The Linux Foundation's "security mobilization plan"

The Linux Foundation has posted an "Open SourceSoftware Security Mobilization Plan" that aims to address a number ofperceived security problems with the expenditure of nearly$140 million over two years.

While there are considerable ongoing efforts to secure the OSSsupply chain, to achieve acceptable levels of resilience and risk,a more comprehensive series of investments to shift security from alargely reactive exercise to a proactive approach is required. Ourobjective is to evolve the systems and processes used to ensure ahigher degree of security assurance and trust in the OSS supplychain.

This paper suggests a comprehensive portfolio of 10 initiativeswhich can start immediately to address three fundamental goals forhardening the software supply chain. Vulnerabilities and weaknessesin widely deployed software present systemic threats to thesecurity and stability of modern society as government services,infrastructure providers, nonprofits and the vast majority ofprivate businesses rely on software in order to function.