Software security

Linux Foundation Publishes Industry-Backed Plan to Secure Open-Source Software

The Linux Foundation and the Open Source Software Security Foundation have provided the government with a plan to improve the security of open-source software.

According to a summary provided in a press release, the plan calls for about $150 million in funding over two years to advance solutions in 10 problem areas.

According to the full mobilization plan, the areas are divided into three categories: securing open-source software production, improving vulnerability discovery and remediation, and shortening ecosystem patching response time.

Amazon, Ericsson, Google, Intel, Microsoft and Intel have collectively pledged $30 million toward implementing the plan, the Linux Foundation said.

Jim Zemlin, executive director of the Linux Foundation, said that open-source software is a key component of national security and underlies billions of dollars in software investments.

He noted that the foundation released the plan on the one-year anniversary of President Joe Biden’s May 2021 executive order on strengthening federal cybersecurity.

Anne Neuberger, a cyber and technology adviser at the White House and a two-time Wash100 winner, said that one of the executive order’s objectives is to guarantee the security of government and critical infrastructure software.

On May 12, the Linux Foundation and OpenSSF also held the Open Source Software Security Summit II, a follow-up to the first summit on Jan. 13.

The summit convened more than 90 executives from 37 companies as well as government leaders from the Office of the National Cyber Director, the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, the Department of Energy and the Office of Management and Budget.