Open Source Security Foundation

The Open Source Security Foundation (OpenSSF) is a cross-industry forum for collaborative improvement of open-source software security.^[3][4] Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.^[5]

The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project.^[6][7]

In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time general manager.^[8] In May 2023, OpenSSF announced Omkhar Arasaratnam as its new general manager, and Behlendorf became CTO of the organization.^[9]

The OpenSSF houses various initiatives under its 10 current working groups.^[10][11] The OpenSSF also houses two projects: the code signing and verification service Sigstore^[12] and Alpha-Omega, a large-scale effort to improve software supply chain security.^[13]

The White House held a meeting on software security with government and private sector stakeholders on January 13, 2022.^[14] In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.^[15][16] In August 2023, the OpenSSF served as an advisor for DARPA's AI Cyber Challenge (AIxCC), a competition around innovation around AI and cybersecurity.^[17] In September 2023, the OpenSSF hosted the Secure Open Source Software Summit with the White House, where government agencies and companies discussed security challenges and initiatives around open source software.^[18]

Lua error in mw.title.lua at line 392: bad argument #2 to 'title.new' (unrecognized namespace name 'Portal').

• Computer security
• Open Security Foundation

• Official website
• OpenSSF on GitHub