The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it has raised $10 million in new investments to expand and support the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together multiple open source software initiatives under one umbrella to identify and fix cybersecurity vulnerabilities in open source software and develop improved tooling, training, research, best practices and vulnerability disclosure practices. Open source luminary Brian Behlendorf will serve the OpenSSF community as General Manager.
Financial commitments from Premier members include Amazon, Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, IBM, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk and VMware. Additional commitments come from General members Aiven, Anchore, Apiiro, AuriStor, Codethink, Cybertrust Japan, Deepfence, Devgistics, DTCC, GitLab, Goldman Sachs, JFrog, Nutanix, StackHawk, Tencent, TideLift and Wind River.
“This pan-industry commitment is answering the call from the White House to raise the baseline for our collective cybersecurity wellbeing, as well as ‘paying it forward’ to open source communities to help them create secure software from which we all benefit,” said Jim Zemlin, executive director at the Linux Foundation. “We’re pleased to have Brian Behlendorf’s leadership and extensive expertise on building and sustaining large communities and technical projects applied to this work. With the tremendous growth and pervasiveness of open source software, building cybersecurity practices and programs that scale is our biggest task at hand.”
According to industry reports (“2021 State of the Software Supply Chain,” by Sonatype), software supply chain attacks have increased 650 percent and are having a severe impact on business operations. In the wake of increasing security breaches, ransomware attacks and other cybercrimes tied to open source software, government leaders around the world are calling for private and public collaboration. Because open source software makes up at least 70 percent of all software (“2020 Open Source Security and Risk Analysis Report” by Synopsys), the OpenSSF offers the natural, neutral and pan-industry forum to accelerate the security of the software supply chain.
“There has never been a more exciting time to work in the open source community, and software supply chain security has never needed more of our attention,” said Brian Behlendorf, general manager, Open Source Security Foundation. “There is no single silver bullet for securing software supply chains. Research, training, best practices, tooling and collaboration require the collective power of thousands of critical minds across our community. Funding for OpenSSF gives us the forum and resources to do this work.”
