Microsoft today announced that it is joining other industry partners (GitHub, Google, IBM, JPMC, NCC Group, OWASP Foundation, and Red Hat) to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at the Linux Foundation. The aim of this project is to improve the security of open source software by creating a broader community, targeted initiatives, and best practices. The initial technical initiatives will focus on the following:
- Vulnerability Disclosures
- Security Tooling
- Security Best Practices
- Identifying Security Threats to Open Source Projects
- Securing Critical Projects
- Developer Identity Verification
“Microsoft has been involved in several open-source security initiatives over the years and we are looking forward to bringing these together under the umbrella of the OpenSSF,” wrote Mark Russinovich, Chief Technology Officer, Azure.
You can participate on this project on GitHub at https://github.com/ossf.