๐ The Linux Foundation's "security mobilization plan"
๐ก Newskategorie: Linux Tipps
๐ Quelle: lwn.net
The Linux Foundation has posted an "Open Source Software Security Mobilization Plan" that aims to address a number of perceived security problems with the expenditure of nearly $140ย million over two years.
While there are considerable ongoing efforts to secure the OSS supply chain, to achieve acceptable levels of resilience and risk, a more comprehensive series of investments to shift security from a largely reactive exercise to a proactive approach is required. Our objective is to evolve the systems and processes used to ensure a higher degree of security assurance and trust in the OSS supply chain....This paper suggests a comprehensive portfolio of 10 initiatives which can start immediately to address three fundamental goals for hardening the software supply chain. Vulnerabilities and weaknesses in widely deployed software present systemic threats to the security and stability of modern society as government services, infrastructure providers, nonprofits and the vast majority of private businesses rely on software in order to function.