About OpenSSF

OSS is a digital public good and as an industry, we have an obligation to address the security concerns with the community. We envision a future where OSS is universally trusted, secure, and reliable. This collaborative vision enables individuals and organizations in a global ecosystem to confidently leverage the benefits and meaningfully contribute back to the OSS community.

The OpenSSF serves as a trusted partner to affiliated open source foundations and projects and provides valuable guidance and artifacts, like the top ten Secure Software Development Guiding Principles, to those projects and foundations that encourage security by design and security by default. OpenSSF initiatives should make security easier for open source maintainers and contributors. Consumers of OSS can leverage the output of the OpenSSF to have clear, consistent, and trusted signals to better understand the security profile of OSS content. 

The OpenSSF is committed to encouraging all interested stakeholders to participate in the foundation and its  technical initiatives (TIs). The OpenSSF is viewed as an influential advocate for mutually-beneficial external efforts and an educator of policy decision makers. 

More than just advocacy to Diversity, Equity, and Inclusion (DEI) groups, the OpenSSF remains committed to directly facilitating an environment for all perspectives, all backgrounds, and equitable opportunities for global mentorship and education. The OpenSSF remains committed to continuously evolving these efforts to bring more inclusive and diverse software security education, ensuring stakeholder share opportunities to engage in and receive value from OpenSSF TIs.

The OpenSSF strategy is a set of objectives that aim to enhance the security of OSS by developing tooling and processes that make secure development easier, promote a deeper understanding of best practices, and provide support to innovative technical initiatives. The charter is the source of truth for the OpenSSF, and this strategy builds on the charter.

Objectives focus on tooling and processes designed to ensure consistency, integrity, and risk assessment that strengthen the overall security of the OSS ecosystem. This focus supports the community to develop tooling, processes, and educational assets that accelerate OSS security technical initiatives. Accomplishing these objectives will provide maintainers and contributors of OSS (of all skill levels) the ability to proactively or reactively address both existing and emergent security threats.  

The OpenSSF strategy is outlined across five key areas:

• Education and targeted communication: Develop and promote best practices, guidelines, and educational resources to enhance open source software security awareness and expertise within the ecosystem. OpenSSF advocates with targeted personas (including maintainers, contributors, and consumers) in the OSS ecosystem to improve their default security posture and catalyzes efforts to reduce or eliminate friction in achieving that state.
• Facilitate collaboration: Foster a culture of collaboration and inclusion among OSS communities, security experts, and industry stakeholders to sustainably address open source software security challenges effectively with transparent operations and governance.
• Sustainable technical innovation and enhanced delivery: Support tooling and process enhancements to existing security capabilities. Deliver new security capabilities to open source ecosystems, such as vulnerability detection, incident response, secure coding practices, and actionable standards.
• Advocacy and policy: Advocate for policies and practices that promote OSS security, working with governments, industry bodies, and other relevant organizations.
• Community engagement: Actively engage with OSS communities through events, conferences, workshops, and online platforms to foster dialogue, collaboration, and knowledge exchange.