14 DAY TRIAL // “Microsoft loves Linux” is the thing representatives of the Redmond-based software giant say on pretty much every occasion, and truth be told, the company is investing very aggressively in everything that’s in any way related to the open-source world.
And today, the Redmond-based firm is making another similar move, as it’s joining a series of other companies for the creation of a new collaboration hosted at the Linux Foundation and called Open Source Security Foundation, or OpenSSF.
As its name suggests, the whole idea of this massive collaboration is to improve security in the open-source software space, and Microsoft is willing to work with other tech giants in this regard.
Already committed to open-source security
The rest of the partners include Google, Red Hat, IBM, Microsoft-owned GitHub, NCC Group, and OWASP Foundation.
“Open-source software is inherently community-driven and as such, there is no central authority responsible for quality and maintenance. Because source code can be copied and cloned, versioning and dependencies are particularly complex. Open-source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming maintainers of projects and introducing malware. Given the complexity and communal nature of open source software, building better security must also be a community-driven process,” Microsoft explains.
Microsoft says it’s moving some of its previous investments in the open-source security world to OpenSSF, including resources to help identify security threats to open source projects, security tooling, best practices, and vulnerability disclosure.
Microsoft says that its vulnerability disclosure system is supposed to help developers fix vulnerabilities in their open-source software “in minutes, not in months,” something that would eventually provide users with increased security too.
More information about the new collaboration of all the aforementioned tech giant is available on the official OpenSSF page here.