Home SecurityApplication Security 8 notable open-source security initiatives of 2022

8 notable open-source security initiatives of 2022

Source Link

Open-source security has been high on the agenda this year, with a number of initiatives, projects, and guidance launched in 2022 to help improve the cyber resiliency of open-source code, software and development. Vendors, tech firms, collectives and governments have contributed to helping raise the open-source security bar amid organizations’ increasing use of and reliance upon open-source resources, along with the complex security risks and challenges that come with it.

“2022 has intensified the necessary focus on the important topics of open-source security, including supply chain security. It has also accelerated efforts to identify what was left to do, and then start doing it. In sum: things are just getting started, but progress has been made,” David A. Wheeler, director of open-source supply chain security at the Linux Foundation, tells CSO.

So why is it important to improve open-source security? The answer is, in part, “because it underpins everything,” Wheeler says. “Software really does now run the world. The latest studies have shown that, on average, 70% to 90% of applications are, once you look inside, open-source software (OSS) components. That’s not a problem per se – OSS enables an incredible number of goods and services – but it’s a problem if the OSS is vulnerable to attack.” To cause any change, organizations need resources, including people’s time  and money, he adds. “Some actions won’t require much, but you still often need some as a catalyst. Some will require more resources because the software industry is large, and the amount of software is huge. For many developers, ‘make it secure’ is a new, unanticipated requirement.”

Here are eight notable open-source security initiatives of 2022.

The White House hosts open-source security summit

In January, The White House convened government and private sector stakeholders to discuss initiatives to improve the security of open-source software and new approaches to collaboration to drive improvements. Meeting participants included Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger and National Cyber Director Chris Inglis, along with representatives from tech firms including Akamai, Amazon, Apple, Cloudflare, Facebook/Meta, the Linux Foundation, the Open Source Security Foundation (OpenSSF), and Microsoft.

“Participants had a substantive and constructive discussion on how to make a difference in the security of open-source software, while effectively engaging with and supporting, the open-source community,” a White House readout stated. “The discussion focused on three topics: preventing security defects and vulnerabilities in code and open-source packages, improving the process for finding defects and fixing them, and shortening the response time for distributing and implementing fixes.”

Copyright © 2022 IDG Communications, Inc.

Related Articles

Leave a Comment