2 min

Tech giants Google and Microsoft extend their support for the Open Source Security Foundation’s new Project. OpenSSF’s new initiative aims to discover and resolve all vulnerabilities in open-source software programs.

The Open Source Security Foundation, an industry group harnessing the support of the largest tech firms around the globe, has promulgated a new objective for finding and resolving vulnerabilities in open-source software programs.

This effort is titled the Alpha-Omega Project. The initiative was launched after a meeting hosted at the White House, featuring officials and representatives from the top tech firms, federal agencies, and non-profits. The primary objective of the meeting was to start a discussion on open-source security.

What is the Open Source Security Foundation?

The Open Source Security Foundation came into being in 2020. The foundation gained support from tech giants, including Google LLC, Microsoft Corp., and Intel Corp. OpenSSF has just revealed its plans for the Alpha-Omega Project, which received its first dose of financing of $5 million from Microsoft and Google. Google and Microsoft are also promising team participation for the Project as well.

The Alpha-Omega Project plans to make a difference

Thousands of global organizations leverage open-source tools for routine business operations. Vulnerabilities in such programs allow hackers to execute vast cyber-attacks by targeting numerous organizations. 

The Alpha-Omega project extends openness and transparency while optimizing security in open-source projects. The Project takes a proactive approach to discovering, resolving, and preventing any vulnerability that leads to a cyberattack.

The Project has two main objectives- Alpha and Omega. The combined effort of both plans is to enhance the cybersecurity of all open-source software programs in distinct ways.

The Alpha initiative resolves vulnerabilities in the most critical open-source projects via software auditing and fixes roll-out for vulnerable codes. Alpha teams plan to assist open-source project maintainers by certifying project compliance to the best cybersecurity practices. The Alpha initiative’s framework includes encryption techniques and other approaches developers can leverage to cut down the likelihood of adding vulnerable code in their programs.

Conversely, the Omega initiative directs attention to the complete software ecosystem. With Omega, OpenSSF will execute automated cybersecurity tests across more than 10,000 open-source projects to detect vulnerabilities. The Project will also dispense engineers to optimize software workflows used for running cybersecurity tests routinely.