UPDATED 12:00 EDT / OCTOBER 13 2021


Linux Foundation raises $10M to support open-source security project

The Linux Foundation today announced it had raised $10 million in new investments to expand and support its Open Source Security Foundation project.

The funding came from members of the foundation. The long lineup: Dell Technologies Inc., Telefonaktiebolaget LM Ericsson, Facebook Inc., Fidelity Investments Inc., GitHub Inc., Google LLC, International Business Machines Corp., Intel Inc., JPMorgan Chase & Co., Microsoft Corp., Morgan Stanley, Oracle Corp., Red Hat Inc., Snyk Inc., VMware Inc., Anchore Inc., Apiiro LLC, AuriStar Technologies Inc., Deepfence Inc., Devgistics, GitLab Inc., Nutanix Inc., Tidelift Inc. and Wind River Systems Inc.

The Open Source Security Foundation, launched as a project of the Linux Foundation earlier this year, is a cross-industry collaboration that brings together multiple open-source software initiatives to identify and fix cybersecurity vulnerabilities in open-source software. OpenSSF also develops improved tooling, training, research, best practices and vulnerability disclosure practices.

OpenSSF hosts a variety of open-source software, open standards and other open content work for improving security. Notable among them are a Security Scorecard, a fully automated tool that assesses important check associated with software security, and a Best Practices Badge, a set of Core Infrastructure Initiative best practices for producing higher-quality secure software.

Other offerings include security policies, a security framework to increase software supply chain integrity, free training, vulnerability disclosures, package analysis, security reviews and research.

The security issues with open-source software are well-known. Open-source software is often used in commercial software, introducing vulnerabilities. At the Black Hat Conference in August, open-source software was noted as a critical cybersecurity risk: With an ever-changing roster of open-source maintainers, security can easily fall through the cracks.

The OpenSSF offers a natural, neutral and pan-industry forum to accelerate the security of the open-source software supply chain, according to the Linux Foundation.

“This industrywide commitment is answering the call from the White House to raise the baseline for our collective cybersecurity well-being, as well as ‘paying it forward’ to open source communities to help them create secure software from which we all benefit,” Jim Zemlin, executive director at the Linux Foundation, said in a statement.  “With the tremendous growth and pervasiveness of open source software, building cybersecurity practices and programs that scale is our biggest task at hand.”

Image: OpenSSF

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy