Monday, April 19, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Uniting for better open-source security: The Open Source Security Foundation

August 4, 2020
in Internet Security
Uniting for better open-source security: The Open Source Security Foundation
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Eric S. Raymond, one of open-source’s founders, famously said, “Given enough eyeballs, all bugs are shallow,” which he called “Linus’s Law.” That’s true. It’s one of the reasons why open-source has become the way almost everyone develops software today. That said, it doesn’t go far enough. You need expert eyes hunting and fixing bugs and you need coordination to make sure you’re not duplicating work. 
 
So, it is more than past time that The Linux Foundation started the Open Source Security Foundation (OpenSSF). This cross-industry group brings together open-source leaders by building a broader security community. It combines efforts from the Core Infrastructure Initiative (CII), GitHub’s Open Source Security Coalition, and other open-source security-savvy companies such as GitHub, GitLab, Google, IBM,  Microsoft, NCC Group, OWASP Foundation, Red Hat, and VMware.
 
Since open source has become vital to technology and affects all users, the open-source supply chain of contributors and dependencies must have its security verified from start to finish. It will start doing that by unifying existing open-source security initiatives CII, which was founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition.
 
Jamie Cool, GitHub’s VP of Product Management, Security, said in a statement: 

GitHub founded the Open Source Security Coalition in 2019 to bring together industry leaders around this mission and ensure the consumption of open source software is something that all developers can do with confidence. We look forward to this next step in the evolution of the coalition, and serving as a founding member of the Open Source Security Foundation.

You might also like

Security crucial as 5G connects more industries, devices

Google releases Chrome 90 with HTTPS by default and security fixes

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

Microsoft, once an open-source enemy, is also throwing its resources behind the new foundation. Mark Russinovich, Microsoft Azure’s Chief Technology Officer, blogged, “As open source is now core to nearly every company’s technology strategy, securing open-source software is an essential part of securing the supply chain for every company, including our own. As with everything open source, building better security is a community-driven process.”

Russinovich also spelled out what you can expect to see from the OpenSSF:

Identifying security threats to open-source projects

Helping developers to better understand the security threats that exist in the open-source software ecosystem and how those threats impact specific open source projects.

Security tooling

Providing the best security tools for open source developers, making them universally accessible, and creating a space where members can collaborate to improve upon existing security tooling and develop new ones to suit the needs of the broader open source community.

Security best practices

Providing open-source developers with best practice recommendations, and with an easy way to learn and apply them. Additionally, we have been focused on ensuring best practices will be widely distributed to open source developers and will leverage an effective learning platform to do so.

Vulnerability disclosure

Creating an open-source software ecosystem where the time to fix a vulnerability and deploy that fix across the ecosystem is measured in minutes, not months.

Red Hat, a leading Linux and cloud company, agrees. Chris Wright, Red Hat’s CTO said, “Now, more than ever, is the time for us to join together with other leaders to help ensure key projects are secure and consumable in our products, across enterprises, and as part of the hybrid cloud. We are excited to help found this Open Source Software Foundation.”

“We believe open source is a public good and across every industry, we have a responsibility to come together to improve and support the security of open-source software we all depend on,” concluded Jim Zemlin, The Linux Foundation’s executive director. “Ensuring open-source security is one of the most important things we can do and it requires all of us around the world to assist in the effort. The OpenSSF will provide that forum for a truly collaborative, cross-industry effort.”
 
Moving forward, the Foundation’s governance, technical community, and its decisions will be done in a transparent way. In addition, all resulting specifications and projects will be vendor-agnostic. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open-source security for all. 
 
The group will use an open governance structure model. This includes a Governing Board (GB), a Technical Advisory Council (TAC), and a separate oversight for each working group and project. OpenSSF intends to host open-source security initiatives on GitHub.
 
Related Stories:

Credit: Zdnet

Previous Post

Machine Learning in Finance Market Set to Witness Huge Growth by 2026 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture

Next Post

Train a 3-D Object Detection Model (Point Pillars) in a Jupyter Notebook | by Anjul Tyagi | Jul, 2020

Related Posts

Security crucial as 5G connects more industries, devices
Internet Security

Security crucial as 5G connects more industries, devices

April 17, 2021
Google releases Chrome 90 with HTTPS by default and security fixes
Internet Security

Google releases Chrome 90 with HTTPS by default and security fixes

April 17, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

April 17, 2021
Google Project Zero testing 30-day grace period on bug details to boost user patching
Internet Security

Google Project Zero testing 30-day grace period on bug details to boost user patching

April 17, 2021
Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
Next Post
Train a 3-D Object Detection Model (Point Pillars) in a Jupyter Notebook | by Anjul Tyagi | Jul, 2020

Train a 3-D Object Detection Model (Point Pillars) in a Jupyter Notebook | by Anjul Tyagi | Jul, 2020

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Machine Learning Helps Optimize Therapeutic Antibodies
Machine Learning

Machine Learning Helps Optimize Therapeutic Antibodies

April 18, 2021
Researchers at MIT DAI Lab Have Recently Built Cardea: A Machine Learning Framework That Turns Health Care Data Into Insights
Machine Learning

Researchers at MIT DAI Lab Have Recently Built Cardea: A Machine Learning Framework That Turns Health Care Data Into Insights

April 18, 2021
Automating Drug Discovery With Machine Learning
Machine Learning

Automating Drug Discovery With Machine Learning

April 18, 2021
Twitter aims to fight bias by examining its own machine learning algorithms
Machine Learning

Twitter aims to fight bias by examining its own machine learning algorithms

April 18, 2021
Make Machine Learning Interpretable with Shapash
Machine Learning

Make Machine Learning Interpretable with Shapash

April 18, 2021
Why the Patent Classification System Needs an Update
Machine Learning

Why the Patent Classification System Needs an Update

April 18, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Machine Learning Helps Optimize Therapeutic Antibodies April 18, 2021
  • Researchers at MIT DAI Lab Have Recently Built Cardea: A Machine Learning Framework That Turns Health Care Data Into Insights April 18, 2021
  • Automating Drug Discovery With Machine Learning April 18, 2021
  • Twitter aims to fight bias by examining its own machine learning algorithms April 18, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates