OpenSSF Announces New Members & Initiatives at SOSS

SEATTLE, April 15, 2024 (GLOBE NEWSWIRE) — The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), is excited to announce new members from leading technology, aerospace, and security firms. The OpenSSF is further pleased to host Secure Open Source Software (SOSS) Community Day at Open Source Summit North America (NA) 2024, which brings together members and contributors from around the world.

The OpenSSF welcomes new general members Ada Logics, The Boeing Company, Chainloop, Defense Unicorns, Ensignia, Hedera, and StepSecurity. With support from these new organizations, the OpenSSF heads into 2024 with 120 members that together recognize the importance of backing, maintaining, and promoting strong, vibrant, and secure open source software ecosystems.

“It brings us great pleasure to welcome our newest members to the OpenSSF,” said Omkhar Arasaratnam, the general manager of OpenSSF. “The challenge of safeguarding open source software is significant, and we eagerly anticipate collaborating with them.”

To celebrate its growing community, the OpenSSF is hosting Secure Open Source Software (SOSS) Community Day at Open Source Summit NA 2024 in Seattle. SOSS Community Day NA 2024, with over 500 registrants, is an opportunity for community members from across the open source security ecosystem to get together and share ideas. Featuring a packed schedule with sessions led by 49 experts on topics like education, innovation, tooling, vulnerabilities, threats, and more, SOSS Community Day will showcase the work the OpenSSF community is doing to drive open source software security. Further highlighting the organization’s commitment to security education, SOSS Community Day NA will feature a 90-minute interactive tabletop exercise (TTX), designed to engage the open source community on security practices.

General Member Quotes

Ada Logics

“We are excited to join the OpenSSF and look forward to furthering our contributions to the open source software security ecosystem. In the last year Ada Logics has actively contributed software development efforts to several OpenSSF initiatives, including OpenSSF Scorecard, Fuzz Introspector and SLSA. These are initiatives we consider instrumental for furthering open source software security. Ada Logics is an active open source contributor and has contributed fuzzing to more than 300 open source projects. Furthermore, as a software security services agency that focuses on vulnerability analysis, software supply chain security and tool development, our core activities are well aligned with OpenSSF’s mission, which is why we are happy to be joining as a member.”
– David Korczynski, CEO, Ada Logics

The Boeing Company

“You probably know Boeing as an aerospace company. But we are also a huge software company that relies on and contributes to open source software. We are excited to join the Open Source Security Foundation (OpenSSF). Exponential growth in the open source ecosystem brings unique challenges. Collaborating on best practices, tooling, and standards helps us all in the critical mission of delivering secure software.”
– Jinnah Hosein, Vice President and Chief Software Engineer, The Boeing Company

Chainloop

“Our team has been developing software supply chain automation for over a decade with the aim of delivering trusted software quickly. We built Chainloop Open Source because we believe the key enabler is software supply chain metadata that you can trust, and we are fortunate to be able to leverage foundational open source projects like Sigstore, SLSA, and in-toto. Today, we are excited to join OpenSSF, and look forward to continuing our journey of helping developers build and deliver trusted software faster.”
– Miguel Martinez, Co-Founder / CTO, Chainloop

Defense Unicorns

“We are thrilled to announce our partnership with OpenSSF! At Defense Unicorns, we’re not just dedicated to open source; we’re passionate about forging connections between the open source community and the national security mission. By joining forces with OpenSSF, we are
committing to a shared vision of advancing technology and making secure software readily available to everyone. We believe open source solutions are the key to supporting our mission, enabling us to safeguard our nation’s interests for a stronger and more secure future.”
– Andrew Greene, Co-Founder, Defense Unicorns

Ensignia

“Open source software today represents a global, public good that is vital to every economy. As such, Ensignia is proud to announce that we’ve joined the OpenSSF, to further their groundbreaking collective efforts to build a safer, more secure software for everyone. Ensignia looks forward to continuing our contributions across several OpenSSF projects, and we’re excited to formalize our partnership to address the rising tide of software supply chain security threats.”
– Sam Stewart, CEO and Co-Founder, Ensignia

Hedera

“We’re truly excited to be a part of the OpenSSF. As a fully open source, public, and lowest carbon impact Distributed Ledger Technology (DLT), with a growing ecosystem of contributors and enterprise consumers, it’s important that we embrace secure open source development and consumption best practices developed by the OpenSSF. Additionally, we look forward to bringing our deep expertise in DLT and blockchain to broaden OpenSSF’s capabilities and reach.”
– Andrew Aitken, Chief Open Source Officer, Hedera

StepSecurity

“StepSecurity provides a platform that secures CI/CD infrastructure and pipelines against security attacks. Our platform is trusted by over 2,700 open source projects that use GitHub Actions, including projects from the Cybersecurity and Infrastructure Security Agency (CISA), Microsoft, Google, OpenSSF, and many others. Additionally, several enterprises rely on our platform for securing their CI/CD infrastructure. StepSecurity has already collaborated with OpenSSF Scorecard and our automation has helped hundreds of open source maintainers to achieve higher scores. Our partnership with OpenSSF has been fantastic so far and formalizing it will allow us to empower even more open source maintainers to protect their projects against CI/CD attacks.”
– Varun Sharma, Co-Founder & CEO, StepSecurity

New Initiatives and Updates

Sigstore Graduation

We are pleased to welcome Sigstore as a graduated project within the OpenSSF. This is a major milestone that solidifies Sigstore’s role in enhancing software supply chain security. A suite of tools enabling secure software signing and verification, Sigstore addresses supply chain security concerns with transparency and integrity. Its recent graduation attests to the importance of code signing in software security.

Contributions Update

Google continues to support OpenSSF initiatives. As Bob Callaway, engineering manager at Google, notes: “Securing open source software is critical to maintaining a safe ecosystem for everyone. We’re glad to be supporting this work with cloud credits to Sigstore and OpenSSF projects, ensuring that they can scale to meet the needs of the OSS security landscape.”
Microsoft’s recent contributions provide an additional $3.2 million to the OpenSSF Alpha-Omega project, which aims to drive security improvements and foster a lasting security-minded culture within the most critical open source projects and ecosystems, as highlighted by the Alpha-Omega 2023 Annual Report and its 2024 OKRs.

Golden Egg Award Recipients

The OpenSSF continues to shine a light on those who go above and beyond in our community with the Golden Egg Awards. The Golden Egg symbolizes gratitude for awardees’ selfless dedication to securing open source projects through community engagement, engineering, innovation, and thoughtful leadership. The two initial recipients are:

Christopher “CRob” Robinson, OpenSSF TAC chair and director of security communications at Intel: CRob is honored with the Golden Egg award for their dedication, expertise, and leadership which have been pivotal in the success and growth of the community.

Andres Freund, partner software engineer at Microsoft and PostgreSQL contributor, developer and committer: Andres is recognized for their outstanding contribution in detecting the XZ vulnerability and promptly notifying the open source community, which averted a potentially disastrous breach in the open source software supply chain.

To learn more about the OpenSSF community, including information about membership, contribution, project participation, and more, please visit openssf.org. Additional updates on OpenSSF projects and milestones are available in the OpenSSF’s recent announcements. View the SOSS Community Day event schedule here.

About the OpenSSF
The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org.

About the Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, OpenSSF and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
  
Media Contact
Jennifer Tanner
Look Left Marketing
openssf@lookleftmarketing.com