Stories
Slash Boxes
Comments

SoylentNews is people

Open Source Community Sets Out Path to Secure Software

posted by janrinok on Monday May 16 2022, @11:08PM   Printer-friendly

upstart writes:

Open source community sets out path to secure software:

The open source community has presented a 10-point plan to improve the security and resilience of its software, bringing together more than 90 executives from 37 organisations, alongside US government officials, at a summit in Washington DC.

[...] OpenSSF executive director Brian Behlendorf added: "What we are doing here together is converging a set of ideas and principles of what is broken out there and what we can do to fix it. The plan we have put together represents the 10 flags in the ground as the base for getting started. We are eager to get further input and commitments that move us from plan to action."

The 10-point plan, which can be read in full on OpenSSF's website, is as follows:

  1. To deliver baseline secure software development education and certification;
  2. To establish a public, supplier-neutral, objective-metrics-based risk assessment dashboard for 10,000 widely used open source software (OSS) components;
  3. To accelerate the adoption of digital signatures on OSS releases;
  4. To eliminate the root causes of many vulnerabilities by replacing non-memory-safe languages;
  5. To establish an OpenSSF-backed incident response team to help open source projects respond to vulnerability disclosures;
  6. To improve the ability of maintainers and experts to discover new vulnerabilities in open source projects;
  7. To establish a programme of third-party code audits and remediation for up to 200 of the most-critical OSS components;
  8. To coordinate industry-wide data sharing to improve how the community goes about determining what the most-critical OSS components actually are;
  9. To improve the adoption of software bill of materials (SBOM) tooling and training;
  10. And finally, to enhance the 10 most-critical OSS build systems, package managers and distribution systems with improved supply chain security tools and practices.

Commenting on the plan, Mike Hanley, chief security officer (CSO) at GitHub, said: "Securing the open source ecosystem starts with empowering developers and open source maintainers with tools and best practices that are instrumental to securing the software supply chain.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Open Source Community Sets Out Path to Secure Software | Log In/Create an Account | Top | 26 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Informative) by Anonymous Coward on Tuesday May 17 2022, @01:58AM

    by Anonymous Coward on Tuesday May 17 2022, @01:58AM (#1245523)

    Formation: 2020
    The list of founding governing board members includes GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat.[3] Other founding members include GitLab, HackerOne, Intel, Okta, Purdue, Uber, WhiteSource, and VMware.[3]

    https://en.wikipedia.org/wiki/Open_Source_Security_Foundation [wikipedia.org]

    Starting Score:    0  points
    Moderation   +5  
       Informative=5, Total=5
    Extra 'Informative' Modifier   0  
    Total Score:   5