Red Hat, Google, Microsoft, GitHub, and Others Launch the Open Source Security Foundation (infoq.com) 20
InfoQ reports on a new security group that launched last week:
Supported by The Linux Foundation, the Open Source Security Foundation (OpenSSF) aims to create a cross-industry forum for a collaborative effort to improve open source software security. The list of initial members includes Google, Microsoft, GitHub, IBM, Red Hat, and more.
"As open source has become more pervasive, its security has become a key consideration for building and maintaining critical infrastructure that supports mission-critical systems throughout our society. It is more important than ever that we bring the industry together in a collaborative and focused effort to advance the state of open source security. The world's technology infrastructure depends on it."
Microsoft CTO for Azure Mark Russinovich explained clearly why open source security must be a community effort:
"Open-source software is inherently community-driven and as such, there is no central authority responsible for quality and maintenance. [...] Open-source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming maintainers of projects and introducing malware. Given the complexity and communal nature of open source software, building better security must also be a community-driven process."
Also joining the group are Intel, IBM, Uber, and VMWare, according to Foundation's inaugural announcement, which promises its governance and decisions "will be transparent, and any specifications and projects developed will be vendor agnostic."
"As open source has become more pervasive, its security has become a key consideration for building and maintaining critical infrastructure that supports mission-critical systems throughout our society. It is more important than ever that we bring the industry together in a collaborative and focused effort to advance the state of open source security. The world's technology infrastructure depends on it."
Microsoft CTO for Azure Mark Russinovich explained clearly why open source security must be a community effort:
"Open-source software is inherently community-driven and as such, there is no central authority responsible for quality and maintenance. [...] Open-source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming maintainers of projects and introducing malware. Given the complexity and communal nature of open source software, building better security must also be a community-driven process."
Also joining the group are Intel, IBM, Uber, and VMWare, according to Foundation's inaugural announcement, which promises its governance and decisions "will be transparent, and any specifications and projects developed will be vendor agnostic."
Capability based security, at last? (Score:2)
Does this mean we finally get capability based security, or do I have to wait another 5 years?
Re: (Score:2)
Capability-based security has been around on Linux for ages.
The tools to make reasonable use of it, on the other hand, still aren't.
Not to be confused with the (Score:2)
Launch of the Open Source Education and Research group.
Re: (Score:2)
Surely you meant the League of Open Source Education and Research Services.
Re: (Score:2)
Surely you meant the League of Open Source Education and Research Services.
Or for the grammar impaired:
the League of Open Operating Sources Education and Research Services.
Re: (Score:2)
No, no! It should be the Open Source Education and Research Services League!
The list of initial members (Score:4, Insightful)
There's only one of them that's a genuine Open Source organization. I figure it's just another land grab under the guise of security.
Re: (Score:3)
No land grab, there's not a prayer in hell of herding all those cats. The thing is dead from the get-go.
Re:The list of initial members (Score:5, Insightful)
Doesn't Microsoft own Github? So Microsoft's there twice?
Totally looks like a play to squeeze out independents & newcomers by imposing onerous rules & conditions on making contributions. This way, the big players get to control open source to their own benefit & against the public interest. That is, if they can agree on how to do it amongst themselves. Without genuine community involvement & a steady stream of newcomers from different backgrounds, the spirit & real benefits of free & open source software will wither & die.
Re: (Score:3)
Doesn't Microsoft own Github? So Microsoft's there twice?
Yes and IBM owns Red Hat.
Re: (Score:2)
Re: (Score:1)
IBM is listed twice too.
Bill Gates got more open source than this foundation on his couch.
Re: (Score:2)
Microsoft, GitHub,
I think I read somewhere that Mojang, LinkedIn, Nokia, Hotmail, and Skype are also considering joining...
Just to help keep the group diverse, you understand.
lol (Score:1)
Microsoft != Secure (Score:2)
Let me get this straight, Microsoft is going to tell the Open Source Community how to create secure software.
Where's my popcorn?
Looks more like a bunch of leeches and vultures. (Score:2)
Preying on the open source community for their nefarious competely un-community-like goals.
Also, why is Microsoft aka GitHub mentioned twice?