The Linux Foundation Japan OpenSSF announces new member companies and software security guidelines – OpenSSF Day Japan

https://openssf.org/), the Linux Foundation’s cross-industry initiative dedicated to ensuring the sustainable security of open source software (OSS), today announced the OpenSSF Day Japan ( https://events.linuxfoundation.org/openssf-day-japan/ ) announces new members from leading technology companies and a new set of “Secure Software Development Guiding Principles” Did.
OpenSSF’s new general members include PatchStack, SparkFabrik, and TestifySec, and new associate members include ISC2. The technical community continues to emphasize the importance of investing in open source security, and OpenSSF ended the year with 120 member companies. Community members recognize the important role they play in supporting and sustaining the open source community in order to maintain a robust, active, and secure open source ecosystem.
Omkhar Arasaratnam, General Manager of OpenSSF, said:
“We are excited to welcome new members to OpenSSF. Securing open source software is a tough job, and we look forward to working with our members.”
Today, OpenSSF is hosting OpenSSF Day Japan (
https://events.linuxfoundation.org/openssf-day-japan/ ) at Open Source Summit Japan in Tokyo. OpenSSF Day is a great opportunity for maintainers, contributors, and others involved in cybersecurity to learn more about the efforts currently being made to protect the open source software ecosystem. Highlights of the schedule (
https://events.linuxfoundation.org/openssf-day-japan/program/schedule/ ) include trends in exploited OSS vulnerabilities, repositories of malicious packages, and information for the Japanese industrial sector. Includes sessions from more than 20 experts on SBOM policies, global collaboration in open source security, and more. A panel discussion will discuss open source, open standards, and government mandates for better cybersecurity.
To mark the beginning of OpenSSF Day Japan, we will introduce the Secure Software Development Guiding Principles
(https://www.linuxfoundation.jp/blog/2023/12/openssf-releases-top-10-secure-software-development-guiding- principles/ ) has been released. These 10 principles describe a set of basic practices that provide greater assurance and security for organizations that leverage them. It provides a set of core practices that software producers and suppliers are committed to complying with and following throughout the development lifecycle.
OpenSSF also announced the addition of two new guides to the OpenSSF Guides (https://www.linuxfoundation.jp/resources/openssf-guides-jp/), which have also been translated into Japanese. . One is the CVE Numbering Authority (CNA) program (
https://openssf.org/blog/2023/11/27/openssf-introduces-guide-to-becoming-a-cve-numbering-authority-as-an- A new guide for open source projects interested in issuing and managing their own CVE IDs through open-source-project/ ). The other is “Compiler Options Hardening Guide for C and C (strengthening the fort-openssf-releases-compiler- options-hardening-guide-for-c-and-c/) provides information about compiler options that developers can use to harden their software against memory safety issues and other software flaws. Designed to help you make the right choices. (* Some CNA program guides are not available in translated versions at this time.) Last week, LF Energy and OpenSSF released a new white paper on how open source software is critical to energy infrastructure innovation and transformation (
https://openssf.org/resources/whitepaper-cybersecurity-in-energy-infrastructure/ ) was announced. Contrary to common misconceptions, OSS offers not only affordability and adaptability, but also a robust shield against cyber threats.
The Alpha-Omega project ( https://alpha-omega.dev/ ) recently provided a grant to help Homebrew reach SLSA build level 2 and will continue to support the Rust Foundation’s security initiatives in 2024. We announced that. Alpha-Omega is also pleased with the lasting impact of previous grants. OpenJS Foundation announces results of end user audit based on IDC research
(https://openjsf.org/announcement/2023/11/01/openjs-foundation-warns-consumer-privacy-and-security-at- risk-in-three-quarters-of-a-billion-websites/ ), which showed that three-quarters of a billion websites are running outdated software. Additionally, the Eclipse Foundation has completed its audit of the Mosquitto project (
https://blogs.eclipse.org/post/mikaël-barbero/eclipse-mosquitto-security-audit-has-been-completed ).
These latest announcements build on the collaborative efforts already taking place at OpenSSF, including in response to the U.S. federal government’s Request for Information (RFI) on Open Source Software Security ( https://openssf.org
/blog/2023/11/08/openssf-responds-to-us-federal-government-rfi-on-open-source-software-security/ ), AI Cyber ​​Challenge (AIxCC: Innovate by connecting AI and cybersecurity) A two-year competition aimed at promoting and creating the next generation of cybersecurity tools
https://openssf.org/press-release/2023/08/09/openssf-to-support-darpa-on- new-ai-cyber-challenge-aixcc/ ) to the Defense Advanced Research Projects Agency (DARPA).
For more updates on OpenSSF projects and milestones, please visit: https://openssf.org/news/
General member’s voice (from the original text)
Patch stack
Our goal has always been to make the open source security more accessible to small and midsize enterprises (SMEs). As a company, we’ve been a firm believer in the community & collaboration, which resonated with us immediately as we were invited to join the OpenSSF family. Patchstack runs an active open source bug hunting community (Patchstack Alliance) where ethical hackers are rewarded for reporting new security vulnerabilities found in open-source software. We are the global leader of open source vulnerability intelligence, ranking #1 as a CNA in 2023 for the highest number of CVEs processed. Patchstack offers vPatches to its SaaS customers which allows them to
auto-mitigate production applications from all of the latest vulnerabilities to immediately reduce exposure. We are determined to cover the entire lifecycle of open source vulnerabilities We see the OpenSSF membership as a logical next step to give back to the community, share our knowledge, data, and further educate the SME market about open source & supply chain security.
Oliver Schild, Co-Founder & CEO, Patchstack
SparkFabrik
As an organization based on Open Source values ​​and already a dynamic member of CNCF and LFE, SparkFabrik is excited to join OpenSSF. Our expertise focuses on Cloud Native applications and is based on Open Source software. We are committed to the dissemination, promotion and protection (we actively support the Linux Foundation Europe’s #FixTheCRA campaign) of Open Source, which we see as a driver for transformation. We have long focused on the importance of Software Supply Chain Security, for individual organizations and for the common fabric that individuals create. Joining OpenSSF, we are committed to supporting the development of best practices within this key community, to disseminate and produce frameworks that underpin the solutions we want to offer.
Paolo Mainardi, CTO and co-founder, SparkFabrik
TestifySec
TestifySec is dedicated to the belief that everyone deserves secure software. OpenSSF perfectly embodies this value. Open source software should not only be secure but also utilize open and shared methods and tools. Having actively contributed to ongoing Technical Initiatives, we are thrilled to officially become a member of OpenSSF. We look forward to continuing our journey with OpenSSF, contributing to a more secure software landscape for all.
John Kjell, Director of Open Source, TestifySec
Voices from associate members (from the original text)
ISC2
Secure open source code is critical, as it is the bedrock of so much innovation around the globe. By joining the OpenSSF, ISC2 is dedicated to ensuring developers have access to the education and training they need to deliver more secure and resilient solutions.
Clar Rosso, CEO, ISC2
Reference materials
OpenSSF member list https://openssf.org/about/members/
Contribute to active OpenSSF working groups/projects
https://openssf.org/community/openssf-working-groups/
Register for OpenSSF Day Japan (December 4th in Japan)
https://events.linuxfoundation.org/openssf-day-japan/register/ About OpenSSF
The Open Source Security Foundation (OpenSSF) is a cross-industry organization hosted by the Linux Foundation. We connect the industry’s most important open source security efforts with the individuals and businesses that support them. OpenSSF fosters collaboration and works with both upstream and existing communities to advance open source security for everyone. Visit openssf.org for more information. About Linux Foundation
The Linux Foundation is the world’s leading hub for collaboration on open source software, open hardware, open standards, and open data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, and OpenChain. The Linux Foundation is focused on leveraging best practices, addressing the needs of contributors, users, and solution providers, and building a sustainable model of open collaboration. Visit linuxfoundation.org for more information.