SAN FRANCISCO, July 28, 2021 /PRNewswire/ -- OpenSSF, a
cross-industry collaboration to secure the open source ecosystem,
today announced new membership commitments to advance open source
security education and best practices. New members include
Accurics, Anchore, Bloomberg Finance, Cisco Systems, Codethink,
Cybertrust Japan, OpenUK, ShiftLeft, Sonatype and Tidelift.
Open source software (OSS) has become pervasive in data centers,
consumer devices and services, representing its value among
technologists and businesses alike. Because of its development
process, open source has a chain of contributors and dependencies
before it ultimately reaches its end users. It is important that
those responsible for their user or organization's security are
able to understand and verify the security of this dependency
supply chain.
"The massive support we're seeing for the OpenSSF and its
initiatives is a reflection of the industry-wide commitment to
secure open source software," said Kay
Williams, Governing Board Chair, OpenSSF, and Supply Chain
Security Lead, Azure Office of the CTO, Microsoft. "We welcome the
latest OpenSSF new members and look forward to their
contributions."
The new Scorecard 2.0 is also available now and includes
new security checks, scaled up the number of projects being scored,
and made this data easily accessible for analysis. The Scorecard is
gaining adoption for automating analysis and trust decisions on the
security posture of open source projects.
The OpenSSF is a cross-industry collaboration that brings
together technology leaders to improve the security of OSS. Its
vision is to create a future where participants in the open
source ecosystem use and share high quality software, with security
handled proactively, by default, and as a matter of
course. Its working groups include Securing Critical
Projects, Security Tooling, Identifying Security Threats,
Vulnerability Disclosures, Digital Identity Attestation, and Best
Practices.
OpenSSF has more than 45 members and associate members
contributing to working groups, technical initiatives and governing
board and helping to advance open source security best practices.
For more information on founding and new members, please visit:
https://openssf.org/about/members/
Membership is not required to participate in the OpenSSF. For
more information and to learn how to get involved, including
information about participating in working groups and advisory
forums, please visit https://openssf.org/getinvolved.
New Member Comments
Anchore
"As maintainers
of multiple open source projects and a vendor working to help
organizations secure their software supply chains, the current
security challenges are ever present for us. Joining the OpenSSF
enables us to work across the wider community to develop best
practices and ensure that everyone benefits from this coordinated
industry effort," said Neil Levine,
Vice President of Product at Anchore.
Cisco
"As a global technology leader, Cisco has a
responsibility to ensure the software that the world builds,
deploys, and interacts with is secure to use, without compromising
the user experience," said Stephen
Augustus, head of open source at Cisco. "Cisco is delighted
to openly collaborate with the OpenSSF member organizations to
define policy and deliver tooling that helps organizations build
and run secure applications."
Codethink
"As a software consultancy trusted by our
clients to provide impartial advice when choosing software to
depend on, and processes to adopt, Codethink is pleased to join the
OpenSSF to help to promote Open Source solutions to our clients and
secure the future of those solutions openly and collaboratively.
Codethink has long been a proponent of the use of Open Source
software in industry, and in promoting participation as a way to
mitigate risk. With the OpenSSF, we see many possible avenues to
furthering these goals to the benefit of all," said Javier Jardón,
Head of Automotive Strategy at Codethink.
Cybertrust Japan
"Cybertrust Japan, a developer of
embedded Linux for industrial use, is pleased to join the
OpenSSF based on the agreement with the activities which
continuously promote the security of OSS gathering
community-centric and cross-industry participants. We are
looking forward to contributing to open source community through
our involvement with OpenSSF and their working groups utilizing our
secure technology regarding our Linux OS for IoT devices and our
trust services that protect the IoT lifecycle with a trust chain."
said Yasutoshi Magara, President
& CEO, Cybertrust Japan.
OpenUK
"Open Technology plays a vital role in
the global economy, powering services like cloud computing. It has
a good reputation for software quality, stability and security, but
inevitably there are issues discovered over time. Where open source
has an advantage is how organisations collaborate, improve code and
work together to manage notifications and updates to all the
community members and users involved around a project's ecosystem.
OpenUK is pleased to join the OpenSSF and help the development and
adoption of best practices for companies, communities and users
within the software supply chain," said Amanda Brock, CEO and Chief Policy Officer,
OpenUK
ShiftLeft
"We are honored to have been accepted into
the Open Source Security Foundation, and support their vision to
create a future where participants in the open source ecosystem use
and share high quality software, with security handled proactively,
by default, and as a matter of course," said Chetan Conikee, CTO,
ShiftLeft. "Like many of our customers, ShiftLeft has benefited
greatly from leveraging open source software to build our
differentiated products and features. This new juncture further
strengthens our commitment of giving back to the community by
empowering organizations with code, enabling them with the ability
to build and run secure applications."
Sonatype
"As the maintainers of the largest
repository of open source components in Maven Central, we have a
unique view into how great the demand for open source has become in
recent years. However, as that demand has grown, bad actors have
recognized the power of open source and are seeking to use that
against the industry. As these software supply chain attacks become
more commonplace, open source developers have become the frontline
of this new battle," said Brian Fox,
CTO of Sonatype."One of our key missions at Sonatype is to help
organizations continuously harness all of the good that open source
has to offer, without any of the risk, and OpenSSF and its members
share a similar vision. We're thrilled to officially join OpenSSF
and collectively work with other members to keep open source
ecosystems safe and secure, as we all figure out how to battle both
new and old attacks on the community."
Tidelift
"Open source has become the de facto
development platform, providing the building blocks for the
majority of modern applications. Yet most organizations struggle to
effectively manage the health and security of their open source
software supply chain. We look forward to collaborating with the
members of the OSSF and our open source maintainer partners to
proactively make open source software more secure for everyone.,"
said Donald Fischer, CEO and
co-founder, Tidelift.
About the Open Source Security Foundation
(OpenSSF)
Hosted by the Linux Foundation, the OpenSSF
(launched in August 2020) is a
cross-industry organization that brings together the
industry's most important open source security initiatives and the
individuals and companies that support them. It combines the Linux
Foundation's Core Infrastructure Initiative (CII), founded in
response to the 2014 Heartbleed bug, and the Open Source Security
Coalition, founded by the GitHub Security Lab to build a community
to support the open source security for decades to come. The
OpenSSF is committed to collaboration and working both upstream and
with existing communities to advance open source security for
all.
The Linux Foundation has registered trademarks and uses
trademarks. For a list of trademarks of The Linux Foundation,
please see our trademark usage page:
https://www.linuxfoundation.org/trademark-usage. Linux is a
registered trademark of Linus Torvalds.
Media Contact
Jennifer
Cloer
for the Linux Foundation
503-867-2304
jennifer@storychangesculture.com
View original
content:https://www.prnewswire.com/news-releases/open-source-ecosystem-gains-new-support-for-securing-the-worlds-most-critical-and-pervasive-software-301343329.html
SOURCE OpenSSF