The Linux Foundation said today it’s presiding over a new foundation that brings some of the world’s most important open-source security initiatives under a new umbrella.

The newly launched Open Source Security Foundation will host security projects such as the Core Infrastructure Initiative, which was set up in response to the infamous Heartbleed vulnerability discovered in the Open SSL protocol in 2014, and the Open Source Security Coalition, founded by GitHub Inc.’s Security Lab in 2019.

OpenSSF’s founding members include some of tech’s biggest names, such as GitHub, Google LLC, IBM Corp., Intel Corp., Microsoft Corp., Red Hat Inc., Uber Technologies Inc. and VMware Inc.

The goal of OpenSSF is to simplify the industry’s open source security efforts by bringing together its most popular projects and the companies that support them. Its founders say that open-source software has become pervasive in today’s technology, used in everything from data centers to c0nsumer devices.

But most open-source software projects are extremely complex, with a long chain of contributors and dependencies that make it difficult to secure. As a result, companies have a pressing need to understand and verify the security of these dependence chains, OpenSSF says.

OpenSSF has already established a Governing Board and Technical Advisory Council and plans to host a range of projects that aim to secure the world’s most popular open-source software. The idea is somewhat similar to that of the Cloud Native Computing Foundation, which is also hosted by the Linux Foundation and is the primary organization that fosters the development of important open-source cloud native software projects such as Kubernetes.

“We believe open source is a public good and across every industry we have a responsibility to come together to improve and support the security of open-source software we all depend on,” said Jim Zemlin, executive director at the Linux Foundation. “Ensuring open source security is one of the most important things we can do and it requires all of us around the world to assist in the effort. The OpenSSF will provide that forum for a truly collaborative, cross-industry effort.”

Constellation Research Inc. analyst Holger Mueller told SiliconANGLE that it’s critical to make open source software more secure as it’s one of the few areas where traditional, proprietary software assets retain an advantage.

“It’s good to see the broad support for this initiative as security cannot be delivered piecemeal,” Mueller said. “Security is too important to become complex, as otherwise the cost of adoption will be too punitive for next generation applications.”

Image: Pixelcreatures/Pixabay