In Part 1, we provided a general overview of the CRA and highlighted OpenSSF’s current activities related to its implementation. In Part 2, we’ll take a closer look at the…
Read More
Growing Member Base and Launch of SOSS Community Day India Continue to Advance Open Source Software Security
Delhi, India – December 10, 2024 – The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation, helps individuals and organizations build secure software by providing guidance, tools, and best practices applicable to all software development. Today, the OpenSSF announced new members from the automotive and insurance technology industries at the first-of-its-kind Secure Open Source Software (SOSS) Community Day India. SOSS Community Day India brings together community members from across the security and open source ecosystem to share ideas and advance solutions for sustainably securing the software we all depend on, building a foundation for a more secure and innovative future.
New general member commitments come from Honda Motor Co., Ltd. and Guidewire Software, Inc. With support from these new organizations, the OpenSSF heads into the last month of 2024 with 126 members that together recognize the importance of backing, maintaining, and promoting secure open source software.
“We are excited to welcome our newest members and celebrate this milestone with the launch of the first SOSS Community Day in India,” said Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair. “India has an incredible open source ecosystem, and this event provides an opportunity to foster collaboration, address shared challenges, and ensure the security of the open source software powering the digital world. Together, we’re building a more secure and innovative future.”
SOSS Community Day India features a packed agenda with sessions led by top experts on topics like education, innovation, tooling, vulnerabilities, and threats. The event not only highlights the OpenSSF community’s ongoing work, but also provides an avenue to expand its reach through new partnerships and memberships, welcoming inquiries from potential collaborators. Participants will see how the OpenSSF community is driving improvements in open source software security and advancing its mission to create a more secure ecosystem for everyone.
General Member Quotes
Honda Motor Co., Ltd.
“Honda is pleased to be able to participate in the OpenSSF project as OSS security becomes increasingly important. In addition to contributing to the OpenSSF community, we look forward to working to strengthen OSS security across the industry in the future.” Yuichi Kusakabe, Chief Architect – IVI software PF/OSPO Tech Lead, Honda Motor Co., Ltd.
Guidewire Software, Inc.
“We’re excited to become a member of OpenSSF,” said Anoop Gopalakrishnan, vice president, Engineering, Guidewire. “This partnership reflects our continued commitment to advancing open source security and collaborating with like-minded innovators to create a more secure and resilient software ecosystem.”
Additional Resources
- View the complete list of OpenSSF members.
- Explore the SOSS Community Day India program schedule to see the lineup of sessions and speakers.
- To learn more about the OpenSSF community, including information about membership, contribution, project participation, and more, contact us here.
###
About the OpenSSF
The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org.
About the Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.
Media Contact
Jennifer Tanner
Look Left Marketing
openssf@lookleftmarketing.com
We’re excited to announce the release of the OpenSSF 2024 Annual Report, highlighting a year of significant progress, collaboration, and impact within the open source software (OSS) ecosystem. From new…
Read More
SAN FRANCISCO, Dec. 4, 2024 -- The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the release of "Census III of Free and Open Source Software – Application…
Read More
Open Source Security Foundation (OpenSSF), with its focus on securing open source software, plays a pivotal role in establishing best practices for developing secure AI systems. In 2024, the OpenSSF AI/ML…
Read More
With publishing as Regulation (EU) 2024/2847 in the Official Journal of the European Union, the Cyber Resilience Act (CRA) enters into force (EIF) on December 10, 2024. The CRA will…
Read More
The Open Source Security Foundation (OpenSSF) logo presents a compelling visual narrative featuring “Honk”, an armored goose holding a shield. This unique and creative mascot perfectly embodies the foundation's mission…
Read More
With the development of new artificial intelligence (AI) models and capabilities, attention has been drawn to their potential harms and misuse: from generating deepfakes and disinformation, algorithmic bias, or being…
Read More
OSV is an open format for describing software vulnerabilities. It provides security researchers, vendors, and consumers with an easy to understand format for exchanging vulnerability information. OSV.dev is a database…
Read More
Growing Member Base and New Initiatives Continue to Advance Open Source Software Security
TOKYO, JAPAN – October 30, 2024 – The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), is excited to announce new members from leading technology, security, and research firms. The OpenSSF is also thrilled to host Secure Open Source Software (SOSS) Community Day at Open Source Summit Japan 2024, bringing together community members, maintainers, and contributors from across the globe.
New general member commitments from Arm, embraceable AI and Fujitsu along with new associate member commitments from Ruby Central and Trifecta Tech further strengthen the support for open source software security. With backing from these new organizations, the OpenSSF heads into the final quarter of 2024 with a robust member base dedicated to promoting a strong, vibrant, and secure open source software ecosystem.
“The addition of our newest members to the OpenSSF highlights the growing global commitment to strengthening open source software security,” said Arun Gupta, Vice President and General Manager, Developer Programs at Intel and OpenSSF Governing Board Chair. “By joining forces, we can address security challenges, foster innovative solutions, and build a safer digital future for everyone. With the support of these new members, we are further enabled to drive forward our shared mission.”
To celebrate its growing community, the OpenSSF is hosting SOSS Community Day Japan at Open Source Summit Japan 2024. SOSS Community Day Japan is an opportunity for community members from across the open source security ecosystem to come together and share ideas. With an agenda packed with sessions led by industry experts, the event will cover critical topics like education, innovation, tooling, vulnerabilities, and threats, showcasing the ongoing efforts of the OpenSSF community to enhance open source software security.
General Member Quotes
Arm
“At Arm, we recognize that collaboration is key to advancing the security of the global software ecosystem. By joining OpenSSF, we look forward to contributing to its mission of raising the bar on open source software security and underscoring our dedication to fostering standardization across the industry to give developers the confidence and tools they need to innovate.”
— Andrew Wafaa, Senior Director and Fellow, Software Communities, Arm
embraceable AI
“Security in the realm of AI is not just a feature; it’s the foundation of trust. As we empower enterprises with intelligent services, we prioritize safeguarding data and ensuring privacy, so our clients can innovate fearlessly.”
— Dr.-Ing. Christian Gilcher, General Manager, embraceable AI
Fujitsu
“Fujitsu is proud to have achieved conformance with OpenChain ISO/IEC 18974, demonstrating our commitment to open source compliance and excellence. Our next step is to join the OpenSSF. We take our dedication a step further to enhance the security and trustworthiness of the global software supply chain. Open source software is a key driver of innovation, and we look forward to collaborating with the OpenSSF community to ensure the resilience and transparency of the technologies shaping our future.”
— Teppei Asaba, Senior Director, Mission Critical System Business Unit, Fujitsu Limited
Associate Member Quotes
Ruby Central
“Joining OpenSSF aligns perfectly with Ruby Central’s commitment to advancing the security of open source ecosystems. By collaborating with OpenSSF and its community of forward-thinking organizations, we’re excited to bring our expertise from the Ruby ecosystem and work together on solutions that enhance the security and sustainability of open source software for all developers.”
— Marty Haught, Interim Open Source Lead, Ruby Central
Trifecta Tech
“We are excited to join the OpenSSF as an associate member as we continue to actively contribute to the security of the open source software we all rely on. Trifecta Tech Foundation is a non-profit working on safer software for the underlying infrastructure of the Internet and vital systems for water, energy, and communication. We develop and maintain open source software and contribute to open standards for these essential systems. Our projects include memory-safe alternatives to critical pieces of software like sudo, the Network Time Protocol, and zlib.”
— Erik Jonkers, Chair, Trifecta Tech Foundation
New Initiatives
In addition to welcoming new members, OpenSSF is excited to announce several new initiatives aimed at bolstering open source software security.
Minder: contributed by Stacklok, is now a sandbox project within OpenSSF. Minder simplifies the integration and use of powerful security tools like OSV, OpenSSF Scorecard, and Sigstore, allowing developers and security teams to establish policies on code repositories and dependencies, reducing risk before and after code is merged.
bomctl: A format-agnostic Software Bill of Materials (SBOM) tooling project introduced in September 2024, aimed at enhancing SBOM generation and management across various formats.
Zarf: created by Defense Unicorns, launched in July 2024, Zarf is a free, open source tool enabling continuous software delivery on systems disconnected from the internet, facilitating secure software distribution in air-gapped environments.
These new initiatives demonstrate the OpenSSF’s continued dedication to fostering innovation and providing tools to enhance open source software security across diverse use cases.
Additional Resources
- View the complete list of OpenSSF members.
- To learn more about the OpenSSF community, including information about membership, contribution, project participation, and more, contact us.
###
About the OpenSSF
The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit openssf.org.
About the Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page. Linux is a registered trademark of Linus Torvalds.
Media Contact
Jennifer Tanner
Look Left Marketing
openssf@lookleftmarketing.com