The Linux Foundation and OpenSSF project, with backing from Microsoft and Google, aims to improve security of 10,000 open-source projects.

The Log4j vulnerability crisis that erupted in late-2021 heightened the security world’s awareness of supply chain risks in free and universally deployed open-source software. Following an intense holiday season push by admins and cybersecurity professionals to track and remediate the Log4j flaw, the White House held a meeting of industry leaders to discuss improving open source software security.

In a sign that the tech sector is stepping up efforts, the Linux Foundation and the Open Source Security Foundation (OpenSSF) have announced the Alpha-Omega Project. Backed by $5 million in initial funding from Microsoft and Google, the project seeks to improve software supply chain security for 10,000 open-source software projects by systematically looking for undiscovered vulnerabilities in open-source code and then working with project maintainers to get them fixed.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Markus Spiske on Unsplash