The Open Source Security Foundation (OpenSSF) a cross-industry organisation hosted at the Linux Foundation that brings together the world’s most important software supply chain security initiatives, has announced 15 new members from leading software development, cybersecurity, financial services, communications and academic sectors.
This round of commitments is led by two new premier members, Atlassian and Sonatype, who will join the OpenSSF governing board. New general member commitments come from Arnica, Bloomberg, Comcast, Cycode, F5 Networks, Futurewei Technologies, Legit Security, Sectrend, SUSE, and Tenable.
“We are thrilled to welcome Atlassian and Sonatype, two companies who play critical roles in modern software development and security, to the OpenSSF governing board,” said Brian Behlendorf, General Manager at OpenSSF. “Open source software supply chain attacks threaten the very foundations of innovation that billions of people rely upon. Our 15 new members join a growing community of organisations, developers, researchers and security professionals that are investing time and resources required to respond in this constantly evolving threat landscape.”
Open source software has become the foundation on which our digital economy is built. As noted in the Linux Foundation’s 2022 Software Bill of Materials (SBOM) and Cybersecurity Readiness report, 98% of organisations use open source regularly. The same study revealed that 72% of organisations are very or extremely concerned about software security. Recent vulnerabilities, such as the one impacting Log4j, have caused many organisations to prioritise software supply chain security and realise the need to be fully abreast of the open source ecosystem, as well as contributing to it. From governments to businesses, open source security has been brought to the top of the agenda as a priority issue to address and as a result, OpenSSF is seeing membership rise at a rapid pace.
The latest commitments follow a productive period for OpenSSF in which the foundation expanded its core working groups to include Securing Software Repositories. This group aims to improve cybersecurity practices where developers download open source packages most often.