OpenSSF Announces New Members, Guiding Computer software Safety Concepts at OpenSSF Working day Japan

Growing Member Base and New Initiatives Proceed to Progress Open up Supply Application Safety

TOKYO, Dec. 3, 2023 /PRNewswire/ — The Open Source Protection Foundation (OpenSSF), a cross-sector initiative of the Linux Basis that focuses on sustainably securing open up supply software program (OSS), introduced new members from leading technological innovation corporations and a new set of Safe Program Enhancement Guiding Concepts at OpenSSF Working day Japan.

Open up Source Stability Foundation (OpenSSF) (PRNewsfoto/OpenSSF)

New OpenSSF basic members consist of Patchstack, SparkFabrik, and TestifySec. New OpenSSF associate member, ISC2, also joins. OpenSSF ends the 12 months with 120 users as technological communities carry on to emphasize the great importance of investing in open-supply safety. They accept the crucial position of supporting and sustaining open resource communities to uphold a robust, energetic, and safe open supply ecosystem.

“We are delighted that our new associates are becoming a member of the OpenSSF,” reported Omkhar Arasaratnam, Basic Supervisor of the OpenSSF. “Securing open up source computer software is a formidable job, and we search forward to their partnership.”

Currently, the OpenSSF hosts OpenSSF Day Japan at Open up Source Summit Japan in Tokyo. OpenSSF Working day is an interesting possibility for maintainers, contributors and other folks in cybersecurity to find out additional about ongoing endeavours to secure the open up source computer software ecosystem. Highlights on the timetable include things like classes with additional than 20 experts on developments of exploited OSS vulnerabilities, malicious packages repo, SBOM policy for Japan’s sector sector, world-wide collaboration in open supply security, and extra. A panel will investigate navigating open up source, open up criteria, and governing administration directives for far better cybersecurity.

At the get started of OpenSSF Working day Japan, OpenSSF introduced the Protected Computer software Progress Guiding Principles that describe a sequence of foundational procedures to assistance give improved assurance and safety for corporations leveraging them. Producers and suppliers of software program can pledge to align with this established of main procedures and comply with them all through their advancement lifecycles.

The OpenSSF also launched two new guides that have also been translated into Japanese. Just one is a new guideline for open supply initiatives that are interested in issuing and running their individual CVE IDs by the CVE Numbering Authority (CNA) application. The other is a Compiler Selections Hardening Guideline for C and C++ created to assistance developers make informed decisions pertaining to compiler possibilities to harden their program in opposition to memory-safety issues and other software package problems.

Before this 7 days, LF Electrical power and OpenSSF jointly printed a new whitepaper on how open resource software is crucial to the innovation and transformation of our strength infrastructure. Opposite to widespread misconceptions, OSS gives not just affordability and adaptability but also a strong defend in opposition to cyber threats.

The Alpha-Omega Undertaking recently announced grants to help Homebrew reach SLSA Establish Level 2 and ongoing aid of the Rust Foundation safety initiative in 2024. Alpha-Omega is also pleased to see sustained effects from before grants: the OpenJS Basis declared the results of an conclude-user audit based on an IDC study that displays a few-quarters of a billion web-sites are functioning out of date program and the Eclipse Basis completed an audit of the Mosquitto challenge.

These most recent bulletins establish on collaborative endeavours by now underway at OpenSSF, most lately together with a response to the US Federal Government Request for Details (RFI) on Open Supply Application Security and aid for the Defense Sophisticated Study Tasks Agency (DARPA) on the AI Cyber Challenge (AIxCC) – a two-calendar year opposition aimed at driving innovation at the nexus of AI and cybersecurity to generate a new era of cybersecurity tools.

Extra updates on OpenSSF tasks and milestones can be identified right here.

Basic Member Estimates


Our aim has usually been to make the open up source stability more obtainable to compact and midsize enterprises (SMEs). As a business, we’ve been a agency believer in the local community & collaboration, which resonated with us straight away as we were being invited to be part of the OpenSSF family members. Patchstack runs an active open up source bug looking community (Patchstack Alliance) exactly where ethical hackers are rewarded for reporting new protection vulnerabilities found in open up-supply software program. We are the world-wide chief of open supply vulnerability intelligence, position #1 as a CNA in 2023 for the optimum range of CVEs processed. Patchstack provides vPatches to its SaaS customers which will allow them to automobile-mitigate production purposes from all of the newest vulnerabilities to immediately reduce exposure. We are identified to address the full lifecycle of open source vulnerabilities. We see the OpenSSF membership as a sensible next step to give back to the local community, share our know-how, facts, and additional educate the SME market about open supply & provide chain safety.

–       Oliver Sild, Co-Founder & CEO, Patchstack


As an organisation primarily based on Open up Source values and previously a dynamic member of CNCF and LFE, SparkFabrik is excited to sign up for OpenSSF. Our abilities focuses on Cloud Indigenous programs and is centered on Open up Source program. We are committed to the dissemination, promotion and defense (we actively support the Linux Foundation Europe’s #FixTheCRA campaign) of Open Supply, which we see as a driver for transformation. We have extensive concentrated on the worth of Software package Offer Chain Stability, for unique organisations and for the common material that people today generate. Signing up for OpenSSF, we are committed to supporting the progress of very best practices in this crucial local community, to disseminate and create frameworks that underpin the methods we want to provide.

–       Paolo Mainardi, CTO and co-founder, SparkFabrik


TestifySec is dedicated to the perception that absolutely everyone deserves secure computer software. OpenSSF correctly embodies this price. Open supply software should not only be safe but also benefit from open up and shared methods and resources. Getting actively contributed to ongoing Technological Initiatives, we are thrilled to formally come to be a member of OpenSSF. We seem ahead to continuing our journey with OpenSSF, contributing to a much more protected application landscape for all.

–       John Kjell, Director of Open Supply, TestifySec

Associate Member Quotation


Safe open up resource code is important, as it is the bedrock of so considerably innovation all around the globe. By signing up for the OpenSSF, ISC2 is committed to ensuring developers have obtain to the instruction and schooling they will need to produce more protected and resilient methods.

–       Clar Rosso, CEO, ISC2

Supplemental Methods

  • See the finish checklist of OpenSSF users

  • Add attempts to one or more of the energetic OpenSSF doing the job teams and jobs

  • Sign up for OpenSSF Day Japan on December 4th

About the OpenSSF
The Open up Supply Safety Foundation (OpenSSF) is a cross-sector initiative by the Linux Basis that brings jointly the industry’s most important open resource stability initiatives and the people today and firms that help them. The OpenSSF is dedicated to collaboration and functioning both equally upstream and with present communities to advance open up source protection for all. For more information, please stop by us at

About the Linux Foundation
The Linux Foundation is the world’s main residence for collaboration on open resource software package, hardware, standards, and knowledge. Linux Basis projects are critical to the world’s infrastructure like Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and far more. The Linux Foundation focuses on leveraging very best techniques and addressing the wants of contributors, consumers, and alternative suppliers to make sustainable models for open collaboration. For additional information and facts, make sure you go to us at

Media Speak to
Jennifer Bly, OpenSSF
[email protected]



See authentic articles to obtain multimedia:

Source OpenSSF