Google And Microsoft Join Linux To launch The Open Source Security Foundation

SHARE:

Google, Microsoft and others join the Linux Foundation to launch the Open Source Security Foundation in order to improve the security of ope...

Google, Microsoft and others join the Linux Foundation to launch the Open Source Security Foundation in order to improve the security of open source software

google-microsoft-join-linux-openSSF

Open source software has become commonplace in all kinds of environments. Because of its development process, open source software that reaches end users has a chain of contributors and dependencies. It is important that those responsible for the security of their user or organization are able to understand and verify the security of this chain of dependencies. Therefore, the Linux Foundation has initiated the creation of the Open Source Security Foundation (OpenSSF). This is a cross-sectoral collaboration that brings together leaders to improve the security of open source software by creating a broader community with targeted initiatives and best practices.

The OpenSSF brings together the industry's leading open source security initiatives and the individuals and companies that support them. The Linux Foundation's Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab, are just some of the projects that will be brought together under the new OpenSSF. The Foundation's governance, technical community and its decisions will be transparent, and all specifications and projects developed will be vendor-independent. The OpenSSF is committed to collaborating and working both upstream and with existing communities to advance open source security for all.

The OpenSSF was created on the premise that security researchers need a mechanism to enable them to collaboratively address the methods needed to secure the open source security supply chain. It recognizes that security researchers around the world within organizations have common interests and concerns. OpenSSF facilitates sustained dialogue and project work between private entities, foundations, and universities.

 
Google, Microsoft and other companies join OpenSSF


The list of initial members includes Google, Microsoft, GitHub, IBM, Red Hat, etc. Azure's CTO, Mark Russinovich, made it clear why open source security should be a community effort:

"Open source software is at the heart of almost every company's technology strategy and securing it is an essential part of securing the supply chain for everyone, including us. With the pervasiveness of open source software, attackers are exploiting vulnerabilities in a wide range of critical services and infrastructure, including utilities, medical equipment, transportation, government systems, traditional software, cloud services, hardware and IoT.

"Open source software is inherently community-oriented and as such there is no central authority responsible for quality and maintenance. Because source code can be copied and cloned, version management and dependencies are particularly complex. Open source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming project maintainers and introducing malicious software. Given the complexity and community nature of open source software, creating better security must also be a community-led process.


The initial technical initiatives of the OpenSSF will focus on:

  • Vulnerability disclosures: on the page, it is explained that the vision is an open source software ecosystem where the time to fix a vulnerability and deploy that fix in the ecosystem is measured in minutes, not months. It is about creating a unified format and API for vulnerability reporting / coordinated disclosure and promoting wide adoption.

  • Security tools: The declared mission is to provide the best security tools for open source developers and make them universally accessible. The collective would like to create a space where members can collaborate together to improve existing security tools and develop new ones to meet the needs of the wider open source community.

  • Identifying security threats to Open Source projects: This is about enabling stakeholders to have an informed confidence in the security of Open Source projects. The collective would like to identify a set of key metrics and create tools (APIs, web user interface) to communicate these metrics to stakeholders, allowing these stakeholders to better understand the security status of individual open source components.

  • Security best practices: the objective is to provide open source developers with best practice recommendations.

  • Securing critical projects: the objective is to provide audits, assurances, intervention teams, improvements and practical tactical work.


In addition, the OpenSSF will aim to help critical projects get the support they need to ensure their security:

"Whether it's dedicated help from specialized experts or simply providing money or cloud credits, we recognize that no two projects are the same and that support can take many forms. We intend to work with managers at an early stage to understand the help and support they need and then develop scalable processes to make that help available.

Among others, Google and Microsoft have announced their participation in OpenSSF with a particular focus on a number of areas, including shared schemas and metadata to better enforce security best practices; dependency management and risk assessment to map vulnerabilities to specific code versions; build verification tools, such as Tekton Chains; and the use of Develop Identity to associate changes with their authors.

For this last point, it is explained that without too much effort, an attacker could insert malicious code into a popular open source library and carry out an attack. An attacker could do this by looking for a highly imported package that is at the bottom of the stack but can still affect communication, perhaps even have root access, and is little [said package] or even unmonitored.

This type of attack has been done before. For example, hackers have introduced a backdoor into a widely used open source library in order to surreptitiously steal funds stored in bitcoin wallets. The malicious code was inserted in two steps into event-stream, a library that had over two million downloads in 2018 and was used by both Fortune 500 companies and startups.

According to the GitHub discussion that exposed the backdoor, the event-stream developer no longer had time to provide updates. So, several months before this discovery, he accepted help from an unknown developer. The new developer took care to hide the backdoor. In addition to implementing it gradually, he also targeted only the Copay wallet application. The malicious code was also difficult to detect because the flatmap-stream module was encrypted.

The objectives here are therefore to :


  • Give open source maintainers a way to work under the name of their choice, representing their true employers in a secure way.
  • Give open source projects the tools and infrastructure to verify the identity of their maintainers.
  • Give consumers of open source libraries more data to determine the risks of relying on the library.
  • Give consumers and maintainers a public registry of those who have implemented changes to an open source software project.
  • Respect the privacy of all those involved.
  • Give OSS maintainers a better ability to ensure compliance with project governance policies (such as independent approval).
  • Provide OSS consumers with tools to detect spikes in activity from unknown committers.






COMMENTS

Name

100w charger,1,1080i vs 1080p,1,120 watt,1,365 dni,1,3GPP,1,4K drone,2,4K HDR,7,4K Ultra HD TVs,2,5G,5,64-bit,1,8K UltraHD,2,account privacy,5,acquesition,1,add an iptv m3u file to kodi,1,add contact to whatsapp,1,adevinta,1,ads,1,adventures,1,advertising,4,Aesthetics,1,AI,2,airdrop,3,Airpeak,1,alexa,2,alexa for apps,1,Alibaba,1,all tv channels online,1,Alta Mar,1,alternatives to google translate,1,alternatives to Netflix,1,amazon,14,amazon marketplace,1,amazon prime video,8,amazon series,2,american series,2,amzon movies,2,and download movies,1,android,49,android apps,19,Android Apps to Watch and Download Movies for Free,1,Android Auto,3,android gps,1,android studio,1,android system,1,android tv,2,Android TV Data Saver,1,android update,2,android11,7,Anime series,1,antitrust,1,antivirus,2,app store,15,app to watch movies for free,1,app to watch series free,1,AppGallery,1,apple,41,Apple CarPlay,1,Apple Music,1,apple one,1,Apple Pay,1,Apple TV+,1,apple watch,2,apple WWDC,1,applications,1,arm,1,artificial intelligence,4,Assambly Bill 5,1,Assassin's Creed Valhalla,2,Atlanta's Missing And Murdered,1,atlas iptv,1,Audi,2,audio profile,1,Australia,1,authentification,1,auto-delete google web,1,autonomous driving,3,autonomous driving levels,1,autopilot,3,awards,1,Away,1,AWS,2,aws honeycode,1,Azur Cloud Service,2,back uo gmail,1,back up google account,1,back up power,1,ban,3,battery,2,battery autonomy,1,Bayern Munich,1,best android applications to learn english,1,best google maps alternatives,1,best iptv player,1,best movies,1,best series,2,best sites to strea,1,beta,5,beta-testing program,1,bethesda,1,Bill Gtaes,2,Biohackers,1,Bitcoin,1,Black Lives Matte,1,Black Panther,2,Black Widow,1,Blazer,1,blender,1,blockchain,1,blog,1,Bluetooth,1,BMW,2,BMW aytopilot,1,BMW Maps,1,BMW softwre,1,Bolt EVChevrolet,1,boring company,1,Boris Johnson,1,box-office,1,boycott,2,brasil,1,broadband internet,4,bug bounty program,1,bugs,1,BYD,1,ByteDance,9,cables,2,California,2,campaign,1,Canonical,1,car company,1,cardsharing,1,casa de papel,1,cat 5e,1,cat 6,1,CBS,1,cccam protocol,1,cccam server,1,cellular network,1,certified hdmi,1,Chadwick Boseman,2,champions league,1,change your Facebook name,1,charger,3,cherlize theron,1,Cheverolet,1,Chevrolet,1,China,14,chip,2,Chris evans,1,christopher nolan,1,chrome,10,chrome 84,1,chrome 85,1,chrome os,2,chrome update,1,Chrome86,1,chromebook,2,Chromecast,1,ChromeOS,1,Chrysler,1,cinema,9,climate change,1,clipboard,1,cloud,1,Cloud computing service,1,cloud hosting,1,cloud storage,1,cobra kai,2,code activation valid,1,code gratis xtream,1,code iptv,1,colon cancer,1,commission,4,compact car,1,competition,1,configure perfect player,1,Configure Simple player iptv,1,congress,2,connected bracelet,1,connected tv,1,conspiracy,2,conversion,1,conversion therapies,1,copy paste,1,copyright,2,coronavirus,1,couple,1,COVID-19,4,covid19-,1,Cpu,1,create apps free,1,create apps without coding,1,Crunchyroll,1,CryptoCurrency,1,Cupra el-Born,1,cyber-attack,8,Cyberpunk,1,cyberpunk 2077,1,cybersecurity,18,daillymotion,1,Dark ages,1,dark mode,2,data center,2,data collection,9,data leakage,1,data protection,8,dating apps,3,deactivate facebook account,1,deepfakes,1,defender application guard,1,delete facebook account,1,delete gmail,1,delete google history,1,delete google services,1,delete locatiob history,1,delete search history,1,deleted data android,1,deleted photos android,1,developers,1,development,1,digitalization,1,disapearing messages,1,disinformation,1,diskdigger,1,Disney,1,Disney+,3,display mode,1,DJI Mini-2,1,dlna,1,DNS,1,DNS-over-HTTPS,1,Docker,1,documentary series,2,DoH,1,Dolby Vision,1,donation,1,download data from facebook,1,download iptv player,1,download movies free English,1,download movies free online,1,downloads,1,DriveOne,1,Dualshock 5,1,dumpster,1,dunkirk,1,duo,1,e password,1,e-beetle,1,e-commerce,1,e-kafer,1,E-Ray,1,e-tron S,1,e-tron S Sportback,1,e-waste,1,earthquake,2,ebay,1,EC,1,ECJ,1,ECL Final,1,ecommerce,1,Eddie the Eagle,1,edge,1,education,1,electirc cars,4,electric car battery,6,electric cars,38,electric cars range,2,electric compact car,2,Electric Corvette,1,electric pickups,1,electric SUV,2,Electric trucks,2,elon musk,24,Endomondo,1,energy,1,energy-intensive,1,Enola Holms,1,Epic Games,5,Ericsson,1,eSport,1,ethernet cables,1,exclusion,1,extension,1,F1,1,face to face,1,facebook,32,facebook dark mode,1,Faceplates,1,facial recognition,1,fair competition,1,fake news,7,fakespy,1,falcon iptv pro code,1,falcon9,2,fallout series,1,false advertising,1,Fashion,1,fast charge,2,fast share,1,fast sharing,1,FCC,1,Fearless,1,fellowship,1,Fiat,1,file sharing,4,file transfer,4,filmmkaer mode,1,fin my device,1,firefox,5,Firefox Send,1,firefox update,1,Fisker Ocean electric SUV,1,Fitness,2,Fitness Apps,2,flying taxis,1,ford,1,fordzilla,1,forecastapp,1,Fortnite,6,FortniteFree,2,Foundation,1,France,1,free apps gps,1,free cccam,1,free file server m3u,1,free gps android,1,free gps application,1,Free GPS on Android,1,free iptv,1,free iptv bein sport,1,free iptv code,1,free iptv daily,1,Free Iptv Extream Codes Active,1,free movie download sites without signing up,1,free movies,6,free series,3,free streaming apk,3,free tv streaming online,1,free xtream iptv,1,FSD,1,Fuchsia,1,fully autonomous vehicle,2,fundraise,1,fundraising,2,G suite,1,GAFA,2,game apps,1,gaming,22,GeForce RTX 3000,1,General Motors,1,geolocation,1,German Federal Cartel Office,1,Germany,1,get free code,1,GitHub,1,gmail,4,google,59,google accessibility,1,google action block,1,google airdrop,1,google apps,11,google assistant,1,google camera,2,google chat,2,google chrome,8,google developers,1,google docs,2,google docs voice typing,1,google drive,2,google duo,1,Google HDMI Dongle,1,google maps,4,google meet,3,Google Messages,1,google news,1,google phone,1,google phone app,1,google photos,1,google photos memories,1,google pps,1,Google rate,1,google rooms,1,google services,1,google stadia,3,google translate,1,googlr pixel,1,googpe chrome apps,1,gps apps,2,green energy,3,green it,1,gse smart iptv apk cracked,1,gse smart iptv application,1,gse smart iptv chromecast,1,gse smart iptv pro,1,gse smart iptv pro mac download,1,gse smart iptv windows,1,H.266 / VVC,1,Halo,1,Hannibal,1,HarmonyOS,2,Harry Styles,1,hashtag,1,hate speech,1,HBO,5,hd iptv activation code free,1,hdc,1,hdmi,4,hdmi cable,1,HDMI certification,1,HDR,2,HDR Pro,1,HDR10,1,HDR10+,1,hearing,1,HEVC Codec,1,HiCar system,1,hide a person from google photos,1,hide hashtag on twitter,1,high speed HDMI,1,high speed internet,2,high-defionition,1,high-tech,1,Hilary Swank,1,HoarmonyOS,1,homework,1,honeucode,1,horsepower,1,hosting services,1,how to,23,how to delete data from android,1,how to delete google account,1,HTTP/3,1,Huawei,17,Humanoid,1,hybrid cars,1,Hybrid Log Gamma (HLG),1,hydrogen fuel cells,1,iCloud,1,iDrive,1,Incognito mode,1,indexing,1,india,4,Infinite Bad Guy,1,instagram,12,instagram stories,2,instagram tips,1,install iptv on iptv smarters pro,1,install iptv on OttPlayer,1,install iptv on perfect player,1,instant chat,1,Intel Rocket Lake,1,internet,2,Internet explorer,1,internet law,1,internet protocole,1,investement,2,investigation,4,ios,11,iOS14,5,iPad,2,iPhone,8,iPhone11,1,ipodos,1,iptv app,1,iptv apps,8,iptv codes,1,iptv codes code iptv,1,iptv generator,1,iptv links free 2020,1,Iptv M3u Playlists Free January 2020,1,iptv player,1,iptv player android,2,IPTV Player Applications for Android,1,iptv player m3u,1,iptv player online,1,iptv playlist,1,iptv smarters apk,1,iptv smarters code,1,iptv smarters download,1,iptv smarters firestick,1,IPTV Smarters Pro,1,iptv xtream gratis,1,iptv6.premium-stv,1,iptvfree,1,iptvsmarttv,1,jaime lorente,1,jeff bezos,1,Joe Biden,1,K5,1,karaoke,1,karate kid,2,kim kardashian,1,Kirin,1,Kirin 710,1,Kirin 710A,1,Kirin 710FHuawei,1,Kirin processor,1,kit,1,kodi,2,kotlin,1,kuiper project,1,la casa de papel,1,La Venonno,1,Laptop,2,las vegas,1,latest,4,lawsuit,1,legal action,1,LG,2,LGBTA,1,LGPD,1,LIDAR,1,lili rienhart,1,linkedin,1,Linux,4,lista iptv gratis,1,live transcribe and sound amplifier,1,live tv,1,live tv channels free online,1,location history,1,lockdown,1,logo,1,lost phone,1,Lovecraft Country,1,Lucid Air,1,lucifer,1,Lyft,1,m3u file player android,1,m3u player free,1,m3u player windows 10,1,m3u playlist url france,1,m3u smarters pro,1,M5-sedan,1,Mac,3,MAC addresse,1,Mac apps,1,MacBook,1,machine learning,1,MacOS,1,MacOS Big Sur,1,malicious apps,2,malware,5,manage activity,1,marletplace,1,math problems,1,mediastar iptv,1,messaging app,3,Messenger,1,micopsoft store,1,micro-hybrids,1,microsoft,45,Microsoft Flight Simulator,1,microsoft surface duo,5,microsoft teams,4,Minecraft,1,Miracle Workers,1,misinformation,5,mobile apps,3,modely price,1,monitization,1,monopoly,6,Moto G 5G Plus,1,motorola,1,movie catalogue,1,movie streaming apps for android,1,movies,10,mozilla,1,multitasking,1,music,2,mute words,1,myiptv player windows 7,1,NASA,1,natick project,1,nearby share,2,nearby sharing,1,neo-nazi,1,Netflix,47,netflix catalogue,1,netflix free trial,1,netflix money-back,1,netflix movies,7,netflix news,1,netflix party,2,netflix sequels,1,netflix series,17,News,247,news feed,1,Nokia,3,notification,1,Nvidia,1,OCS,1,office,1,OLED,6,on line tv,76,One-UI 3.0,1,OnePlus tv,2,OnePlus TV U1,1,OnePlus TV Y1,1,OneWeb,1,online education,1,Online forms,1,Online payement,1,online store,1,Online Tv,3,online tv live,1,Open source,1,OpenSSF,1,Operating system,2,optimization,1,Oracle,1,orbitiptv,1,OS,9,ottplayer apk,1,ottplayer code,1,ottplayer listas,1,panasonic,2,pandemic,3,password,1,PayPal,1,people cards identity cards,1,personal data,17,phone,1,Photography,1,pinned comments,1,pishing emails,2,pixel,1,play store,5,playlist ottplayer,1,playstation,2,PlayStation 5,6,PlayStation 5 Controller,1,PlayStation Controller,1,Playstation Logo,1,plug-in hubrids,1,Pokémon GO,1,premium hdmi,1,price manipulation,1,prime video,2,prime video subscription,1,privacy,8,private network,1,processor,3,production,1,products,2,profile verification,1,programming language,1,Project Power,1,ps5,2,PSA,1,PSG,1,Q4 Sportback e-tron,1,QLED,5,QR Code,1,Qualcomm,2,Quibi,1,quick charge,2,ransomware,2,RCS,1,realme,2,realme smart tv,1,realme tv,1,recover data android,1,recover files,1,recover photos android,1,recycling,1,red iptv code,1,Redmi,2,Redmi Note 9 5G,1,Redmi Watch,1,reels,3,release16,1,renewable energy,1,replace google maps,1,Resident Evil Village,1,retreive photos android,1,reverdale,1,Rising Tides,1,rivian,1,robinhood,1,Robot,1,Rooms,1,Russia,1,Ryan Gosling,1,Ryzen,1,sabrina,1,safari,2,Salesforce,1,samsung,4,satellite internet,7,save battery life,2,scary movies,1,screen definition,3,screen resolution,3,screen size,2,seabubbles,1,Search Engine,3,search history,1,search video,1,seat,1,Secure DNS,1,Security,4,self-driving,6,sensor,1,SEO,2,series,6,ShakeAlert,1,shopify,1,short videos,1,shorts,1,Shuffle Play,1,sidelinking,1,silicon valley,1,simple iptv player for windows 10,1,siri,1,Slack,1,smart tv,8,Smart Watch,1,smartphone,7,smartphones,23,smash,1,SMIC,1,SMS,1,snapchat,1,SoC,1,soccer,1,social media,87,softaware,2,softawre update,8,software,4,software updates,7,Sony,6,Sony PlayStation 5,1,space industry,1,space network,1,SpaceX,8,Spanish series,1,speed up internet,1,speedtest,3,Sport,1,spotify,4,SSD,1,SSL,1,Starlink,6,Starlink router,2,start-up,3,startups,1,Starzplay,1,steam,2,Stellanis,1,stock market,2,stolen phone,1,storage,2,storage service,1,stranger things season 4,1,stranger things season 5,1,stream music,3,streaming,74,streaming apps,3,streaming apps download,1,streaming platforms,3,Stremio,1,subscription,8,sundar pichai,1,superheroes,1,superpower,1,Surface Laptop 4,1,surface neo,2,Surface Pro 8,1,technology,1,telecharger fichier m3u iptv,1,telecom,1,Telefoot,1,telework,1,teleworking,2,Tendances,2,tenet,1,tesla,25,tesla million mile battery,1,tesla model 3,2,tesla model S,1,tesla model x,1,tesla model y,1,Tesla Semi Electric Truck,1,tesla superchargers,1,The Best IPTV Players for Windows PCs,1,The last of us,1,the old guard,1,The sleepover,1,the umbrella academy,1,the witcher,6,third-party camera apps,1,tiktok,31,tiktok stars,1,tim cook,1,tinder,3,TLS,1,TomTom Go,1,toyota,1,tracking permissions,1,trade war,7,trademark,1,trading,1,trailer,2,translation,1,translation tools,1,transparency,2,traveling,1,Triller,1,Trump,23,tunnel,1,TV,24,tv show,2,twisted pairs,1,twitch,2,twitter,9,twitter privacy,2,two factor authentification,1,Uber,1,Ubisoft,1,UK,2,Ultra HD Premium,1,umbrella academy,1,Under armour,1,United States,1,unreal engine,1,UPnP,1,US Elections,1,USA,4,user data,1,user profile,1,verified calls,1,video calls,3,video chat,2,video coding,1,video meetings,2,video sharing,1,vikings,1,viral videos,1,virus,2,Vivaldi 3.4,1,voice assistant,1,voicetyping,1,volkswagen,3,volkswagen ID.3,1,Volvo,1,vpn,1,wall street journal,1,walmart,2,Warnet Tv,1,Warrior Nun,1,watch and download movies,2,watch free live channels,1,watch free tv online gratuit,1,watch movies offline,1,watch tv online live streaming,1,watchOS,1,web browser,10,wechat,4,westworld,1,WeTransfer,1,what is cccam,1,whatch party,1,whatsapp,10,whatsapp account,1,whatsapp animated stickers,1,whatsapp beta,3,whatsapp cash transfer,1,whatsapp money transfer,1,white supremacists,1,Win32 App,1,windows,7,windows 10,16,windows 10 start menu,2,windows 10 updates,1,windows 10X,2,windows defender,2,windows file recovery,1,windows10,2,wireless chargers,1,wireless connection,1,Wonder Woman 1984,1,World Of Warcraft,1,wrap charge,2,wsl,1,WSL 1,1,WSL 2,1,Xbox,6,xbox series s,1,xCloud,3,Xiaomi,5,Xiaomi Mi TV Master Series,1,xtream codes download,1,xtream codes forum,1,xtream codes iptv apk,1,xtream codes iptv login,1,xtream codes smarters pro,1,xtream iptv gratuit,1,xtream iptv player apk,1,xtream server,1,xtream tv app,2,xtream userna,1,xtream-codes-free,4,Young Sheldon,1,your phone apps,2,youtube,10,youtube history,1,youtube originals,1,Zuckerberg,2,برنامج windows iptv player,1,كود تجريبي iptv,1,
ltr
item
Simturax Tech Blog: Google And Microsoft Join Linux To launch The Open Source Security Foundation
Google And Microsoft Join Linux To launch The Open Source Security Foundation
https://1.bp.blogspot.com/-8rL3KZjOKKs/XzqNt8SJcCI/AAAAAAAABb8/xi-9fgYVsWgV9UTZPqZzRUNOY7v_MNqzgCLcBGAsYHQ/s640/OpenSSF.png
https://1.bp.blogspot.com/-8rL3KZjOKKs/XzqNt8SJcCI/AAAAAAAABb8/xi-9fgYVsWgV9UTZPqZzRUNOY7v_MNqzgCLcBGAsYHQ/s72-c/OpenSSF.png
Simturax Tech Blog
https://www.simturax.com/2020/08/google-and-microsoft-join-linux-to.html
https://www.simturax.com/
https://www.simturax.com/
https://www.simturax.com/2020/08/google-and-microsoft-join-linux-to.html
true
1117466819383033966
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content