Linux Foundation raises $10M to support open-source security project
The funding came from members of the foundation. The long lineup: Dell Technologies Inc., Telefonaktiebolaget LM Ericsson, Facebook Inc., Fidelity Investments Inc., GitHub Inc., Google LLC, International Business Machines Corp., Intel Inc., JPMorgan Chase & Co., Microsoft Corp., Morgan Stanley, Oracle Corp., Red Hat Inc., Snyk Inc., VMware Inc., Anchore Inc., Apiiro LLC, AuriStar Technologies Inc., Deepfence Inc., Devgistics, GitLab Inc., Nutanix Inc., Tidelift Inc. and Wind River Systems Inc.
The Open Source Security Foundation, launched as a project of the Linux Foundation earlier this year, is a cross-industry collaboration that brings together multiple open-source software initiatives to identify and fix cybersecurity vulnerabilities in open-source software. OpenSSF also develops improved tooling, training, research, best practices and vulnerability disclosure practices.
OpenSSF hosts a variety of open-source software, open standards and other open content work for improving security. Notable among them are a Security Scorecard, a fully automated tool that assesses important check associated with software security, and a Best Practices Badge, a set of Core Infrastructure Initiative best practices for producing higher-quality secure software.
Other offerings include security policies, a security framework to increase software supply chain integrity, free training, vulnerability disclosures, package analysis, security reviews and research.
The security issues with open-source software are well-known. Open-source software is often used in commercial software, introducing vulnerabilities. At the Black Hat Conference in August, open-source software was noted as a critical cybersecurity risk: With an ever-changing roster of open-source maintainers, security can easily fall through the cracks.
The OpenSSF offers a natural, neutral and pan-industry forum to accelerate the security of the open-source software supply chain, according to the Linux Foundation.
“This industrywide commitment is answering the call from the White House to raise the baseline for our collective cybersecurity well-being, as well as ‘paying it forward’ to open source communities to help them create secure software from which we all benefit,” Jim Zemlin, executive director at the Linux Foundation, said in a statement. “With the tremendous growth and pervasiveness of open source software, building cybersecurity practices and programs that scale is our biggest task at hand.”
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.