Join today’s leading executives online at the Data Summit on March 9th. Register here.
Let the OSS Enterprise newsletter guide your open source journey! Sign up here.
The Open Source Security Foundation (OpenSSF), a pan-industry effort launched by the Linux Foundation 18 months ago, has gained 23 new member organizations as pressure mounts to bolster the software supply chain.
New members include Huawei, Citi, Coinbase, Wipro, Alibaba, Block (formerly Square), MongoDB, Spotify, and NCC Group.
The expansion comes following the White House-hosted open source security summit, which brought together members from across the public and private spheres to discuss how best to address weaknesses in the software supply chain. The meetup, which was arranged after the critical Log4j vulnerability came to light, seemed to have an immediate effect — Google and Microsoft pledged $5 million each to the new OpenSSF-backed Alpha-Omega Project, which is striving to work with open source project maintainers to improve security.
This followed shortly after the OpenSSF secured $10 million in annual commitments from its existing members, which include Amazon, Meta (Facebook), Google, Microsoft, Ericsson, Red Hat, and Oracle. Open source pioneer Brian Behlendorf also recently transitioned into a full-time general manager role at the OpenSSF.
What’s perhaps most notable about the latest membership expansion at OpenSSF is both the geographical and industrial reach, with organizations spanning more “traditional” sectors such as banking, and locations ranging from North America and Europe to Asia. This makes sense — every company is now effectively a software company, and the vast majority of software today contains at least some open source components.
Put simply, open source software security affects everyone.
“The time is clearly now for this community to make real progress on software security,” Behlendorf noted in a statement. “Since open source is the foundation on which all software is built, the work we do at OpenSSF with contributions from companies and individuals from around the world is fundamental to that progress.”
The full list of new members are as follows: 1Password, Citi, Coinbase, Huawei, JFrog, and Wipro (all premier members); Accuknox, Alibaba Cloud, Block, Blockchain Technology Partners, Catena Cyber, Chainguard, DeployHub, Gravitational, MongoDB, NCC Group, ReversingLabs, Spotify, and Wingtecher Technology (all general members); and Institute of Software, Chinese Academy of Science (ISCAS), MITRE, and OpenUK (all associate members).