The Linux Foundation announced today that it has raised $ 10 million in new investments to expand and support its Open Source Security Foundation project.
Funding was provided by members of the foundation. The long list: Dell Technologies Inc., Telefonaktiebolaget LM Ericsson, Facebook Inc., Fidelity Investments Inc., GitHub Inc., Google LLC, International Business Machines Corp., Intel Inc., JPMorgan Chase & Co., Microsoft Corp., Morgan Stanley, Oracle Corp., Red Hat Inc., Snyk Inc., VMware Inc., Anchore Inc., Apiiro LLC, AuriStar Technologies Inc., Deepfence Inc., Devgistics, GitLab Inc., Nutanix Inc., Tidelift Inc. and Wind River Systems Inc.
The Open Source Security Foundation, launched earlier this year as a Linux Foundation project, is a cross-industry collaboration bringing together several open source software initiatives to identify and fix cybersecurity vulnerabilities in open source software. OpenSSF is also developing improved tools, training, research, best practices and procedures for vulnerability disclosure.
OpenSSF hosts a variety of open source software, open standards, and other open content works to improve security. A security scorecard, a fully automated tool that evaluates key checks related to software security, and a Best Practices Badge, a set of best practices from the Core Infrastructure Initiative for producing high-quality secure software, deserve special mention.
Additional offerings include security policies, a security framework to improve the integrity of the software supply chain, free training, vulnerability disclosure, package analysis, security reviews and research.
The security problems with open source software are known. Open source software is often used in commercial software and leads to vulnerabilities. At the Black Hat conference in August, open source software was identified as a critical cybersecurity risk: With a constantly changing list of open source maintainers, security can easily fall through the cracks.
According to the Linux Foundation, the OpenSSF offers a natural, neutral and cross-industry forum to accelerate the security of the open source software supply chain.
“This industry-wide commitment is in line with the White House’s call to build the foundation for our collective wellbeing in the area of cybersecurity and to pass it on to open source communities to help them develop secure software that benefits us all,” said Jim Zemlin, executive director of the Linux Foundation, said in a statement. “With the tremendous growth and proliferation of open source software, our greatest job is to develop scalable cybersecurity practices and programs.”