The Linux Foundation has announced that it has raised $10 million in new investments to expand and support the Open Source Security Foundation (OpenSSF). OpenSSF is a cross-industry alliance that congregates various open-source software initiatives under one umbrella to identify and solve cybersecurity vulnerabilities in open-source software and create enhanced vulnerability disclosure practices, research, training, and tooling. Brian Behlendorf, open-source luminary and the primary developer of the Apache Web server, will serve this collaborative effort as General Manager.
Commenting on the alliance's response to U.S. President Joe Biden's Cybersecurity Executive Order, Executive Director at the Linux Foundation, Jim Zemlin stated:
This industry-wide commitment is answering the call from the White House to raise the baseline for our collective cybersecurity wellbeing, as well as ‘paying it forward’ to open source communities to help them create secure software from which we all benefit. We’re pleased to have Brian Behlendorf’s leadership and extensive expertise on building and sustaining large communities and technical projects applied to this work. With the tremendous growth and pervasiveness of open source software, building cybersecurity practices and programs that scale is our biggest task at hand.
The financial commitments come from a diverse set of companies across different industries, including Premier members, such as VMware, Snyk, Red Hat, Oracle, Morgan Stanley, Microsoft, JPMorgan Chase, Intel, IBM, Google, GitHub, Fidelity, Facebook, Ericsson, and Dell Technologies. Additional commitments come from General members, such as Wind River, TideLift, Nutanix, GitLab, Devgistics, Deepfence, AuriStar, Apiiro, and Anchore.
Senior Vice President, CTO and, General Manager of Software and Advanced Technology at Intel Corporation, Greg Lavender stated:
As a long-standing member of the open source software community, Intel contributes daily in the upstream projects we collaborate with. Along with the Linux Foundation, we believe the Open Security Foundation (OpenSSF) is a unique opportunity to engage in projects and efforts focused on improving the quality and security for today and our future. Intel remains committed to providing contributions that benefit open source software supply chains and improving the security posture of critical projects on which our ecosystem depends.
According to the 2020 Open Source Security and Risk Analysis Report by Synopsys, open-source software accounts for at least 70 percent of all software, the OpenSSF provides the "natural, neutral, and pan-industry forum to accelerate the security of the software supply chain". For more information about OpenSSF and The Linux Foundation, head over to the dedicated webpages here and here, respectively.