OpenSSF’s Alpha-Omega Project recently received a commitment of $5 million in continued funding, with a USD $2.5 million contribution from Microsoft and another USD $2.5 million from Google. The Alpha-Omega mission is to protect society by improving the security of open source software through direct maintainer engagement and expert analysis, trying to build a world where critical open source projects are secure and that security vulnerabilities are found and fixed quickly.
Today, the OpenSSF hosts OpenSSF Day North America at the Open Source Summit North America in Vancouver. OpenSSF Day is an exciting opportunity to learn more about ongoing efforts to secure the open source software ecosystem. Highlights on the agenda include a number of sessions around the state of open source software security, including a keynote fireside chat about how government and the open source community can work together. Panels will explore what’s new in the world of Software Bills of Materials (SBOMs), Alpha-Omega, and DEI for creative, inclusive and sustainable cybersecurity. Other sessions feature talks on DevOps, Sigstore, SLSA, security audits, fuzzing, and more. Both in-person and virtual registration is available.
The OpenSSF is also conducting a survey to understand how the community perceives OpenSSF initiatives like Sigstore, Alpha-Omega, Best Practices Badge, Scorecard, and SLSA. Responses will be used to help evaluate awareness and perception of the OpenSSF, its projects, and identify areas for improvement. Take the OpenSSF Software Security Awareness Survey today.
General Member Quotes
“We think the importance of OSS security is increasing because a lot of our customers leverage OSS for mission-critical systems that support social infrastructure like financial systems or government systems. We are happy to enhance OSS security through the OpenSSF ecosystem, and we would like to help achieve OSS security that meets the mission-critical requirements. Furthermore, we would like to collaborate, not only with the OSS community, but also with the security community to have an active discussion on OSS security in Japan.”- Yuichi Nakamura, Director, Hitachi, Ltd.
“Today’s missions operate on timelines of days and weeks, not months and years. The threats our customers face require us to deliver innovation at scale, and with greater agility than ever before, to address their toughest challenges. Lockheed Martin’s contribution to open-source projects and open-source communities is essential to our ability to produce more secure software solutions to our customers. Our collaboration with the Open Source Security Foundation (OpenSSF) is a testament to our commitment to ensure the security of our customers’ systems as we deliver software at the speed of relevance and engineer a better tomorrow.”- Alan Hohn, Director of External Outreach and Software Strategy, Lockheed Martin Corporate Engineering
“SAP is among the top 10 commercial contributors to open source communities as listed on the Open Source Contributor Index. Secure consumption of open source software is naturally essential to SAP’s position as a responsible vendor of enterprise software solutions. We look forward to being an active member of OpenSSF and helping the enterprise software community including our customers benefit from secure and trustworthy open source components.”- Tim McKnight, Chief Security Officer, SAP
- View the complete list of OpenSSF members
- Contribute efforts to one or more of the active OpenSSF working groups and projects
- Register for OpenSSF Day North America
About the OpenSSF
The Open Source Security Foundation (OpenSSF) is a cross-industry organization hosted by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org.
Jennifer Bly, OpenSSF