Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Microsoft Defender
Microsoft Joins Open Source Security Foundation
Message
<blockquote data-quote="Bot" data-source="post: 897517" data-attributes="member: 52014"><p>Microsoft has invested in the security of open-source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings together work from the Linux Foundation-initiated Core Infrastructure Initiative (CII), the GitHub-initiated Open Source Security Coalition (OSSC), and other open-source security efforts to improve the security of open-source software by building a broader community, targeted initiatives, and best practices. Microsoft is proud to be a founding member alongside GitHub, Google, IBM, JPMC, NCC Group, OWASP Foundation, and Red Hat.</p><p></p><p>Open-source software is core to nearly every company’s technology strategy and securing it is an essential part of securing the supply chain for all, including our own. With the ubiquity of open source software, attackers are currently exploiting vulnerabilities across a wide range of critical services and infrastructure, including utilities, medical equipment, transportation, government systems, traditional software, cloud services, hardware, and IoT.</p><p></p><p>Open-source software is inherently community-driven and as such, there is no central authority responsible for quality and maintenance. Because source code can be copied and cloned, versioning and dependencies are particularly complex. Open-source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming maintainers of projects and introducing malware. Given the complexity and communal nature of open source software, building better security must also be a community-driven process.</p><p></p><p>Microsoft has been involved in several open-source security initiatives over the years and we are looking forward to bringing these together under the umbrella of the OpenSSF. For example, we have been actively working with OSSC in four primary areas:</p><p></p><p><span style="font-size: 15px"><strong>Identifying Security Threats to Open Source Projects</strong></span></p><p></p><p></p><p>Helping developers to better understand the <a href="https://github.com/ossf/wg-identifying-security-threats/blob/main/publications/threats-risks-mitigations/v1.1/Threats%2C%20Risks%2C%20and%20Mitigations%20in%20the%20Open%20Source%20Ecosystem%20-%20v1.1.pdf" target="_blank">security threats</a> that exist in the open-source software ecosystem and how those threats impact specific open source projects.</p><p></p><p><span style="font-size: 15px"><strong>Security Tooling</strong></span></p><p></p><p></p><p>Providing the best security tools for open source developers, making them universally accessible and creating a space where members can collaborate to improve upon existing security tooling and develop new ones to suit the needs of the broader open source community.</p><p></p><p><span style="font-size: 15px"><strong>Security Best Practices</strong></span></p><p></p><p></p><p>Providing open-source developers with best practice recommendations, and with an easy way to learn and apply them. Additionally, we have been focused on ensuring best practices to be widely distributed to open source developers and will leverage an effective learning platform to do so.</p><p></p><p><span style="font-size: 15px"><strong>Vulnerability Disclosure</strong></span></p><p></p><p></p><p>Creating an open-source software ecosystem where the time to fix a vulnerability and deploy that fix across the ecosystem is measured in minutes, not months.</p><p></p><p>We are looking forward to participating in future OpenSSF efforts including securing critical open source projects (assurance, response), developer identity, and bounty programs for open-source security bugs.</p><p></p><p>We are excited and honored to be advancing the work with the OSSC into the OpenSSF and we look forward to the many improvements that will be developed as a part of this foundation with the open-source community.</p><p></p><p>To learn more and to participate, please join us at: <a href="https://openssf.org" target="_blank">Open Source Security Foundation (OpenSSF)</a> and on GitHub at <a href="https://github.com/ossf" target="_blank">Open Source Security Foundation (OpenSSF)</a>.</p><p></p><p>To learn more about Microsoft Security solutions visit our <a href="https://www.microsoft.com/en-us/security/business/solutions" target="_blank">website.</a> Bookmark the <a href="https://www.microsoft.com/security/blog/" target="_blank">Security blog</a> to keep up with our expert coverage on security matters. Also, follow us at <a href="https://twitter.com/@MSFTSecurity" target="_blank">@MSFTSecurity</a> for the latest news and updates on cybersecurity.</p><p></p><p>The post <a href="https://www.microsoft.com/security/blog/2020/08/03/microsoft-open-source-security-foundation-founding-member-securing-open-source-software/" target="_blank">Microsoft Joins Open Source Security Foundation</a> appeared first on <a href="https://www.microsoft.com/security/blog/" target="_blank">Microsoft Security.</a></p><p><a href="https://www.microsoft.com/security/blog/" target="_blank"></a></p></blockquote><p></p>
[QUOTE="Bot, post: 897517, member: 52014"] Microsoft has invested in the security of open-source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation (OpenSSF), a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings together work from the Linux Foundation-initiated Core Infrastructure Initiative (CII), the GitHub-initiated Open Source Security Coalition (OSSC), and other open-source security efforts to improve the security of open-source software by building a broader community, targeted initiatives, and best practices. Microsoft is proud to be a founding member alongside GitHub, Google, IBM, JPMC, NCC Group, OWASP Foundation, and Red Hat. Open-source software is core to nearly every company’s technology strategy and securing it is an essential part of securing the supply chain for all, including our own. With the ubiquity of open source software, attackers are currently exploiting vulnerabilities across a wide range of critical services and infrastructure, including utilities, medical equipment, transportation, government systems, traditional software, cloud services, hardware, and IoT. Open-source software is inherently community-driven and as such, there is no central authority responsible for quality and maintenance. Because source code can be copied and cloned, versioning and dependencies are particularly complex. Open-source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming maintainers of projects and introducing malware. Given the complexity and communal nature of open source software, building better security must also be a community-driven process. Microsoft has been involved in several open-source security initiatives over the years and we are looking forward to bringing these together under the umbrella of the OpenSSF. For example, we have been actively working with OSSC in four primary areas: [SIZE=4][B]Identifying Security Threats to Open Source Projects[/B][/SIZE] Helping developers to better understand the [URL='https://github.com/ossf/wg-identifying-security-threats/blob/main/publications/threats-risks-mitigations/v1.1/Threats%2C%20Risks%2C%20and%20Mitigations%20in%20the%20Open%20Source%20Ecosystem%20-%20v1.1.pdf']security threats[/URL] that exist in the open-source software ecosystem and how those threats impact specific open source projects. [SIZE=4][B]Security Tooling[/B][/SIZE] Providing the best security tools for open source developers, making them universally accessible and creating a space where members can collaborate to improve upon existing security tooling and develop new ones to suit the needs of the broader open source community. [SIZE=4][B]Security Best Practices[/B][/SIZE] Providing open-source developers with best practice recommendations, and with an easy way to learn and apply them. Additionally, we have been focused on ensuring best practices to be widely distributed to open source developers and will leverage an effective learning platform to do so. [SIZE=4][B]Vulnerability Disclosure[/B][/SIZE] Creating an open-source software ecosystem where the time to fix a vulnerability and deploy that fix across the ecosystem is measured in minutes, not months. We are looking forward to participating in future OpenSSF efforts including securing critical open source projects (assurance, response), developer identity, and bounty programs for open-source security bugs. We are excited and honored to be advancing the work with the OSSC into the OpenSSF and we look forward to the many improvements that will be developed as a part of this foundation with the open-source community. To learn more and to participate, please join us at: [URL="https://openssf.org"]Open Source Security Foundation (OpenSSF)[/URL] and on GitHub at [URL="https://github.com/ossf"]Open Source Security Foundation (OpenSSF)[/URL]. To learn more about Microsoft Security solutions visit our [URL='https://www.microsoft.com/en-us/security/business/solutions']website.[/URL] Bookmark the [URL='https://www.microsoft.com/security/blog/']Security blog[/URL] to keep up with our expert coverage on security matters. Also, follow us at [URL='https://twitter.com/@MSFTSecurity']@MSFTSecurity[/URL] for the latest news and updates on cybersecurity. The post [URL='https://www.microsoft.com/security/blog/2020/08/03/microsoft-open-source-security-foundation-founding-member-securing-open-source-software/']Microsoft Joins Open Source Security Foundation[/URL] appeared first on [URL='https://www.microsoft.com/security/blog/']Microsoft Security. [/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
