporation
"We are very pleased to join the OpenSSF. As a world-leading communication equipment manufacturer, more and more open source software is used by us. While actively embracing open source software, it also brings unprecedented risks to software supply chain security. ZTE Corporation has made many efforts to control and manage risks, and regard them as our top priority. After joining the OpenSSF, ZTE Corporation works with a group of members with similar visions and goals to promote the development of open source software supply chain towards a more secure direction."
Additional Resources
About OpenSSF
The Open Source Security Foundation (OpenSSF) is a cross-industry organization hosted by the Linux Foundation that brings together the industry's most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at: openssf.org.
About the Linux Foundation
Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world's leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world's infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation's methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The rest is here:
OpenSSF Announces 13 New Members Committed to Strengthening the Security of the Open Source Software Supply Chain - DARKReading
- Labour frontbencher advocates for open source software and regulatory innovation - Computing - February 9th, 2024
- Open Source Software: Meaning, Importance, and Examples | Spiceworks - Spiceworks News and Insights - February 9th, 2024
- Office of National Cyber Director Issues 2023 Year-End Report on Open Source Software Security Initiative - Executive Gov - February 1st, 2024
- 40 Must-Have Free Open Source Software for 2023 - Tecmint - October 16th, 2023
- What Is Open Source Software and How Does It Work? | Synopsys - March 5th, 2023
- 15 Best Open Source Software You Must Try in 2023 - Turing - February 25th, 2023
- Cyber Security Today, Feb. 24, 2023 Holes in open source software, ransomware gang tries to evade cyber insurers and more - IT World Canada - February 25th, 2023
- What is Open Source Software? - SourceForge Articles - February 15th, 2023
- About the Open Source Initiative | Open Source Initiative - December 28th, 2022
- Comparison of free and open-source software licenses - December 20th, 2022
- Building an open source software community - SAS Users - December 4th, 2022
- The US Securing Open Source Software Act of 2022 is a step in the right direction - TechCrunch - November 25th, 2022
- Microsoft: Hackers are using open source software and fake jobs in ... - November 17th, 2022
- Open Source Software Directory - OSSD - October 23rd, 2022
- Source Code for Open Source Software Components - Oracle - October 15th, 2022
- We dont teach developers how to write secure software Linux Foundations David A Wheeler on reversing the CVE surge - The Daily Swig - October 15th, 2022
- Learn Linux online for free with Linux Foundation Courses from edX - TechRepublic - October 15th, 2022
- The Blockchain Sector is growing with the help of Open-Source Technology - Wales 247 - October 15th, 2022
- GCHQ chief warns of Chinese . US open source software bill advances. Financial Stability Board on crypto regulation. - The CyberWire - October 15th, 2022
- When transparency is also obscurity: The conundrum that is open-source security - Help Net Security - October 7th, 2022
- You thought you bought software all you bought was a lie - The Register - October 7th, 2022
- Linux Foundation Energy Gains More Industry Support to Drive the Energy Transition - PR Newswire - October 7th, 2022
- State of Open Source Survey By OpenLogic To Take Place In 2023 - Open Source For You - September 29th, 2022
- 15-Year-Old Python Vulnerability Still Affects Over 350,000 Open-Source Projects - Spiceworks News and Insights - September 29th, 2022
- How Can Open Source Sustain Itself without Creating Burnout? - thenewstack.io - September 29th, 2022
- OpenAI opens doors to DALL-E after the horse has bolted to Midjourney and others - The Register - September 29th, 2022
- Red Hat And NdcTech Collaborate To Deliver Solutions Based On Open Source - Open Source For You - September 21st, 2022
- Paladin Cloud Joins the Cloud Native Computing Foundation - GlobeNewswire - September 21st, 2022
- Open Source Software - W3 - September 13th, 2022
- Understanding the hows and whys of open source audits - Security Boulevard - September 13th, 2022
- New Metaverse Track at O3DCon to Tackle Big Questions and Practical Applications of Emerging Graphical Technology - PR Web - September 13th, 2022
- TechOps is a mess: Open source is the solution - BetaNews - September 13th, 2022
- Rezilion Recognized as SBOM Tool Provider in Gartner Emerging Technologies Trend Report on Software Bills of Materials (SBOM) USA - English - USA -... - September 13th, 2022
- Open Security: The next step in the evolution of cybersecurity - SC Media - September 13th, 2022
- 11 Interesting Firefox Add-ons to Improve Your Browsing Experience - It's FOSS - September 13th, 2022
- why the giants fight over open source - Gearrice - September 5th, 2022
- Compare Files in Linux With These Tools - It's FOSS - September 5th, 2022
- Microsoft and ByteDance are collaborating on a big AI project, even as US-China rivalry heats up - CNBC - August 28th, 2022
- How W4 plans to monetize the Godot game engine using Red Hats open source playbook - TechCrunch - August 20th, 2022
- Secure Open Source Rewards' to help in preventing assaults on the software supply chain. Check out how! - Economic Times - August 20th, 2022
- Free Dev Tools! But Whats the Catch? - DevOps.com - August 20th, 2022
- This Company is Aiming to Do to the Guest what VMWare and AWS Did to the Host - GeekWire - August 20th, 2022
- What Is Open-Source Software? (Definition and Examples) - August 12th, 2022
- What is open source software? | IBM - August 12th, 2022
- 55+ Best Open Source PC Software for almost Everything - August 12th, 2022
- 80 percent of enterprises use open source software and nearly all worry about security - BetaNews - August 12th, 2022
- The US Military Should Red-Team Open Source Code - Defense One - August 12th, 2022
- Boeing joins the ELISA Project as a Premier Member to Strengthen its Commitment to Safety-Critical Applications - PR Newswire - August 12th, 2022
- Looking for simplicity in the cloud? The future is going to be open and hybrid - The Register - August 12th, 2022
- AAIS & The Linux Foundation Welcome Jefferson Braswell as openIDL Project Executive Director - The Bakersfield Californian - August 4th, 2022
- Wicked Good Development Episode 13: Hacks and Ax, July Edition - Security Boulevard - August 4th, 2022
- Microsoft changes its policy against the sale of open source software in the Microsoft Store - BetaNews - July 26th, 2022
- BMW Group Joins the Linux Foundation's Yocto Project - PR Newswire - July 18th, 2022
- Free and Open Source Software (FOSS) - UNESCO - July 9th, 2022
- Know Your Enemy and Yourself: A Deep Dive on CISA KEV - Security Boulevard - June 29th, 2022
- CD Foundation Announces State of CD in 2022 Report, Opens Third Annual cdCon with New Project CDEvents, New... - DevOps.com - June 10th, 2022
- Samsung teams up with Red Hat for memory software development - The Korea Herald - May 25th, 2022
- OpenSSF Helping to Secure Open Source Software - ITPro Today - May 25th, 2022
- Only Microsoft can give open-source the gift of NTFS. Only Microsoft needs to - The Register - May 11th, 2022
- Protestware: what organisations should be aware of when using open source software - Lexology - May 11th, 2022
- This Week in Washington IP: Open Source Cybersecurity Solutions, Civil Capabilities for Space Situational Awareness and Using AI for Effective RegTech... - May 11th, 2022
- Red Hat Expands Capabilities to Provide Streamlined Application Development and Delivery in the Cloud - Business Wire - April 28th, 2022
- Industry 4.0 why smart manufacturing is moving closer to the edge - The Register - April 28th, 2022
- Open source software and DevOps: What are they, and how can your business benefit? - SmartCompany - April 13th, 2022
- Truist Joins the Open Invention Network - GlobeNewswire - April 13th, 2022
- OpenMetal Joins the Open Infrastructure Foundation - PR Newswire - April 13th, 2022
- An Early Test of The Adams Administration's Values and Tech Prowess - Gotham Gazette - April 13th, 2022
- Open Source Software Faces Threats of Protestware and Sabotage - WIRED - April 1st, 2022
- The Promise of Open Source Code and the Paradox of ProtestWare - Security Boulevard - April 1st, 2022
- Software Composition Analysis Market to Witness Massive Growth by 2029 | Open Source Software, Oracle, Smartbear Software - Digital Journal - April 1st, 2022
- Why now is the time to host your code in the cloud - TechRadar - April 1st, 2022
- Those looking for clues to Googles search demise are asking the wrong question - TechRepublic - April 1st, 2022
- Open Source Sabotage Incident Hits Software Supply Chain | eSecurityPlanet - eSecurity Planet - January 15th, 2022
- Open-source software and threats to critical infrastructure. - The CyberWire - January 15th, 2022
- Google wants secure open-source software to be the future - TechRadar - January 15th, 2022
- Baumer, Infineon, Qualcomm Innovation Center, Percepio and Silicon Labs Select Zephyr RTOS for their Next Generation of Products and Solutions - Yahoo... - January 15th, 2022
- How Open Source Is Shaping The World Around Us - Outlook India - December 19th, 2021
- The Projects and People That Shaped Security in 2021 The New Stack - thenewstack.io - December 19th, 2021
- Log4j: Where's Fancy Bear been? Right there, choppin' lumber... - The CyberWire - December 19th, 2021
- Aqua Security acquires Argon to protect the software supply chain - VentureBeat - December 6th, 2021