Joining Microsoft in the Open Source Security Foundation (OSSF) are Red Hat, Google, JPMC, IBM, NCC Group, and OWASP Foundation. Microsoft’s own GitHub is also a part of the group. Announced Monday, the collective of tech companies are also joined by the JPMorgan Chase banking firm. All of the foundation is hosted at the Linux Foundation. In the announcement, the group said the intention is connect and secure software by leveraging the Linux Foundation. For example, the “Core Infrastructure Initiative (CII)” and the “GitHub-initiated Open Source Security Coalition (OSSC),” are part of the initiative. In a confirmation post, Microsoft’s chief technology officer Mark Russinovich says the foundation will “improve the security of open source software by building a broader community, targeted initiatives and best practices.” “Given the complexity and communal nature of open source software, building better security must also be a community-driven process.”
Securing Open Source Projects
For a list of current project being looked at by the Open Source Security Foundation, head to the official GitHub page. Russinovich explains securing open source software can benefit every company in the foundation, as well as users: “Open source software is core to nearly every company’s technology strategy and securing it is an essential part of securing the supply chain for every company, including our own. With the ubiquity of open source software, attackers are currently exploiting vulnerabilities across a wide range of critical services and infrastructure, including utilities, medical equipment, transportation, government systems, traditional software, cloud services, hardware and IoT.”