Hello, Linux Foundation members and readers! Here are some updates from the Open Source Security Foundation (OpenSSF) in Q1 2023:
The OpenSSF Day North America agenda is now live! We will host a full day of interesting session presentations, panels, and lightning talks on May 10th during Open Source Summit North America in Vancouver, Canada. Plan to join us to discuss the latest and greatest in ongoing efforts to secure the open-source software supply chain.
At the end of March 2023, we hosted an OpenSSF Town Hall. We shared updates from the various initiatives at the OpenSSF, including Alpha-Omega, SBOM Everywhere, and diversity, equity, and inclusion (DEI) efforts around open source security. Participants had an opportunity to ask questions. Review highlights and watch the recording.
We recently welcomed eight new members from leading technology firms. The total number of OpenSSF members is currently over 100, and organization membership saw an 88% growth in 2022 from a variety of different sectors. New OpenSSF general member commitments include Amesto Fortytwo, Code Intelligence, Kusari, Privado, Scotiabank, and Technology Innovation Institute (TII). New associate members include the Open Source Business Alliance – Bundesverband für digitale Souveränität e.V. and Python Software Foundation. We recently welcomed eight new members from leading technology firms. We are happy to see that technical communities continue demonstrating a strong commitment to investing in security now and in the future.
The first-ever CloudNativeSecurityCon North America was an important event that gathered leaders and experts from across the industry to discuss the latest trends and challenges in cloud-native security. At the event, our GM Brian Behlendorf gave a keynote talk focusing on the future of OSS and software supply chain security.
During his talk, Behlendorf highlighted the potential new security threats that could emerge from the rise of AI systems like ChatGPT. He emphasized the importance of OSS projects preparing for this new future and ensuring their code is secure and resilient against these emerging threats.
The event was hosted by the Cloud Native Computing Foundation (CNCF) in Seattle, WA. It featured an OpenSSF booth where community members had the opportunity to discuss their current initiatives and recent accomplishments. This was a great opportunity for members to network and learn from each other and collaborate on future plans and projects.
In February, Brian discussed open source software security in Europe: first on a panel about open source software funding in Brussels, Belgium, during the Open Source Policy Summit, then talks on open source security at FOSDEM, and finally, a panel on international security policy at the State of OpenCon in London, UK.
We also hosted inaugural community meetups in Tokyo and Hong Kong that were well attended.
We’ve been busy at the OpenSSF, and often share updates with the community on our blog. Here are a few recent posts you won’t want to miss. Check them out!
We remain committed to ensuring the open source software ecosystem is secure for all. We’d love it if you and your organization could get involved in the OpenSSF. This could range from participating in our working groups to joining our Slack or mailing list.
We look forward to working with you to help secure the entire OSS ecosystem!