The Linux Foundation has founded a new cooperation with the designation Open Source Security Foundation (OpenSSF), which should improve corporate and industry-increasing the safety of Open Source Software (OSS). The aim according to qualification in the blog The Linux Foundation is the development of best practices of IT security for light-off software.
The new foundation is intended to combine the existing approaches of the Core Infrastructure Initiative (CII) and the Open Source Security Coalition and other individual initiatives founded by GITHUB 2019 and continue under a common roof. To the basic members, among others, Github, Google, IBM, JPMorgan Chase, Microsoft, the NCC Group, the OWASP Foundation and Red Hat. Further supports are, for example, Gitlab, Hackeron, Uber and VMware.
Background is the increasing proportion of open source techniques in data centers, end-user guards and services that lead to a chain of contributors and disciplines. According to Linux Foundation, the security officers of a company or an organization use possibilities to understand and check the security of these dependency chains. This requirement should now cover the OpenSSSF.
Safety of Open Source as public
"Open Source is a public", The Executive Director of the Linux Foundation blinds out. The OpenSSSF was intended as a forum for Community, industry-engraving efforts. In 2014, the Linux Foundation had founded the CII in response to the Heartbleed Bug, the OpenSSSF is now the most important open source security initiatives and the developers and companies behind it. Open Governance is the motto: The technical community as well as the decisions should be transparent, and art specifications and projects have the specification of manufacturer’s neutritat.
Further information can be found in the blog of the Linux Foundation. The OpenSSSF already has its own internet language, where interested people can informe be informed.