In 2022, the Open Source Software Foundation (OpenSSF) set its sights on fixing security problems with the open software supply chain. including joining forces with companies including Apache, Google, Apple, and AWS, and meeting at the White House with the U.S. government's executive branch.

2022 was a heck of a year for open source security troubles, but at the same time, the Open Source Security Foundation (OpenSSF) did its best to help secure vital programming infrastructure. 

In 2021, not 2022, things went awry in a big way for open source software security. I am, of course, referring to the Log4J vulnerability. It’s been over a year, and it’s still hanging around. This, in turn, woke people outside the developer and security worlds to the dangers to the software supply chain. I’d predicted that open source and Linux developers would take security much more seriously in 2022. It looks like I was right.

To meet these security needs, OpenSSF and numerous other developer players, including Apache, Google, Apple, and AWS, met at the White House with the US government’s executive branch. As White House National Security Advisor Jake Sullivan said when he called for the meeting, it was a “national security concern” that volunteers maintained foundational open source software.

Well. Yes, we, the open source community, knew that. Of course, it’s not like the proprietary software development companies have covered themselves with glory.