Open source software should soon be more secure than ever

(Image credit: Shutterstock / fatmawati achmad zaenuri)

The Linux Foundation has launched a new collaborative project designed to address security vulnerabilities in open source software, bringing together some of the most influential players in technology.

The Open Source Security Foundation (OpenSSF) will see founding members - including Microsoft, Github, Google, IBM, Red Hat and JPMorgan - combine resources to tackle various security challenges specific to the open source ecosystem.

The new entity will fold together a few different overlapping initiatives, including the Open Source Security Coalition (OSSC) and the Core Infrastructure Initiative (CII), which will now operate under the umbrella of the OpenSSF.

Check out our list of the best malware removal software out there
We've built a list of the best Linux distros right now
here's our list of the best ransomware protection services around

The CII already enjoys the backing of AWS, Cisco, Qualcomm, Intel and more (on top of the support of founding members of the OpenSSF). The main difference, under the new model, is that the project will not rely exclusively on grants, but will also be funded in part by Linux Foundation membership subs.

Open source software security

According to Mark Russinovich, Microsoft Azure CTO, the new project will allow its members to better navigate the security considerations unique to the open source ecosystem.

“Open source software is inherently community-driven and as such, there is no central authority responsible for quality and maintenance. Because open source code can be copied and cloned, versioning and dependencies are particularly complex,” he wrote in a blog post.

“Open source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming maintainers of projects and introducing malware. Given the complexity and communal nature of open source software, building better security must also be a community-driven process.”

In light of this complexity, the new initiative is split into five working groups, each of which is responsible for a distinct aspect of open source security:

Vulnerability disclosures
Security tooling
Identifying threats to open source projects
Security best practices
Securing critical projects

Operating underneath the governing board of the new foundation, there exists a technical advisory committee and separate technical committees that oversee each working group.

The overarching hope is that, by consolidating various disparate projects and pooling resources, the OpenSSF will be able to address issues with open source security that could not otherwise be resolved.

Here's our choice of the best antivirus software right now

Via The Register

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest

'A whole new generation of displays': researchers develop RGB LED out of miracle material perovskite, paving the way for self sensing, solar powered displays — but its hour-long service life needs to be improved first

See more latest ►

Open source software security

Are you a pro? Subscribe to our newsletter

Most Popular