Microsoft today announced that it will create the Open Source Security Foundation (OpenSSF) along with other industry partners (GitHub, Google, IBM, JPMC, NCC Group, OWASP Foundation and Red Hat). This is a cross-industry collaborative project hosted by the Linux Foundation.
The goal of this project is to improve the security of open source software by creating a broader community, targeted initiatives, and best practices. Initial technical measures will focus on the following areas.
Security best practices.
Identify security threats for open source projects.
Ensure the safety of critical projects.
“Microsoft has been involved in several open source security initiatives for many years, and we look forward to integrating them under the umbrella of OpenSSF,” wrote Mark Russinovich, Azure’s Chief Technology Officer. You can participate in this project on GitHub at https://github.com/ossf.