Open Source Security Foundation to receive $10M annually from Tech giants

Open Source Security Foundation to receive $10M annually from Tech giants

The announcement comes a time when supply chain attacks have gone through the roof, leading President Joe Biden to issue an executive order back in May outlining various measures to improve the nation’s cybersecurity defenses, including securing open source software that is used within federal information systems.

The Linux Foundation has received a $10 million annual commitment from across the technology, finance, telecom, and cybersecurity industries to secure the software supply chain. The recurring investment will be targeted at the Open Source Security Foundation (OpenSSF), a cross-industry collaboration initiative launched by the Linux Foundation last August, and will be funded by most of its member organizations including Amazon, Facebook, Google, Microsoft, Ericsson, JPMorgan Chase, Red Hat, Dell, and Oracle.

Open source pioneer Brian Behlendorf, who was the principal creator of the now-omnipresent Apache web server, will also now head up the OpenSSF as the full-time general manager, tasked in the first instance with building an “effective and collaborative community.”

“My job will always be to channel the energy, enthusiasm, and resources of the individuals and organizations converging on OpenSSF into one community, into our existing working groups and projects, and into creating new projects as the opportunities and needs arise,” Behlendorf told VentureBeat.

Attacks go upstream

While it’s well documented that open source codebases contain myriad vulnerabilities, as enterprise developers have improved at keeping their software up to date with the latest components, this has apparently led attackers to go further “upstream” closer to the origins of the source code. This way, the “bad code” can propagate to the broader supply chain further downstream. A recent report from Sonatype, a software composition analysis (SCA) platform that companies use to scan their codebases for security and compliance shortfalls, found that these so-called “next generation” software supply chain attacks have increased 650% in 2021.

“Adversary attacks on popular open source code are on the rise,” Behlendorf said. “If a popular open source component has a new vulnerability discovered in it, thousands of organizations could become vulnerable through that attack vector all at once.”

There has been a marked increase in open source security activities in recent times, particularly from within “big tech,” which relies heavily on open source libraries and components. Earlier this year, Google revealed it would fund Linux kernel developers, for example, before going on to unveil a $10 billion cybersecurity commitment to support President Biden’s executive order. In the months that followed, the internet giant revealed it was sponsoring the Open Source Technology Improvement Fund (OSTIF), which is concerned with conducting security reviews in select critical open source software projects. And a couple of weeks back, Google committed $1 million to a new Linux Foundation open source security rewards program.

The OpenSSF had minimal funding for its first year in operation, something that was “not even close” to what it needed to have any meaningful impact, according to Behlendorf. “This new effort remedies that,” Behlendorf said. “In its first year, it was able to establish six critical working groups focused on providing education around secure coding practices, as well as improving automation, prioritization, and remediation of open source software vulnerabilities — the new funding will further enhance each of these efforts and support the formation of additional working groups.”

What’s perhaps most notable about the OpenSSF, beyond the $10 million cash injection it now has at its disposal, is the cross-industry input it has from some of the world’s biggest companies. And this is very much indicative of how pervasive open source software is — the vast majority of software contain at least some open source components, with the inherent vulnerabilities showing no discrimination for the industry it’s used in. Put simply, open source software affects everyone. “Developers are no longer coding 100% of their applications from scratch, and now heavily rely on these open source software components to bring new capabilities to market sooner,” Behlendorf said. “Industry has recognized that not all open source components are created equal and that they must incorporate only the safest, highest quality open source in their applications.”

The News Highlights

  • Open Source Security Foundation to receive $10M annually from Tech giants
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
The Google Pixel 6 price has been leaked, and it’s a bargain flagship at $599
Before today’s announcement, Google Pixel 6: Tensor chip, Pixel Pass, and every last-minute rumour
Google CEO Sundar Pichai previously said during an Alphabet earnings call that the fall device lineup will show Google’s “deep technology investments.” The ...
Factory closures create tough market for logging in Wisconsin
Factory closures create tough market for logging in Wisconsin
“There’s no profit anymore. The profit is gone,” said Dennis Schoeneck, who founded Rhinelander’s Enterprise Forest Products in 1978. “Like always, we keep ...
COVID and churches: lessons from the Supreme Court’s pandemic decisions
COVID and churches: lessons from the Supreme Court’s pandemic decisions
“The concept of generally applicability was always kind of a problem, but this crisis has magnified it,” he told me. During the pandemic, these battles became ...
Google continues to ignore the fact that the Pixelbook Go need an update
Google continues to ignore the fact that the Pixelbook Go need an update
A few weeks ago, several questionable claims surfaced on Twitter, claiming that a successor to either the original Pixelbook or the Pixelbook Go was in the ...
Bitcoin tops $66000, sets high, on Mainstreaming Excitement
Bitcoin tops $66000, sets high, on Mainstreaming Excitement
A day earlier, the first exchange-traded fund linked to Bitcoin attracted huge interest from investors looking to get into the surging field of ...
Paramount Images Shakes Up Business Affairs Division
Paramount Images Shakes Up Business Affairs Division
In addition, he will also lead the studio’s business development team. In this role, he will not only oversee the analysis and evaluation of all new business ...
Telegram has surpassed 1 billion downloads on Android
Telegram has surpassed 1 billion downloads on Android
And as it turns out, the whole thing helped Telegram get past the 1 billion downloads milestone in the Google Play Store, as observed by Android Police. ...
Android 12 vs. Android 11: Three new features of Google’s latest operating system
Android 12 vs. Android 11: Three new features of Google’s latest operating system
If you don’t own a Pixel and can’t wait for Google’s new OS to make its way to your device, you can download and install the Android 12 developer preview ...
Santa Clara County supervisors consider mandatory mental health treatment for people with serious illnesses |  News
Montana COVID Update; 1,333 new cases (October 19)
Gallatin County: 199 new; 553 activeYellowstone County: 180 new; 2,533 activeLewis & Clark County: 154 new; 963 activeCascade County: 153 new; 1,140 ...
Famous Leaker Unveil Console’s New Details On YouTube
Famous Leaker Unveil Console’s New Details On YouTube
Despite the fact that Nintendo released the Switch OLED earlier this month, speculations of a 4K-capable hybrid system from the Japanese gaming giant ...
Show next
Compsmag - Latest News from tech, business and health
Logo