Open Source Community Sets Out Path to Secure Software

by
janrinok
from SoylentNews on (#5ZA8K)

upstart writes:

Open source community sets out path to secure software:

The open source community has presented a 10-point plan to improve the security and resilience of its software, bringing together more than 90 executives from 37 organisations, alongside US government officials, at a summit in Washington DC.

[...] OpenSSF executive director Brian Behlendorf added: "What we are doing here together is converging a set of ideas and principles of what is broken out there and what we can do to fix it. The plan we have put together represents the 10 flags in the ground as the base for getting started. We are eager to get further input and commitments that move us from plan to action."

The 10-point plan, which can be read in full on OpenSSF's website, is as follows:

  1. To deliver baseline secure software development education and certification;
  2. To establish a public, supplier-neutral, objective-metrics-based risk assessment dashboard for 10,000 widely used open source software (OSS) components;
  3. To accelerate the adoption of digital signatures on OSS releases;
  4. To eliminate the root causes of many vulnerabilities by replacing non-memory-safe languages;
  5. To establish an OpenSSF-backed incident response team to help open source projects respond to vulnerability disclosures;
  6. To improve the ability of maintainers and experts to discover new vulnerabilities in open source projects;
  7. To establish a programme of third-party code audits and remediation for up to 200 of the most-critical OSS components;
  8. To coordinate industry-wide data sharing to improve how the community goes about determining what the most-critical OSS components actually are;
  9. To improve the adoption of software bill of materials (SBOM) tooling and training;
  10. And finally, to enhance the 10 most-critical OSS build systems, package managers and distribution systems with improved supply chain security tools and practices.

Commenting on the plan, Mike Hanley, chief security officer (CSO) at GitHub, said: "Securing the open source ecosystem starts with empowering developers and open source maintainers with tools and best practices that are instrumental to securing the software supply chain.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments