[an error occurred while processing the directive]
RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Open Source Security Foundation OpenSSF

Company

Content

Owners

+ Nadella Satya (Satya Nadella)

History

2020: Creation of the organization

At the beginning of August, 2020 Microsoft, Google, Red Hat, IBM and several other technology companies started  the Open Source Security Foundation organization  (OpenSSF)  which participants will deal with security issues of the open source software. This alliance is created under Linux Foundation wing.

The main objective of OpenSSF is that to simplify efforts of the industry on protection of the products Open Source, having integrated the most popular projects and the companies involved in these initiatives. Founders of OpenSSF note what software with open source codes became the widespread phenomenon in the technology industry and is used everywhere: from data centers to the consumer equipment.

Microsoft, Google and IBM created the organization for protection of the open source software against viruses

As explained in Microsoft,  the open community in the absence of the uniform center which is responsible for  its quality and  maintenance is engaged in development of software of Open Source. And  as the source code is exposed to copying and  modification, process of management of versions  becomes complicated and increases risk of implementation of harmful elements. It causes need of creation by common efforts of methods of increase in security of the open source software, noted in the company.

Under OpenSSF aegis , in particular, the Core Infrastructure Initiative project which became reaction to  opening in   2014 to notorious vulnerability of Heartbleed in  the Open SSL protocol  and also the Open Source Security Coalition organization founded in   2019   at the initiative of GitHub Security laboratory passes.

In addition, it is going to use when developing the open source software the protected assembly systems. OpenSSF will work on the coordinated disclosure of information on vulnerabilities, development of instruments of security and mechanisms of protection of software against viruses.[1]

Notes