OpenSSF (Open Source Security Foundation) ta gabatar da aikin Alpha-Omega, da nufin inganta tsaro na buɗaɗɗen software. Za a fara saka hannun jari don bunkasa aikin a cikin adadin dala miliyan 5 da ma'aikata don kaddamar da shirin Google da Microsoft. Ana kuma ƙarfafa sauran ƙungiyoyi don shiga, ta hanyar samar da ƙwararrun injiniya da kuma a matakin kuɗi, wanda zai taimaka wajen fadada yawan ayyukan buɗaɗɗen da shirin zai rufe. Bugu da kari, a karshen shekarar da ta gabata, an ware dala miliyan 10 domin gudanar da ayyukan gidauniyar OpenSSF, ko za a yi amfani da wadannan kudade wajen shirin Alpha-Omega.
Aikin Alpha-Omega ya ƙunshi sassa biyu:
- Wani ɓangare na Alpha ya ƙunshi gudanar da binciken tsaro na hannu na ayyukan buɗaɗɗen tushe guda 200 da aka yi amfani da su sosai, waɗanda suka fi shahara don amfani da su ta hanyar dogaro ko abubuwan abubuwan more rayuwa. Za a gudanar da aikin tare da haɗin gwiwar masu kiyayewa kuma za su haɗa da bincike na tsari na lambar don gano sababbin raunin da sauri da kuma gyara su.
- Wani ɓangare na Omega yana mai da hankali kan gudanar da gwaji ta atomatik na manyan mashahuran ayyukan buɗe tushen guda dubu 10. Za a ƙirƙiri wata ƙungiyar injiniyoyi daban don gudanar da gwaji, haɓaka hanyoyin da aka yi amfani da su, nazarin sakamakon gwaji, sadar da bayanai ga masu haɓaka ayyukan da daidaita haɗin gwiwa don warware matsaloli masu mahimmanci. Babban aikin wannan ƙungiyar zai kasance ƙin yarda da halayen ƙarya da gano ainihin raunin da ke cikin rahotanni na atomatik.
Bukatar binciken bincike na hannu a matakin Alpha shine saboda buƙatar gano matsalolin ɓoye waɗanda ke da matsala don ganowa yayin gwaji ta atomatik. A matsayin misali na irin waɗannan matsalolin, an ambaci rashin lahani mai mahimmanci na kwanan nan a cikin Log4j, wanda ya lalata kayan aikin manyan kamfanoni masu yawa. Za a zaɓi ayyukan don tantancewa da la'akari da shawarwarin ƙwararrun al'umma da bayanai daga ƙima mai mahimmanci da ƙidayar ƙidayar da aka ƙirƙira a baya.
A matsayin tunatarwa, an ƙirƙiri OpenSSF a ƙarƙashin kulawar Gidauniyar Linux kuma tana mai da hankali kan aiki a cikin fagage kamar haɗaɗɗiyar bayyana rashin ƙarfi, rarraba faci, haɓaka kayan aikin tsaro, buga mafi kyawun ayyuka don ingantaccen ci gaba, gano barazanar da ke da alaƙa da tsaro a buɗe. Software, gudanar da aiki akan dubawa da ƙarfafa tsaro na mahimman ayyukan buɗaɗɗen tushe, ƙirƙirar kayan aiki don tabbatar da ainihin masu haɓakawa. OpenSSF na ci gaba da bunkasa ayyuka irin su Core Infrastructure Initiative da Open Source Security Coalition, da kuma haɗa sauran ayyukan da suka shafi tsaro da kamfanonin da suka shiga aikin suka yi. Kamfanonin kafa OpenSSF sun hada da Google, Microsoft, Amazon, Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, IBM, Intel, JPMorgan Chase, Morgan Stanley, Oracle, Red Hat, Snyk da VMware.
source: budenet.ru