NCC Group joins forces with industry leaders to improve security of open source software (OSS)
Open source software (OSS) has a critical role in powering some of the world’s largest organisations, as well as many facets of our daily lives. Examples of open source software are everywhere – from ubiquitous operating systems and web servers, to widely used cryptographic libraries, browsers, and communications platforms, as well as is a tremendous range of the technologies underpinning cloud-native computing and the global machine learning revolution.
Today, NCC Group is proud to announce that it is a founding member of a new foundation which will play a key role in improving security across the open source software ecosystem.
The Open Source Security Foundation (OpenSSF) is a new industry collaboration brought together by the Linux Foundation. NCC Group will work alongside a number of other founding members and industry experts, including Google, GitHub, IBM, JPMorgan Chase, Microsoft, and Red Hat.
The OpenSSF will bring together a range of security initiatives under one foundation, with the intention to build a diverse and robust community focused on delivering well-defined projects to measurably advance the security of open source software.
This news follows the announcement of our membership with the GitHub Security Lab’s Open Source Security Coalition in November 2019 – an initiative made up of security researchers, maintainers, and organisations in the industry with the goal of dedicating thousands of hours of security research, tool, and resource development to improve security across the open source ecosystem.
We will continue this work as a part of OpenSSF, and will continue in our 2019 commitment to dedicate at least 10% of our research to bolster the security of open source software.
Our work as a part of OpenSSF will build upon NCC Group’s long legacy of considerable open source security tool development, open access security research publication, and publicly-reported security audits of several important open-source tools projects.
Head of Research at NCC Group, Jennifer Fernick, commented: "The security and privacy of the internet is essential for the protection of individuals, organisations and critical infrastructure, and also to the future of democracy and our civil liberties.
"Given the fundamental role OSS plays in powering our world, creating scalable resources and tools to help software maintainers, developers, and users understand and improve their projects’ security is a significant step toward a safer and more secure world.
“Investment in improving the security of open source software is something that benefits all of us – from individuals around the world who rely upon secure, publicly-audited, open source communication technologies, to many of our clients across sectors who operate at massive scale upon infrastructure comprised in part of open source components.
"We’re proud to be one of the founding members of the OpenSSF, and to help raise the bar for OSS security. Together we can begin to remediate – or even prevent – security vulnerabilities at a scale not previously possible.”
If you’d like to learn more about the OpenSSF, please visit: https://openssf.org