Open Source Security Foundation
Industry forum on software security
From Wikipedia, the free encyclopedia
The Open Source Security Foundation (OpenSSF) is a cross-industry forum for collaborative improvement of open-source software security.[3][4] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.[5]
| |
| Abbreviation | OpenSSF |
|---|---|
| Predecessor | Core Infrastructure Initiative |
| Formation | 2020 |
| Type | Nonprofit |
| Purpose | Consolidating industry efforts to improve the security of open source software |
| Location |
|
Region served | Worldwide |
| Membership | 116[1] |
General Manager | Steve Fernandez[2] |
Parent organization | Linux Foundation |
| Website | openssf |
History
The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project.[6][7]
In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time general manager.[8] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new general manager, and Behlendorf became CTO of the organization.[9]
Activity
Working groups and projects
The OpenSSF houses various initiatives under its 10 current working groups.[10][11] The OpenSSF also houses two projects: the code signing and verification service Sigstore[12] and Alpha-Omega, a large-scale effort to improve software supply chain security.[13]
Policy
The White House held a meeting on software security with government and private sector stakeholders on January 13, 2022.[14] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.[15][16] In August 2023, the OpenSSF served as an advisor for DARPA's AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity.[17] In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software.[18]
