The Open Source Security Foundation (OpenSSF) in collaboration with Google and Microsoft have announced the Alpha-Omega Project to improve supply chain security across open source software (OSS) projects, told InfoQ. Brian Behlendorf, General Manager, OpenSSF said:
“Open source software is a vital component of critical infrastructure for modern society. Therefore we must take every measure necessary to keep it and our software supply chains secure.”
He added:
“Alpha-Omega supports this effort in an open and transparent way by directly improving the security of open source projects through proactively finding, fixing, and preventing vulnerabilities. This is the start of what we at OpenSSF hope will be a major channel for improving OSS security.”
The Alpha-Omega Project will improve global OSS supply chain security by working with project maintainers to systematically look for new, as-yet-undiscovered vulnerabilities in open source code, and get them fixed.
“Alpha” will work with the maintainers of the most critical open source projects to help them identify and fix security vulnerabilities, and improve their security posture. “Omega” will identify at least 10,000 widely deployed OSS projects where it can apply automated security analysis, scoring, and remediation guidance to their open source maintainer communities.