NCC Group joins forces with industry leaders to improve security of open source software (OSS)
Open source software (OSS) has a critical role in powering some of the world’s largest organisations, as well as many facets of our daily lives. Examples of open source software are everywhere – from ubiquitous operating systems and web servers, to widely used cryptographic libraries, browsers, and communications platforms, as well as is a tremendous range of the technologies underpinning cloud-native computing and the global machine learning revolution.
Today, NCC Group is proud to announce that it is a founding member of a new foundation which will play a key role in improving security across the open source software ecosystem.
The Open Source Security Foundation (OpenSSF) is a new industry collaboration brought together by the Linux Foundation. NCC Group will work alongside a number of other founding members and industry experts, including Google, GitHub, IBM, JPMorgan Chase, Microsoft, and Red Hat.
The OpenSSF will bring together a range of security initiatives under one foundation, with the intention to build a diverse and robust community focused on delivering well-defined projects to measurably advance the security of open source software.
This news follows the announcement of our membership with the GitHub Security Lab’s Open Source Security Coalition in November 2019 – an initiative made up of security researchers, maintainers, and organisations in the industry with the goal of dedicating thousands of hours of security research, tool, and resource development to improve security across the open source ecosystem.
We will continue this work as a part of OpenSSF, and will continue in our 2019 commitment to dedicate at least 10% of our research to bolster the security of open source software.
Our work as a part of OpenSSF will build upon NCC Group’s long legacy of considerable open source security tool development, open access security research publication, and publicly-reported security audits of several important open-source tools projects.
Head of Research at NCC Group, Jennifer Fernick, commented: "The security and privacy of the internet is essential for the protection of individuals, organisations and critical infrastructure, and also to the future of democracy and our civil liberties.
"Given the fundamental role OSS plays in powering our world, creating scalable resources and tools to help software maintainers, developers, and users understand and improve their projects’ security is a significant step toward a safer and more secure world.
“Investment in improving the security of open source software is something that benefits all of us – from individuals around the world who rely upon secure, publicly-audited, open source communication technologies, to many of our clients across sectors who operate at massive scale upon infrastructure comprised in part of open source components.
"We’re proud to be one of the founding members of the OpenSSF, and to help raise the bar for OSS security. Together we can begin to remediate – or even prevent – security vulnerabilities at a scale not previously possible.”
If you’d like to learn more about the OpenSSF, please visit: https://openssf.org
About NCC Group
NCC Group exists to make the world safer and more secure.
As global experts in cyber security and risk mitigation, NCC Group is trusted by over 15,000 clients worldwide to protect their most critical assets from the ever-changing threat landscape.
With the company’s knowledge, experience and global footprint, it is best placed to help businesses identify, assess, mitigate and respond to the evolving cyber risks they face.
To support its mission, NCC Group continually invests in research and innovation, and is passionate about developing the next generation of cyber scientists.
With over 1,800 colleagues in 12 countries, NCC Group has a significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore.