Open Source Community Hands White House 10-Point Security Plan

Open source leaders met in Washington yesterday to share their plans for enhancing the security of the software supply chain.

The event was held a year after President Biden’s executive order on cybersecurity and several months after the first Open Source Software Security Summit in the capital.

The Linux Foundation and the Open Source Software Security Foundation (OpenSSF) brought together over 90 executives from 37 companies and government leaders representing the National Security Council (NSC) Cybersecurity and Infrastructure Security Agency (CISA), NIST and others.

The plan they agreed on will see $150m in funding over the next two years directed to 10 streams designed to improve resilience and security of open-source software. Companies including Amazon, Google, Intel, Ericsson, Microsoft and VMware have already pledged over $30m.

The three headline goals of the plan are to secure the production of open source code, improve vulnerability detection and remediation and shorten patching response times.

The community plans to achieve this by:

“What we are doing here together is converging a set of ideas and principles of what is broken out there and what we can do to fix it,” argued Brian Behlendorf, executive director of the Open Source Security Foundation (OpenSSF).

“The plan we have put together represents the 10 flags in the ground as the base for getting started. We are eager to get further input and commitments that move us from plan to action.”

Exit mobile version