Security is becoming an increasingly key piece of the open source puzzle amid industry-wide pushes to shift left and integrate security during early stages of application development. The Linux Foundation’s Open Source Security Foundation (OpenSSF), which encompasses Google’s Supply chain Levels for Software Artifacts (SLSA), is one example of how the open source community is working to improve software security through an ecosystem approach, vying for proactive handling of security by default.
OpenSSF brings together players like Cisco, GitHub, Google, VMware, and others to develop better security tools and practices for open source application development without bias toward a specific ecosystem or vendor.
“It’s been very much a volunteer-driven effort involving all sorts of companies and individual software experts,” OpenSSF GM Brian Behlendorf said during a KubeCon press conference.