YOKOHAMA, Japan, Dec. 5, 2022 — The Open Supply Safety Basis
(OpenSSF), a cross-industry group hosted on the Linux Basis that brings collectively the world’s most essential software program provide chain safety initiatives, in the present day introduced many new members from main know-how companies in sectors that span software program improvement, cybersecurity, knowledge science, platform-as-a-service, semiconductors, finance, suppose tanks, lecturers, and extra, bringing the entire variety of OpenSSF members to over 100.
New common member commitments embody these from Airbyte, Anaconda, BoostSecurity, ControlPlane, Cybozu, Docker, Endor Labs, FOSSA, HackerOne, Phylum, Qualys, Path of Bits, VicOne, and AMD Xilinx. New affiliate members embody FS-ISAC, OpenForum Europe, and Nanyang Technological College.
“We’re delighted to welcome new members to the OpenSSF,” says Brian Behlendorf, Common Supervisor of OpenSSF. “As assaults proceed to focus on crucial infrastructure, each {industry} and governments all over the world are paying consideration and are proactively looking for methods to enhance the safety posture of the open supply software program all of us depend upon.”
The newest commitments comply with a productive interval for OpenSSF wherein the inspiration has introduced Sigstore
common availability, new investments from Alpha-Omega, new options from Scorecards, concise guides for growing safer software program and evaluating open supply software program from the Finest Practices Working Group, an expanded set of technical initiatives with a brand new Finish Customers Working Group, Software program Invoice of Supplies (SBOM) All over the place Particular Curiosity Group (SIG), Safe Provide Chain Consumption Framework SIG, and rather more.
On Dec. 5, OpenSSF hosts the OpenSSF Day Japan
on the Open Supply Summit Japan in Yokohama, the place neighborhood members lead periods about ongoing work to safe the software program provide chain and the way forward for open supply safety. As a part of this convention, OpenSSF declares that the free Creating Safe Software program
coaching course targeted on the basics of growing safe software program is now accessible in Japanese.
Common Member Quotes
Airbyte
“We’re excited to affix the Open Supply Safety Basis’s rising neighborhood. As a knowledge infrastructure firm that’s each a consumer of open supply software program and a bunch of a thriving open supply venture, Airbyte is especially delicate to the information safety wants that exist up and down the provision chain. We’re as thrilled to be collaborating on the evolution of open supply safety requirements as we’re to assist and be taught from the experiences of others within the OpenSSF community.”
- Patsy Bailin, Head of Knowledge Coverage, Airbyte
Anaconda
We’re excited to be a sponsor and contributing member of this essential basis. We’re dedicated to securing open supply software program and offering maintainers, customers, and directors the instruments wanted to safe open supply. With greater than 30 million customers of Anaconda Distribution and our repository of packages constructed from supply, we’re extremely devoted to the development of the open-source neighborhood and acknowledge, as do the opposite members of this basis, that it’s going to take all of us working collectively within the open to safe the way forward for open-source software program.
- Stephen Nolan, SVP of Product, Anaconda
BoostSecurity
“The software program provide chain, and specifically, the open supply ecosystem – finds itself in the present day in entrance an enormous problem: methods to safe, and regain belief, within the software program that the world makes use of…Fixing it will require a lot of innovation, collaboration amongst, and dedication to maintain ‘chipping away at it’ – one piece at a time. BoostSecurity believes that software program provide chain safety must be accessible, and consumable – by firms of all sizes and in any respect ranges of safety maturity and capabilities, and are proud to do our half on this endeavour. We’re wanting to work with the OpenSSF and its member firms to make the world’s software program manufacturing unit safer.”
- Zaid Al Hamami, Founder and CEO, BoostSecurity
ControlPlane
“Open supply software program is the engine of innovation for enterprises and governments throughout the globe. Its proliferation brings alternative, however will increase publicity within the face of the fashionable risk panorama. ControlPlane is dedicated to advancing cross-industry collaboration by way of the OpenSSF to systematically scale back threat for a safer technological future.”
- Andrés Vega, Vice President of Operations, North America, ControlPlane
Cybozu
“As an organization whose imaginative and prescient is to construct a society brimming with teamwork, we’re excited to be becoming a member of OpenSSF to work collectively to strengthen the safety of the open supply software program ecosystem. The problem isn’t just to make our cloud service safe, however to collaborate throughout the {industry} to enhance the safety of the software program provide chain as a complete. We stay up for working with OpenSSF members on this venture and constructing a safer future.”
- Takuya Yoshikawa, Cloud Service Division Supervisor, Cybozu
Docker
“Docker has been engaged on provide chain safety for a few years, and is happy to affix OpenSSF to work extra intently with the communities there. As a developer targeted firm with many hundreds of thousands of customers and prospects, Docker recognises that safety work falls to builders to implement, and so they need assistance, assist and tooling to enhance the safety of the world’s software program that they develop and eat. Docker has been working with upstream open supply communities for a few years, by way of initiatives like Docker Official Pictures and Docker Verified Publishers which might be used and trusted by hundreds of thousands of builders. Becoming a member of OpenSSF is a part of our dedication to broaden the work we’re doing on this area, and work much more intently with the opposite communities and corporations concerned within the important work of securing open supply software program.”
- Justin Cormack, CTO, Docker
Endor Labs
“Eighty % of the code in trendy purposes is code your builders didn’t write however depend upon by way of open supply packages. When our founding crew was main the Prisma Cloud engineering group at Palo Alto Networks, we realized the true magnitude of this problem. Our mission now could be to allow OSS to stay as much as its true potential with out introducing pointless threat. It’s thrilling to as soon as once more take a brand new strategy to the market, and we consider these options will radically improve software improvement in every single place. The OpenSSF is main the cost on open supply safety. They’re establishing a trust-based partnership with any group that depends on open supply, with the purpose of creating open supply use scalable and safe, whereas serving to the neighborhood thrive. These beliefs align completely with ours, which is why we’re so excited for this partnership.”
- Varun Badhwar, CEO and Co-Founder, Endor Labs
FOSSA
“FOSSA is proud to affix the 100+ different members of the OpenSSF neighborhood in our shared mission to advance open supply safety. We’re excited to get to work with the opposite exceptional leaders within the basis, and share our experience throughout the software program provide chain, particularly mitigating the dangers related to open supply license violations and safety vulnerabilities. Every little thing we do at FOSSA is for the love of open supply, and in assist of the huge optimistic influence it has on innovation and equality for our prospects. Our assist for and participation in OpenSSF is one other instance of that dedication.”
- Kenaz Kwa, VP of Product, FOSSA
HackerOne
“Open supply software program is foundational to our digital world and, simply as all of us profit from open supply, we should collectively contribute to its safety. Log4Shell demonstrated the devastating influence of open supply vulnerabilities, if not correctly addressed, on organizations and their software program provide chains. For too lengthy, solely a small however very important group of volunteers have helped safe open-source tasks for the whole web. We launched the Web Bug Bounty to fund the safety of open-source tasks to deal with this problem, and we view OpenSSF as a crucial teammate in constructing towards the identical imaginative and prescient of a safer web. We’re proud to affix OpenSSF and assist venture maintainers, builders, and safety groups to scale back the influence of Log4Shell and vulnerabilities prefer it.”
- Kayla Underkoffler, Senior Safety Technologist, HackerOne
Phylum
“We’re excited to be a contributing member of the Linux Basis and to assist OpenSSF’s mission. At Phylum, we’re doing our half to safe the universe of code by automating software program provide chain safety to dam new dangers, prioritize present points and permit organizations to solely use open-source code that they belief.”
- Patrick Sheehan, CRO, Phylum
Path of Bits
“Open-source software program is on the very core of Path of Bits. We make our instruments open supply with the aspiration that organizations can use them to sort out their safety challenges, together with these inside the software program provide chain. When our engineers and researchers work on an issue, it’s doubtless that the answer will profit the whole neighborhood, not only a given buyer. We take into account it of strategic significance that we make our in-house data accessible, so points may be solved at-large. To that finish, we’ve constructed instruments that mechanically construct a dependency graph and SBOM, discover numerous points in Python, and allow code signing and verification. We plan to construct on these accomplishments as a common member of OpenSSF, and stay up for collaborating with different organizations within the pursuit of creating open-source software program as safe as attainable.“
- Dan Guido, CEO, Path of Bits
VicOne
“Trendy digital automobiles undertake increasingly more open supply software program and it’s turning into an everyday goal of hackers. The safety considerations have been raised in rules, akin to UN R155, ISO/SAE 21434. Powered by Pattern Micro’s 30+ years of expertise in cybersecurity, VicOne, as an automotive cybersecurity professional, will assist our OEM/Tier-1 prospects to strengthen knowledge safety practices and adjust to worldwide requirements and rules together with proactive monitoring new cybersecurity incidents, open supply vulnerability evaluation, prioritization, and SBOM administration.”
- Terence Wang, Director of Product Administration, VicOne Inc.
AMD Xilinx
“AMD is happy to affix the Open Supply Safety Basis to contribute to and keep on high of the newest open supply safety requirements, together with tooling, greatest practices, and different requirements. AMD is dedicated to driving the adoption of open supply software program and becoming a member of OpenSSF might be crucial to serving to to make sure that AMD’s open supply software program releases are utilizing the newest safety requirements accepted by the open supply neighborhood. It should additionally present extra confidence for our prospects that not solely is our software program open sourced, however can be safe.”
- Nathan Menhorn, Sr. Product Safety Engineer, AMD
Further Assets
-
View
the entire record of OpenSSF members -
Contribute efforts
to a number of of the lively OpenSSF working teams and tasks
About OpenSSF
The Open Supply Safety Basis (OpenSSF) is a cross-industry group hosted by the Linux Basis that brings collectively the {industry}’s most essential open supply safety initiatives and the people and corporations that assist them. The OpenSSF is dedicated to collaboration and dealing each upstream and with present communities to advance open supply safety for all. For extra info, please go to us at: openssf.org.
In regards to the Linux Basis
Based in 2000, the Linux Basis and its tasks are supported by greater than 2,950 members. The Linux Basis is the world’s main dwelling for collaboration on open supply software program, {hardware}, requirements, and knowledge. Linux Basis tasks are crucial to the world’s infrastructure together with Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, PyTorch, and extra. The Linux Basis’s methodology focuses on leveraging greatest practices and addressing the wants of contributors, customers, and answer suppliers to create sustainable fashions for open collaboration. For extra info, please go to us at: linuxfoundation.org.
