2 min Devops

The Open Source Security Foundation gains support from Huawei, Spotify, and 23 new organizations

The Open Source Security Foundation gains support from Huawei, Spotify, and 23 new organizations

Multinational giants such as Huawei, Spotify, Alibaba, and more have joined Linux Foundation’s pan-industry effort “Open Source Security Foundation (OpenSSF).”

The “Open Source Security Foundation (OpenSSF)” – a pan-industry endeavor by the Linux Foundation –  has acquired more than 20 new ‘globally renowned’ organizations, including Huawei, Spotify, NCC Group, Alibaba, Citi, etc. to improve the software program’s supply chain.

About OpenSSF’s expansion

The expansion of OpenSSF emerged after the White House hosted an “open source security summit” that united members from both private and public spheres to debate how to tackle the loopholes in the supply chain.

The meetup – convened after the serious Log4j vulnerabilities – had an immediate impact: Microsoft and Google pledged $5M each to OpenSSF’s “Alpha-Omega Project,” working to enhance security.      

This followed after OpenSSF secured about $10M in yearly commitments from the current members, including Facebook (now Meta), Amazon, Microsoft, Google, Oracle, Red Hat, and Ericson.  

The most significant development about the existing OpenSSF expansion is the industrial and geographical reach, with companies spanning more “conventional” sectors like banking, etc., and locations varying from Europe, North America to Asia.

In other words, open-source software program security affects all and sundry.

 “The time is clearly now for this community to make real progress on software security,” Behlendorf noted in a statement. “Since open source is the foundation on which all software is built, the work we do at OpenSSF with contributions from companies and individuals from around the world is fundamental to that progress.”

Nevertheless, here’s a list of all the members who joined OpenSSF recently:

  • Huawei
  • Coinbase
  • Citi
  • 1Password
  • JFrog
  • Wipro
  • Block
  • Alibaba Cloud
  • Accuknox
  • Chainguard
  • Catena Cyber
  • Blockchain Technology Partners
  • NCC Group
  • Spotify
  • DeployHub
  • Gravitational
  • MongoDB
  • ReversingLabs
  • Wingtecher Technology, and more