To learn more about how you can join your industry peers in supporting OpenSSF, please fill out this form to be contacted by an OpenSSF representative. The success of OpenSSF is due to the contributions and support of the developer community and member companies. This announcement follows a similar recent investment in the OpenJS Foundation, and is just the start of more to come. We’re incredibly excited about these investments in this critical open-source ecosystem. To complement existing programs that reward vulnerability management, SOS’s scope is comparatively wider in the type of work it rewards, in order to support project developers.Įstablished in 2021, SOS.dev’s mission has aligned so well with that of Alpha-Omega, we’re happy to be able to provide additional process improvements and oversight to accelerate rewards through the program.Ĭritical Open-Source Ecosystem Investments SOS rewards a broad range of improvements that proactively harden critical open source projects and support infrastructure against application and supply chain attacks. The Secure Open Source Rewards pilot program financially rewards developers for enhancing the security of critical open source projects on which we all depend. SOS.dev Moves Under Project Alpha-Omega Umbrella This includes automating the generation of static source-based SBOMs for all Eclipse Foundation project repositories, implementing a SLSA-based project badging program for Eclipse Foundation projects, and initiating security audits for high-profile Eclipse Foundation projects. OpenSSF’s Alpha-Omega Project has committed $400K to the Eclipse Foundation to fund additional staff and resources to roll out many of the ideas in the Open Source Software Supply Chain Best Practices document. The Foundation is home to the Eclipse IDE, Jakarta EE, and over 350 open source projects, including runtimes, tools, and frameworks for a wide range of technology domains such as the Internet of Things, automotive, geospatial, systems engineering, and many others. The Eclipse Foundation provides its global community of individuals and organizations with a mature, scalable, and business-friendly environment for open source software collaboration and innovation. Globally and in all sectors of the economy, building on top of open source software is the dominant approach to delivering successful software systems today. Free software also enables business models to scale in ways that proprietary software would never allow. ![]() The ability to freely combine software components, frameworks, and platforms frees developers from constantly reinventing the wheel and allows them to focus on the new innovations that users want. Open source software is the single most important engine for innovation today. The new role will be responsible for identifying and addressing security issues across PSF projects such as CPython and PyPI, and applying full-time knowledge and expertise along with volunteers to implement key improvements in a timely manner. This investment will enable the PSF to formalize existing security practices and to make more proactive security improvements. OpenSSF’s Alpha-Omega Project has committed to $400K to the Python Software Foundation (PSF), in order to create a new role which will provide security expertise for Python, the Python Package Index (PyPI), and the rest of the Python ecosystem, as well as funding a security audit. In addition to maintaining Python the language, the PSF owns and operates the Python Package Index (PyPI), which is critical open-source infrastructure, and produces P圜on US, the longest-running Python conference. The Python Software Foundation (PSF) is a non-profit whose mission is to promote, protect, and advance the Python programming language, and to support and facilitate the growth of a diverse and international community of Python programmers. As such, security improvements for the Python ecosystem will have a tremendous impact for all Python users and for the open source community as a whole. ![]() Python consistently ranks as one of the most popular programming languages, used widely for web development, scientific computing, artificial intelligence and machine learning, amongst many other uses. We are also happy to announce that the Secure Open Source Rewards pilot program will be managed by the Alpha-Omega Project. ![]() By: Brian Behlendorf (OpenSSF), Michael Scovetta (Microsoft), and Michael Winser (Google)Īs part of the OpenSSF’s continued investment in critical open-source projects, we are pleased to announce that the OpenSSF’s Alpha-Omega Project has committed to $800,000 in funding split equally among the Python Software Foundation (PSF) and the Eclipse Foundation to fund critical security roles.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |