Security
Headlines
HeadlinesLatestCVEs

Headline

Linux, OpenSSF Champion Plan to Improve Open Source Security

The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.

DARKReading
#vulnerability#google#microsoft#amazon#linux#git#intel#vmware#ericsson

Marking the one-year anniversary of President Biden’s Executive Order on Improving the Nation’s Cybersecurity, the Linux Foundation and the Open Source Software Security Foundation joined with 90 private-sector executives and government leadership to create a 10-point plan to improve the security of open source software.

The plan has three primary goals — secure open source software production, improve vulnerability discovery and remediation, and shorten ecosystem patching response time — according to the announcement.

The Open Source Software Security Mobilization Plan proposes 10 specific streams of investment in open source security including: education, risk assessment, digital signatures, memory safety, incident response, better scanning, code audits, data sharing, SBOMs, and improved software supply chain. The plan outlines the need for about $150 million in additional funding over the next two years. Amazon, Google, Ericsson, Intel, Microsoft, and VMware have pledged an initial investment of $30 million between them.

“What we are doing here together is converging a set of ideas and principles of what is broken out there and what we can do to fix it,” Brian Behlendorf, executive director, Open Source Security Foundation (OpenSSF), said in a statement announcing the group’s new initiative. "The plan we have put together represents the 10 flags in the ground as the base for getting started. We are eager to get further input and commitments that move us from plan to action.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Related news

Get Lifetime Access to 2022 Cybersecurity Certification Prep Courses @ 95% Off

Ever thought about working full-time in cybersecurity? With millions of unfilled jobs around, now is a great time to get into the industry. Of course, there are many different roles in this field. But all of them require the same handful of professional certifications. The 2022 Ultimate Advanced CyberSecurity Professional Certification Bundle helps you collect the full house, with five

Google Created 'Open-Source Maintenance Crew' to Help Secure Critical Projects

Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this information, developers

DARKReading: Latest News

WhatsApp: NSO Group Operates Pegasus Spyware for Customers