Tech companies set up a foundation for securing open source software

Several tech companies, including Microsoft, Red Hat and IBM, have co-founded the Open Source Security Foundation with the Linux Foundation. This foundation will work to make open source software safer through the use of tools and standards.

The OpenSSF is derived from the already existing Open Source Security Coalition. The OSSC members continue in the OpenSSF. The new foundation has been established and is financially supported by the Linux Foundation. In addition to Microsoft, Red Hat and IBM, the co-founders are also GitHub, Google, JP Morgan Chase, the NCC Group, Okta and Owasp.

According to the organization, OpenSSF will initially focus on identifying the biggest security issues for open source software. After that, the foundation will update existing security standards and set up new standards. Tools and metrics are also set up and policies are drawn up for, for example, unlocking software vulnerabilities.

There are various committees within the foundation. Initially, it concerns five groups that focus on security tools, responsible disclosure of vulnerabilities, tracing possible dangers, drawing up large projects and best practices.

According to Microsoft, one of the founders, the initiative is important because open source software can be vulnerable because of the open community. “Open source software is inherently community-driven, so there is no central authority to provide quality and maintenance. Because source code is so easier to copy and clone, it is often complex. In addition, attackers can themselves. maintainers from projects and deploy malware, ”the company says.