Open source security has been a big focus of this week’s Black Hat conference, but no open source security initiative is bolder than the one proffered by the Open Source Security Foundation (OpenSSF).
Amid discussions on the security of open source technologies like eBPF and Hadoop, OpenSSF speakers Jennifer Fernick, SVP and head of global research at NCC Group, and Christopher Robinson, Intel’s director of security communications, outlined the group’s vision to secure open source software “end to end, at massive scale.”
OpenSSF was formed a year ago by the merger of Linux Foundation, GitHub, and industry security groups. It has more than 50 members so far, from tech giants like IBM, HPE, Intel, Facebook, Google, Cisco, Microsoft, Huawei, Samsung, and VMware, to small companies, open source-based companies like Red Hat, Suse, and Canonical, and open source users like JP Morgan Chase, Comcast, and Uber.