OpenSSF Membership Exceeds 100 with Many New Members Dedicated to Securing Open Source Software

“We are delighted to welcome new associates to the OpenSSF,” states Brian Behlendorf, Basic Supervisor of OpenSSF. “As attacks proceed to focus on vital infrastructure, both of those field and governments close to the globe are spending focus and are proactively in search of ways to strengthen the security posture of the open source software package we all depend on.”

The most up-to-date commitments comply with a effective interval for OpenSSF in which the foundation has declared Sigstore basic availability, new investments from Alpha-Omega, new functions from Scorecards, concise guides for establishing much more safe computer software and evaluating open up source software package from the Best Practices Doing work Group, an expanded established of technological initiatives with a new Stop Customers Operating Team, Application Invoice of Materials (SBOM) Everywhere Specific Interest Group (SIG), Safe Offer Chain Consumption Framework SIG, and significantly far more.

These days, OpenSSF hosts the OpenSSF Day Japan at the Open Resource Summit Japan in Yokohama where by neighborhood users lead sessions about ongoing do the job to protected the software source chain and the future of open up source stability. As aspect of this meeting, OpenSSF announces that the cost-free Building Protected Software package education course concentrated on the fundamentals of establishing protected application is now available in Japanese.

Normal Member Quotes

Airbyte

“We are excited to be a part of the Open Resource Protection Foundation’s increasing community. As a info infrastructure corporation that is each a person of open supply program and a host of a thriving open up resource venture, Airbyte is significantly sensitive to the knowledge security requirements that exist up and down the source chain. We are as thrilled to be collaborating on the evolution of open up source security expectations as we are to support and discover from the ordeals of other people in the OpenSSF community.”

–       Patsy Bailin, Head of Data Policy, Airbyte

Anaconda

We are energized to be a sponsor and contributing member of this essential basis. We are fully commited to securing open up supply software and providing maintainers, buyers, and administrators the applications needed to secure open up resource. With much more than 30 million consumers of Anaconda Distribution and our repository of packages developed from supply, we are hugely focused to the development of the open-resource community and acknowledge, as do the other members of this foundation, that it will choose all of us working together in the open to safe the long term of open-resource software program.

–       Stephen Nolan, SVP of Item, Anaconda

BoostSecurity

“The program offer chain, and in individual, the open up source ecosystem – finds alone today in entrance a major obstacle: how to safe, and get back believe in, in the software that the planet uses…Solving this will demand plenty of innovation, collaboration amongst, and resolve to hold ‘chipping absent at it’ – a single piece at a time. BoostSecurity believes that software package provide chain safety must be obtainable, and consumable – by firms of all sizes and at all degrees of security maturity and capabilities, and are happy to do our portion in this endeavour. We are keen to function with the OpenSSF and its member businesses to make the world’s computer software manufacturing facility additional protected.”

–       Zaid Al Hamami, Founder and CEO, BoostSecurity

ControlPlane

“Open resource computer software is the motor of innovation for enterprises and governments throughout the world. Its proliferation provides opportunity, but increases exposure in the deal with of the modern-day risk landscape. ControlPlane is fully commited to advancing cross-industry collaboration via the OpenSSF to systematically cut down danger for a extra protected technological long run.”

–       Andrés Vega, Vice President of Operations, North The usa, ControlPlane

Cybozu

“As a company whose eyesight is to create a culture brimming with teamwork, we are energized to be joining OpenSSF to perform jointly to fortify the protection of the open up resource computer software ecosystem. The problem is not just to make our cloud provider protected, but to collaborate throughout the marketplace to increase the security of the software program provide chain as a complete. We glance forward to doing the job with OpenSSF associates on this project and setting up a a lot more secure long run.”

–       Takuya Yoshikawa, Cloud Services Department Manager, Cybozu

Docker

“Docker has been working on offer chain security for lots of a long time, and is excited to be part of OpenSSF to function a lot more intently with the communities there. As a developer concentrated enterprise with numerous hundreds of thousands of consumers and customers, Docker recognises that protection perform falls to builders to put into practice, and they will need support, aid and tooling to improve the safety of the world’s software that they produce and consume. Docker has been performing with upstream open up source communities for many many years, by means of initiatives like Docker Official Images and Docker Verified Publishers that are employed and reliable by tens of millions of builders. Signing up for OpenSSF is element of our determination to broaden the operate we are accomplishing in this place, and perform even far more closely with the other communities and corporations included in the crucial do the job of securing open resource software.”

–       Justin Cormack, CTO, Docker

Endor Labs

“Eighty per cent of the code in modern day programs is code your developers failed to produce but rely on by means of open up source offers. When our founding group was primary the Prisma Cloud engineering group at Palo Alto Networks, we recognized the accurate magnitude of this situation. Our mission now is to help OSS to dwell up to its real opportunity devoid of introducing pointless chance. It is interesting to after again just take a new technique to the market place, and we consider these solutions will radically increase software progress everywhere you go. The OpenSSF is main the charge on open supply security. They are creating a have faith in-dependent partnership with any firm that depends on open source, with the intention of making open supply use scalable and secure, whilst serving to the local community prosper. These ideals align correctly with ours, which is why we’re so psyched for this partnership.”

–       Varun Badhwar, CEO and Co-Founder, Endor Labs

FOSSA

“FOSSA is proud to join the 100+ other customers of the OpenSSF neighborhood in our shared mission to advance open resource safety. We are energized to get to get the job done with the other outstanding leaders in the basis, and share our knowledge across the computer software source chain, specifically mitigating the pitfalls linked with open up resource license violations and safety vulnerabilities. Anything we do at FOSSA is for the like of open supply, and in assist of the substantial good impact it has on innovation and equality for our buyers. Our aid for and participation in OpenSSF is a further example of that commitment.”

–       Kenaz Kwa, VP of Product or service, FOSSA

HackerOne

“Open resource software is foundational to our electronic planet and, just as we all profit from open resource, we will have to collectively lead to its safety. Log4Shell demonstrated the devastating impression of open resource vulnerabilities, if not correctly addressed, on corporations and their software offer chains. For much too long, only a small but vital group of volunteers have aided safe open-source initiatives for the full online. We launched the Internet Bug Bounty to fund the protection of open-source initiatives to address this challenge, and we check out OpenSSF as a critical teammate in constructing toward the similar eyesight of a safer net. We are proud to sign up for OpenSSF and help venture maintainers, builders, and safety groups to cut down the effect of Log4Shell and vulnerabilities like it.”

–       Kayla Underkoffler, Senior Protection Technologist, HackerOne

Phylum

“We are energized to be a contributing member of the Linux Basis and to assist OpenSSF’s mission. At Phylum, we are undertaking our portion to secure the universe of code by automating computer software source chain safety to block new risks, prioritize existing challenges and permit companies to only use open-resource code that they have confidence in.”

–       Patrick Sheehan, CRO, Phylum

Trail of Bits

“Open-source software is at the pretty main of Path of Bits. We make our equipment open up supply with the aspiration that organizations can use them to deal with their safety worries, which includes individuals within the application provide chain. When our engineers and scientists do the job on a issue, it really is likely that the remedy will benefit the complete neighborhood, not just a presented customer. We think about it of strategic worth that we make our in-household understanding accessible, so problems can be solved at-big. To that end, we have created applications that mechanically build a dependency graph and SBOM, find numerous issues in Python, and permit code signing and verification. We prepare to establish on these accomplishments as a basic member of OpenSSF, and appear ahead to collaborating with other companies in the pursuit of creating open-source computer software as protected as attainable.”

–       Dan Guido, CEO, Path of Bits

VicOne

“Modern day digital cars undertake additional and more open source computer software and it’s starting to be a regular focus on of hackers. The protection worries have been elevated in laws, these types of as UN R155, ISO/SAE 21434. Powered by Development Micro’s 30+ yrs of encounter in cybersecurity, VicOne, as an automotive cybersecurity pro, will support our OEM/Tier-1 shoppers to strengthen details stability practices and comply with global requirements and rules which include proactive monitoring new cybersecurity incidents, open supply vulnerability evaluation, prioritization, and SBOM management.”

–       Terence Wang, Director of Product Administration, VicOne Inc.

AMD Xilinx

“AMD is enthusiastic to be a part of the Open up Source Protection Foundation to add to and keep on top rated of the latest open resource stability specifications, including tooling, best practices, and other specifications. AMD is fully commited to driving the adoption of open up resource software package and joining OpenSSF will be important to helping to be certain that AMD’s open source program releases are working with the latest stability benchmarks accepted by the open up source community. It will also deliver added self confidence for our prospects that not only is our software program open up sourced, but is also secure.”

–       Nathan Menhorn, Sr. Item Protection Engineer, AMD

Added Sources

• Watch the finish list of OpenSSF users
• Add endeavours to 1 or a lot more of the lively OpenSSF working teams and tasks

About OpenSSF
The Open up Resource Protection Basis (OpenSSF) is a cross-business business hosted by the Linux Basis that delivers together the industry’s most essential open supply stability initiatives and the people today and companies that guidance them. The OpenSSF is fully commited to collaboration and working equally upstream and with present communities to progress open supply stability for all. For extra info, remember to take a look at us at: openssf.org.

About the Linux Foundation
Founded in 2000, the Linux Basis and its assignments are supported by far more than 2,950 members. The Linux Foundation is the world’s main residence for collaboration on open resource application, hardware, benchmarks, and knowledge. Linux Foundation initiatives are crucial to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, PyTorch, and a lot more. The Linux Foundation’s methodology focuses on leveraging very best procedures and addressing the demands of contributors, people, and option companies to create sustainable types for open up collaboration. For extra information, please check out us at: linuxfoundation.org.

Media Get hold of
Babel for OpenSSF
[email protected] 

Supply OpenSSF