Katana VentraIP

Open Source Security Foundation

The Open Source Security Foundation (OpenSSF) is a cross-industry forum for collaborative improvement of open-source software security.[2][3] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.[4]

Abbreviation

OpenSSF

2020 (2020)

Consolidating industry efforts to improve the security of open source software

Worldwide

94[1]

History[edit]

The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project.[5][6]


In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time general manager.[7] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new general manager, and Behlendorf became CTO of the organization.[8]

Activity[edit]

Working Groups and Projects[edit]

The OpenSSF houses various initiatives under its 8 current working groups.[9][10] The OpenSSF also houses two projects: the code signing and verification service Sigstore[11] and Alpha-Omega, a large-scale effort to improve software supply chain security.[12]

Policy[edit]

The White House held a meeting on software security with government and private sector stakeholders on January 13, 2022.[13] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.[14][15] In August 2023, the OpenSSF served as an advisor for DARPA's AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity.[16] In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software.[17]

Computer security

Open Security Foundation

Official website

on GitHub

OpenSSF