SAN FRANCISCO, Aug. 17, 2022 — The Open Supply Safety Basis (OpenSSF), a cross-industry group hosted on the Linux Basis that brings collectively the world’s most necessary software program provide chain safety initiatives, on Wednesday introduced 13 new members from main monetary providers, know-how, employment, software program improvement, cybersecurity, telecommunications, and tutorial sectors.
New premier member, Capital One, joins the OpenSSF Governing Board. New common member commitments come from Akamai, Certainly, Kasten by Veeam, Scantist, SHE BASH, Socket Safety, Sysdig, Timesys, and ZTE Company. New affiliate members embody Eclipse Basis, Purdue College, and TODO Group. “We’re excited to welcome new members to the OpenSSF,” says Brian Behlendorf, Basic Supervisor of OpenSSF. “As open supply software program safety vulnerabilities proceed to attract consideration from governments and companies all over the world, curiosity within the work of the OpenSSF has been quickly growing.”
“A rising group of organizations, builders, researchers, and safety professionals are investing the time and sources wanted to strengthen open supply safety,” mentioned Jamie Thomas, OpenSSF Board Chair and IBM Enterprise Safety Government. “New members of OpenSSF are becoming a member of at a time when cross-industry collaboration and innovation are wanted greater than ever to proactively reply to pervasive cybersecurity threats.”
Resolving the systemic points that led to main safety vulnerabilities just like the Log4shell incident emphasizes the urgency and significance of the work of OpenSSF. A latest Cyber Security Assessment Board report declared that Log4j has develop into an “endemic vulnerability” that can be exploited for years to return and that the 10-point mobilization plan launched earlier this yr on the Open Supply Software program Safety Summit II by the OpenSSF will enhance the resiliency and safety of open supply software program.
OpenSSF will host a full day of periods on Tuesday, Sept. 13, at OpenSSF Day EU on the eve of Open Supply Summit Europe (OSS EU) in Dublin. Working Group leaders and group members will host periods, panels, and hearth chats about ongoing work to safe the software program provide chain and the way forward for open supply safety. Registration and attendance are free for all these attending the OSS EU.
Premier Member Quote
Capital One
“At this time a few of the most groundbreaking digital experiences created for purchasers are primarily based on open supply software program. As an organization that broadly adopts this know-how, Capital One is extremely proud to affix the OpenSSF and the world’s know-how leaders as we collaborate to strengthen the software program safety provide chain. As a extremely regulated firm, we’re seasoned in managing compliance and governance and advocate for standardization, automation and collaboration. We look ahead to working collectively to determine options that advance the OpenOSSF mission and provides again to the open supply group.”
- Chris Nims, EVP of Cloud & Productiveness Engineering at Capital One
Basic Member Quotes
Akamai
“Enhancing the safety of open supply software program — so central to the web ecosystem — is without doubt one of the most important safety challenges we face immediately. Solely by gaining visibility into the community and the software program provide chain can we reliably tackle safety flaws after they happen on the code stage. The know-how group should assist the open supply communities we rely on with monetary and technological sources to restrict our collective danger. As a number one safety and cloud providers supplier, we look ahead to contributing to the Open Supply Safety Basis and serving to to advance this necessary work.”
- Robert Blumofe, EVP and CTO, Akamai
Kasten by Veeam
“We’re honored to be a part of the Open Supply Safety Basis (OpenSSF) and champion this initiative alongside our friends. Kasten by Veeam has an open supply heritage, and with Kubernetes knowledge safety as our core providing, safety stays a vital underpinning for Kasten K10 design and implementation. As Kubernetes adoption continues to gasoline Digital Transformation journeys for enterprises, extra consideration is rightfully being positioned on safety, particularly with the inexorable rise of ransomware assaults. Kasten by Veeam is dedicated to making sure the safety and knowledge safety of cloud native environments to raised shield enterprise purposes.”
- Gaurav Rishi, Vice President of Merchandise and Partnerships at Kasten by Veeam
Scantist
“On one hand, the software program {industry} is benefiting considerably from the fast progress of open supply, which has develop into the fundamental constructing blocks of the digital world. Then again, open supply safety is changing into extra vital and all these dangers are multiplied by the interdependent nature of open supply. Now as a member of OpenSSF, we wish to contribute to the OpenSSF missions primarily based on our latest analysis on open supply ecosystem evaluation to supply a quantitative view to grasp the complexity and safety of open supply. We need to develop into the lively participant, evangelist and ambassador for OSS governance in southeast Asia to advertise open supply software program provide chain safety.”
- Dr. Liu Yang,Professor at Nanyang Technological College, Singapore and Co-Founding father of Scantist
SHE BASH
“Since our inception, SHE BASH has witnessed quite a lot of predatory {industry} practices that get shielded from intensive scrutiny by way of the protecting veil of closed supply. At our core, open supply software program is a public establishment that permits everybody to construct their future.
“The mix of many years of apathy and the inducement mechanisms that maintain a tradition of ‘do not care’ has allowed our firm to face out amongst tech’s largest and most culpable firms. We now have at all times thought-about ‘finest follow first’ as one of many major worth propositions we will present as an organization, albeit a small one. Open Supply Software program offered us the extent taking part in area to make variations in key technological shifts inside the public sector, and the evolution of those shifts are the event of finest practices born from the open supply that sustains all software program life immediately. It is a true honor to be of help to the work OpenSSF is resulting in treatment massive structural errors that grew from many years of neglect.”
- Cameron Banowsky, Co-founder and CTØ, SHE BASH
Socket Safety
“As maintainers of open supply packages that are put in over 1 billion occasions monthly, the Socket crew is intimately accustomed to the large progress in open supply dependency utilization. Trendy purposes use hundreds of dependencies written by tons of of maintainers, and putting in even one package deal results in dozens of transitive dependencies coming alongside for the trip. Sadly, it’s far too straightforward for a nasty actor to infiltrate the software program provide chain and wreak havoc. That is why Socket is proud to affix OpenSSF and do our half to make open supply secure for everybody with our industry-leading strategy to software program composition evaluation which is utilized by hundreds of firms to detect and stop provide chain assaults. The Socket crew is worked up to work with different OpenSSF member firms to safeguard the open supply ecosystem for everybody.”
- Feross Aboukhadijeh, Founder and CEO, Socket Safety
Sysdig
Sysdig is proud to be a part of OpenSSF and work collectively to assist information open supply safety requirements and safe the software program provide chain. As a cloud safety firm constructed on open supply, we imagine the {industry} should come collectively to strengthen software program for the frequent good. Having created and contributed Falco to the CNCF to assist safe the runtime, we look ahead to persevering with open collaboration within the OpenSSF. The way forward for safety is open, and what we do now will form software program perpetually.”
- Edd Wilder-James, Vice President, Open Supply Ecosystem at Sysdig
Timesys
“With software program provide chain breaches up greater than 650%, securing the software program provide chain is an enormous focus. We have been working for greater than 5 years growing know-how to assist safe, monitor, and keep open source-based embedded Linux and Android gadgets from exposures and vulnerabilities. We’re so excited to be becoming a member of up on this group effort with OpenSSF and to be part of the Linux Basis once more. By sharing know-how and collaborating to construct ecosystems that speed up open-source know-how improvement, gadget producers and shoppers in every single place will be capable of relaxation simpler realizing they’re safe.”
- Atul Bansal, CEO of Timesys
ZTE Company
“We’re very happy to affix the OpenSSF. As a world-leading communication tools producer, increasingly more open supply software program is utilized by us. Whereas actively embracing open supply software program, it additionally brings unprecedented dangers to software program provide chain safety. ZTE Company has made many efforts to manage and handle dangers, and regard them as our high precedence. After becoming a member of the OpenSSF, ZTE Company works with a gaggle of members with comparable visions and targets to advertise the event of open supply software program provide chain in direction of a safer route.”
- Xiang Shuming, Director of OSS Compliance and Safety Governance, ZTE Company
Extra Assets
- View the whole listing of the 89 OpenSSF members
- Watch the latest August OpenSSF City Corridor
- Contribute efforts to a number of of the lively OpenSSF working teams and initiatives
About OpenSSF
The Open Supply Safety Basis (OpenSSF) is a cross-industry group hosted by the Linux Basis that brings collectively the {industry}’s most necessary open supply safety initiatives and the people and firms that assist them. The OpenSSF is dedicated to collaboration and dealing each upstream and with present communities to advance open supply safety for all. For extra info, please go to us at: openssf.org.
Concerning the Linux Basis
Based in 2000, the Linux Basis and its initiatives are supported by greater than 2,950 members. The Linux Basis is the world’s main residence for collaboration on open supply software program, {hardware}, requirements, and knowledge. Linux Basis initiatives are vital to the world’s infrastructure together with Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and extra. The Linux Basis’s methodology focuses on leveraging finest practices and addressing the wants of contributors, customers, and answer suppliers to create sustainable fashions for open collaboration. For extra info, please go to us at linuxfoundation.org.
