OpenSSF Membership Growth Signals Technical Communities’ Continued Commitment to Investing in Security
The Linux Foundation | 07 March 2023
Hosts OpenSSF Day North America in Vancouver in May
SAN FRANCISCO, March 7, 2023 – The Open Source Security Foundation (OpenSSF), a cross-industry organization hosted at the Linux Foundation that brings together the world’s most important software supply chain security initiatives, welcomes eight new members from leading technology firms. New OpenSSF general member commitments include those from Amesto Fortytwo, Code Intelligence, Kusari, Privado, Scotiabank, Technology Innovation Institute (TII). New associate members include the Open Source Business Alliance - Bundesverband für digitale Souveränität e.V. and Python Software Foundation.
The total number of OpenSSF members is currently over 100 and organization membership saw an 88% growth in 2022 from a variety of different sectors. This growth comes at this critical time when governments are looking at how code is secured and considering related legislation, such as the EU Cyber Resilience Act. The OpenSSF recently submitted commentary outlining the impact of the CRA on open source communities and future software development.
“We are excited to welcome new members to the OpenSSF,” said Brian Behlendorf, General Manager of OpenSSF. “As we work to secure the open source ecosystem, it is more important than ever that our membership represents all stakeholders in the open source community, from companies to research associations to open source foundations. Furthermore, investing in security remains of the utmost importance even during times of economic uncertainty. Threat surfaces continue to evolve and attackers continue to exploit vulnerabilities. We are happy to see that technical communities continue to demonstrate a strong commitment to investing in security now and for the future.”
The latest commitments follow a period for OpenSSF that has seen major new initiatives and milestones, such as updates from various initiatives and working groups described in the OpenSSF’s first annual report, new funding pledges and investments for Alpha-Omega, participating in various open source security conferences in Europe, and the first Open Source Security Meetups in Tokyo and Hong Kong.
On Wednesday, May 10, 2023, OpenSSF will host OpenSSF Day North America at the Open Source Summit North America in Vancouver. OpenSSF Day is an opportunity to learn more about ongoing efforts to secure the open source software ecosystem. Those interested in giving talks during OpenSSF Day can also submit to the call for proposals by March 17th.
The next OpenSSF Town Hall will be held on Thursday, March 16th at 10 AM PT, designed to give open source software (OSS) maintainers, contributors, software developers, and users who know security is important, but haven’t made the leap to join an OpenSSF Working Group or Project yet. Attendees will take an in-depth tour of several key initiatives and find out how to get involved.
General Member Quotes
Amesto Fortytwo is both an end-user of OSS, which we use to create our services and products, but also a contributor to various projects. As a company focusing on security and platform services, making sure that the ecosystem thrives is of utmost importance to us. Our employees already dedicate time to help the community out, and we are proud to now also be a member of OpenSSF.
Roberth Strand, Principal Cloud Engineer, Amesto Fortytwo
Today, our society and the global economy heavily rely on open-source software. Security incidents such as Heartbleed and Log4Shell show significant weaknesses in the software supply chain. At Code Intelligence, we took on the mission of providing effective testing that developers enjoy using in their regular workflows to find, understand, and fix vulnerabilities. We open-sourced significant parts of our technology, making it available to everyone, which helped find many critical vulnerabilities in open-source software.
We are thrilled to join OpenSSF to share our knowledge, experience, and learnings with the community and collaborate on accelerating the advances of open-source security."
Khaled Yakdan, Co-founder and Chief Scientist, Code Intelligence
Kusari is proud to join the OpenSSF and be counted among so many great partners in the mission to help secure open source software and provide open source security tools and frameworks. With the majority of software utilizing OSS in some capacity and the ever increasing complexity of projects' dependency graphs OSS security grows more important. Kusari is committed to making supply chain security simple for everyone from developer through to the C-suite through a holistic SDLC focused approach and are happy to see that alignment also reflected in the vision of the OpenSSF. We are all in this together when it comes to supply chain security and we hope to see the various community groups and projects under the OpenSSF shape the cybersecurity landscape and protect the tech community at large for years to come.
Michael Lieberman, CTO, Kusari
Privado is excited to join OpenSSF and embrace its vision of a world where securing the world is a community activity done for the public good. Privado brings to the table open source Privacy Code Scanning tooling that helps bridge the gap between security and privacy stakeholders. With OpenSSF's engagement, we aim to work with the community to build tools and technologies that embed privacy in the applications right from the very start.
Vaibhav Antil, Co-Founder and CEO, Privado
The security of open software is essential for the privacy of users and customers and the safety of organizations. Scotiabank is proud to become a member of OpenSSF to further advance open-source security. Together, we can provide organizations with the assurance that their systems are secure, while further promoting the security of global digital infrastructure.
Steve Sparkes, CISO, Scotiabank
Technology Innovation Institute (TII)
Open-source software accelerates innovation and reinforces our digital-first lives today. Recent vulnerabilities and attacks on core open-source projects have highlighted the need to prioritize projects that demand critical expertise, tooling, processes, and funding in adapting to the ever-changing security landscape. As a leading global scientific research center focused on driving zero-trust security and resilience of autonomous system, the Technology Innovation Institute (TII) is excited to join forces with OpenSSF in tackling these challenges, anticipating, and finding solutions to emerging ones, as well as supporting the security of open-source software across industries and academia.
Dr. Shreekant (Ticky) Thakkar, Chief Researcher - Secure Systems Research Center, TII
- View the complete list of OpenSSF members
- Contribute efforts to one or more of the active OpenSSF working groups and projects
- Register for OpenSSF Day North America
- Register for the next OpenSSF Town Hall
About the OpenSSF
The Open Source Security Foundation (OpenSSF) is a cross-industry organization hosted by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org.
Jennifer Bly, OpenSSF
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.