User:Llightex/Open Source Security Foundation

The Open Source Security Foundation (OpenSSF) is a cross-industry forum for a collaborative effort to improve open-source software security. Part of the Linux Foundation, the OpenSSF works on various technical and educational initiatives to improve the security of the open-source software ecosystem.

History
The OpenSSF was formed in August 2020 as the successor to the Core Infrastructure Initiative, another Linux Foundation project. The list of founding governing board members includes GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat. Other founding members include GitLab, HackerOne, Intel, Okta, Purdue, Uber, and VMware.

In October 2021, Brian Behlendorf was announced as the OpenSSF's first full-time General Manager. In May 2023, OpenSSF announced Omkhar Arasaratnam as its new General Manager, and Behlendorf became CTO of the organization.

Working Groups and Projects
The OpenSSF houses various initiatives under its working groups. The OpenSSF currently has eight working groups:
 * Best Practices for Open Source Developers
 * Securing Software Repositories
 * End Users
 * Security Tooling
 * Identifying Security Threats in Open Source Projects
 * Supply Chain Integrity
 * Securing Critical Projects
 * Vulnerability Disclosures

The OpenSSF also houses two projects: the code signing and verification service Sigstore and Alpha-Omega, a large-scale effort to improve software supply chain security.

Policy
After the Log4Shell vulnerability, the White House held a meeting on software security with government and private sector stakeholders on January 13, 2022. In May 2022, the OpenSSF hosted a follow-up meeting, the Open Source Software Security Summit II, where participants from industry agreed on a 10-point Open Source Software Security Mobilization Plan, which received $30 million in funding commitments.