How much will it cost to secure open-source software? OpenSSF says $147.9M

4 days ago 29

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

In recent years there have been multiple vulnerabilities in open-source software that have been exploited, leaving organizations of all sizes at risk. Vulnerabilities in software components like the open-source Log4j java library have impacted millions of users around the world. According to a 2021 study from Synopsys, 84% of all codebases contain at least one open-source vulnerability.

As open source is increasingly part of all software, it has also become a foundational element of the software supply chain. One year ago, the Biden administration issued an executive order to try to improve software supply chain security, which led to efforts to embrace a software bill of materials (SBOM) that helps to reveal what’s inside an application — which, more often than not, is open source.

Among the leading open-source organizations is the Linux Foundation and its Open Source Security Foundation (OpenSSF), which has a growing base of users. Today at the Open Source Software Security Summit II in Washington, D.C., OpenSSF announced an ambitious, multipronged plan with 10 key goals to better secure the entire open-source software ecosystem.

While open-source software itself can sometimes be freely available, securing it will have a price. OpenSSF has estimated that its plan will require $147....

Read Entire Article