I-OpenSSF (Open Source Security Foundation) yethule iphrojekthi ye-Alpha-Omega, okuhloswe ngayo ukuthuthukisa ukuphepha kwesofthiwe yomthombo ovulekile. I-Google ne-Microsoft bazohlinzeka ngemali yokuqala eyizigidi ezi-5 zamaRandi ukuze kuthuthukiswe iphrojekthi kanye nabasebenzi ukuze baqalise lolu hlelo. Ezinye izinhlangano nazo ziyamenywa ukuba zibambe iqhaza, kokubili ngabasebenzi bonjiniyela nangoxhaso lwezimali, oluzosiza ukwandisa inani lamaphrojekthi omthombo ovulekile ahlanganiswa yilolu hlelo. Ngaphezu kwalokho, ekupheleni konyaka odlule, kwabelwa izigidi eziyishumi zamaRandi emsebenzini we-OpenSSF Foundation; ukuthi lezi zimali zizosetshenziselwa umkhankaso we-Alpha-Omega akukacaciswa yini.
Iphrojekthi ye-Alpha-Omega iqukethe izingxenye ezimbili:
- Ingxenye ye-Alpha yephrojekthi ihilela ukwenza ukuhlolwa kokuphepha okwenziwa ngesandla kwamaphrojekthi omthombo ovulekile asetshenziswa kabanzi angama-200, adume kakhulu ngokuya ngokusetshenziswa kwawo njengokuncika noma ezintweni zengqalasizinda. Lo msebenzi uzokwenziwa ngokubambisana nabanakekeli futhi uzobandakanya ukuhlaziywa kwekhodi okuhlelekile ukuze kutholakale ubungozi obusha futhi bulungiswe ngokushesha.
- Ingxenye ye-Omega igxile ekuhloleni okuzenzakalelayo kwamaphrojekthi angu-10 wemithombo evulekile edume kakhulu. Ithimba lonjiniyela elizinikele lizokwakhiwa ukuze lihlole, licwenge izindlela ezisetshenzisiwe, lihlaziye imiphumela yokuhlolwa, lidlulise ulwazi kubathuthukisi bephrojekthi, futhi lihlanganise imizamo yokubambisana yokuxazulula izinkinga ezibucayi. Umsebenzi oyinhloko waleli qembu kuzoba ukuhlunga amaphuzu angamanga nokuhlonza ubungozi bangempela emibikweni ezenzakalelayo.
Ukucwaningwa kwamabhuku okwenziwa esiteji se-Alpha kuyadingeka ukuze kukhonjwe izinkinga ezifihliwe okunzima ukuzibona ngokuhlolwa okuzenzakalelayo. Ubungozi bakamuva obubalulekile ku-Log4j, obufaka engcupheni ingqalasizinda yezinkampani ezinkulu, kushiwo njengesibonelo sezinkinga ezinjalo. Amaphrojekthi okucwaningwa kwawo azokhethwa ngokusekelwe ezincomweni ezivela kumphakathi wochwepheshe kanye nedatha evela ezilinganisweni ezihlanganiswe ngaphambilini ze-Critically Score kanye ne-Census.
Ake sikukhumbuze ukuthi i-OpenSSF Foundation yasungulwa ngaphansi kwenhlangano Linux I-OpenSSF Foundation igxile ekudalulweni kobuthakathaka okuhlelekile, ukusatshalaliswa kwama-patch, ukuthuthukiswa kwamathuluzi okuphepha, ukushicilela imikhuba emihle kakhulu yentuthuko ephephile, ukuhlonza izinsongo zokuphepha kusofthiwe yomthombo ovulekile, ukuhlola nokuqinisa amaphrojekthi abalulekile omthombo ovulekile, nokudala amathuluzi okuqinisekisa ubunikazi babathuthukisi. I-OpenSSF yakhela ezinhlelweni ezifana ne-Core Infrastructure Initiative kanye ne-Open Source Security Coalition futhi ihlanganisa eminye imisebenzi ehlobene nokuphepha eyenziwe yizinkampani ezijoyine iphrojekthi. Izinkampani ezisungule i-OpenSSF zifaka phakathi i-Google, i-Microsoft, i-Amazon, i-Cisco, i-Dell Technologies, i-Ericsson, i-Facebook, i-Fidelity, i-GitHub, i-IBM, i-Intel, i-JPMorgan Chase, i-Morgan Stanley, i-Oracle, i-Red Hat, i-Snyk, kanye ne-VMware.
Source: opennet.ru
