Tech giants pledge multimillion down payment to secure open source

This audio is auto-generated. Please let us know if you have any feedback.

Dive Brief:

  • The Linux Foundation and Open Source Security Foundation (OpenSSF) announced Thursday 10-point plan to boost open source and supply chain security After meeting key Biden administration officials and about 90 industry executives.
  • The group plans to spend more than $ 150 million over the next two years to make open source software more secure. The goal is to find and fix vulnerabilities like Log4j faster, in an effort to better protect malicious cyberattacks from the US that exploit insecure software platforms and devices.
  • A group of leading technology companies, including Amazon, Ericsson, Google, Intel, Microsoft and VMware, have already pledged more than $ 30 million in initial funding.

Dive Insight:

The industry gathering is a follow up to the historical White House summit in January, convened by the National Security Council. That original meeting was the wake of the Log4j vulnerability disclosure, an incident that put millions of devices at risk worldwide.

The security plan and funding are part of a larger effort to restore the software industry to some of the perceived imbalances that some officials say have led to open source security issues.

The open source community, largely composed of volunteers, invests time and effort into creating code that serves as the foundation for much of modern computing. Wealthy Silicon Valley companies can capitalize on open source repositories to build their products, with limited investment or support toward code creation.

The amount of funding tech companies are pledging is meaningful compared to previous investments in open source, but is a drop in the bucket “when you compare it to the cost of remediating a major vulnerability,” said Brian Behlendorf, general manager. The Linux Foundation’s OpenSSF project, said during a press conference Thursday.

A number of technology companies have announced plans to enhance the security of open source partners.

Google Cloud said during the meeting it would launch an Open Source Maintenance Crewa dedicated team of engineers working with upstream maintainers in order to promote the security of various open source projects, according to a blog post from the company.

Google Cloud also announced the launch of a new dataset Designed to give developers and maintainers access to critical software supply chain information through the Open Source Insights project.

Open source and software executives said the summits are an essential step in helping the industry strengthen its security of the software supply chain.

“Securing the open source ecosystem starts with empowering developers and open source maintainers with tools and best practices that are instrumental to securing the software supply chain,” GitHub CSO Mike Hanley said in an emailed statement.

GitHub, the home of 83 million developers worldwide, is committed to advancing efforts while outlining the meeting, Hanley added. GitHub has enabled two-factor authentication on GitHub.com and npm, supported financial backing for developers through the GitHub sponsors program and offered free security training through the GitHub Security Lab.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker