Openssf Esm W900

The Linux Foundation has raised $10 million in new investments to expand and support its Open Source Security Foundation project. “This industrywide commitment is answering the call from the White House to raise the baseline for our collective cybersecurity well-being, as well as ‘paying it forward’ to open source communities to help them create secure software from which we all benefit,” Jim Zemlin, executive director at the Linux Foundation, said in a statement.  “With the tremendous growth and pervasiveness of open source software, building cybersecurity practices and programs that scale is our biggest task at hand.”

The funding came from members of the foundation. The long lineup: Dell Technologies Inc., Telefonaktiebolaget LM Ericsson, Facebook Inc., Fidelity Investments Inc., GitHub Inc., Google LLC, International Business Machines Corp., Intel Inc., JPMorgan Chase & Co., Microsoft Corp., Morgan Stanley, Oracle Corp., Red Hat Inc., Snyk Inc., VMware Inc., Anchore Inc., Apiiro LLC, AuriStar Technologies Inc., Deepfence Inc., Devgistics, GitLab Inc., Nutanix Inc., Tidelift Inc. and Wind River Systems Inc.

The Open Source Security Foundation, launched as a project of the Linux Foundation earlier this year, is a cross-industry collaboration that brings together multiple open-source software initiatives to identify and fix cybersecurity vulnerabilities in open-source software. OpenSSF also develops improved tooling, training, research, best practices and vulnerability disclosure practices.