Microsoft and Google commit $5 million in continued funding for Alpha-Omega
VANCOUVER, BC, May 10, 2023 – The Open Source Security Foundation (OpenSSF), a cross-industry organization hosted at the Linux Foundation that brings together the world’s most important software supply chain security initiatives, welcomes four new members from leading technology firms. New OpenSSF general members include Hitachi, Lockheed Martin, Salesforce, and SAP. Technical communities continue to prioritize investment in open source security and recognize the role of supporting and sustaining open source communities in maintaining a healthy, vibrant, and secure open source ecosystem.
The OpenSSF also welcomes new General Manager, Omkhar Arasaratnam, veteran cybersecurity and technical risk management executive. Omkhar has more than 25 years of experience leading global organizations. “It’s an honor to help the Open Source community to build software that’s secure by construction,” said Omkhar Arasaratnam. “The OpenSSF has accomplished great things over the last couple of years under Brian’s leadership. In my new role as General Manager of the OpenSSF, I look forward to continuing our mission for a more secure future for everyone, in partnership with our OpenSSF members.”
Omkhar began his career as a strong supporter of Open Source Software (OSS) as a PPC64 maintainer for Gentoo and contributor to the Linux kernel, and that enthusiasm for OSS continues today. Prior to joining the OpenSSF, he led security organizations at financial and technology institutions, such as Google, JPMorgan Chase, Credit Suisse, Deutsche Bank, TD Bank Group, and IBM. As a seasoned technology leader, he has revolutionized the effectiveness of secure software engineering, compliance, and cybersecurity controls. He is also an accomplished author and has led contributions to many international standards. Omkhar is also a member of the NYU Cyber Fellow Advisory Council and a Senior Fellow with the NYU Center for Cybersecurity.
Brian Behlendorf has been named as the new OpenSSF Chief Technical Officer (CTO). “I am thrilled to welcome Omkhar to the OpenSSF and to be passing the baton of GM to him. Assuming the role of CTO, I am looking forward to focusing more than I could before, and every day, on the deeper technical, community, and related policy challenges facing us in securing the software supply chain,” he said.
OpenSSF’s Alpha-Omega Project recently received a commitment of $5 million in continued funding, with a USD $2.5 million contribution from Microsoft and another USD $2.5 million from Google. The Alpha-Omega mission is to protect society by improving the security of open source software through direct maintainer engagement and expert analysis, trying to build a world where critical open source projects are secure and that security vulnerabilities are found and fixed quickly.
Today, the OpenSSF hosts OpenSSF Day North America at the Open Source Summit North America in Vancouver. OpenSSF Day is an exciting opportunity to learn more about ongoing efforts to secure the open source software ecosystem. Highlights on the agenda include a number of sessions around the state of open source software security, including a keynote fireside chat about how government and the open source community can work together. Panels will explore what’s new in the world of Software Bills of Materials (SBOMs), Alpha-Omega, and DEI for creative, inclusive and sustainable cybersecurity. Other sessions feature talks on DevOps, Sigstore, SLSA, security audits, fuzzing, and more. Both in-person and virtual registration is available.
The OpenSSF is also conducting a survey to understand how the community perceives OpenSSF initiatives like Sigstore, Alpha-Omega, Best Practices Badge, Scorecard, and SLSA. Responses will be used to help evaluate awareness and perception of the OpenSSF, its projects, and identify areas for improvement. Take the OpenSSF Software Security Awareness Survey today.
General Member Quotes
“We think the importance of OSS security is increasing because a lot of our customers leverage OSS for mission-critical systems that support social infrastructure like financial systems or government systems. We are happy to enhance OSS security through the OpenSSF ecosystem, and we would like to help achieve OSS security that meets the mission-critical requirements. Furthermore, we would like to collaborate, not only with the OSS community, but also with the security community to have an active discussion on OSS security in Japan.”
- Yuichi Nakamura, Director, Hitachi, Ltd.“Today’s missions operate on timelines of days and weeks, not months and years. The threats our customers face require us to deliver innovation at scale, and with greater agility than ever before, to address their toughest challenges. Lockheed Martin’s contribution to open-source projects and open-source communities is essential to our ability to produce more secure software solutions to our customers. Our collaboration with the Open Source Security Foundation (OpenSSF) is a testament to our commitment to ensure the security of our customers’ systems as we deliver software at the speed of relevance and engineer a better tomorrow.”
- Alan Hohn, Director of External Outreach and Software Strategy, Lockheed Martin Corporate Engineering“SAP is among the top 10 commercial contributors to open source communities as listed on the Open Source Contributor Index. Secure consumption of open source software is naturally essential to SAP’s position as a responsible vendor of enterprise software solutions. We look forward to being an active member of OpenSSF and helping the enterprise software community including our customers benefit from secure and trustworthy open source components.”
- Tim McKnight, Chief Security Officer, SAPAdditional Resources
The Open Source Security Foundation (OpenSSF) is a cross-industry organization hosted by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org.
Media Contact
Jennifer Bly, OpenSSF