Linux Foundation Organization on the formation of a new joint project (Open Source Security Foundation), designed to unite the work of leading industry representatives in the field of improving the security of open source software. OpenSSF will continue to develop initiatives such as ΠΈ , as well as integrate other safety-related work undertaken by the project participants.
The founding members of OpenSSF include companies such as , , IBM, JPMorgan Chase, , NCC Group, OWASP Foundation and Red Hat. GitLab, HackerOne, Intel, Uber, VMware, ElevenPaths, Okta, Purdue, SAFECode, StackHawk, and Trail of Bits have joined as members.
It is noted that in the modern world, open source software is widely in demand in many areas of the industry, but due to the specifics of development, its security is influenced by a chain of dependencies and development participants. Therefore, to confirm the security of open projects, it is important to verify not only the main code, but also dependencies, as well as the identification of developers whose code is accepted into the project, and reliable authentication during reviews and commits. In addition, security requires the use of secure assembly systems and assembly verification.
OpenSSF's work will focus on areas such as coordinated information about vulnerabilities and distribution of patches, security tools, best practices for secure organization of development, security-related threats in open source software, work on auditing and strengthening the security of critical open projects, creating tools for checking .
Source: opennet.ru