OpenSSF Formed to Improve Security of Open Source Software

The Linux Foundation has launched a new collaborative open source project called Open Source Security Foundation (OpenSSF), which brings together community efforts from the Core Infrastructure Initiative, GitHub’s Open Source Security Coalition and industry leaders including IBM, Red Hat, Microsoft, Google, and VMware, among others.  

The OpenSSF aims to improve the security of open source software by building a broader community, identifying best practices, and hosting open source technical initiatives on GitHub.

“It will start with a focus on metrics, tooling, best practices, developer identity validation and vulnerability disclosures best practices. In the future, there is a plan to focus resources on the most mission-critical software identified by Harvard’s Lab for Innovation Science” the website states.

The OpenSSF also identifies a set of core values that will guide the foundation’s work, including:

  • Public good
  • Openness and transparency
  • Maintainers first
  • Diversity, inclusion, and representation
  • Empathy

“Open-source software is inherently community-driven and as such, there is no central authority responsible for quality and maintenance. … Given the complexity and communal nature of open source software, building better security must also be a community-driven process,” Mark Russinovich, Chief Technology Officer, Microsoft Azure, said.