“Microsoft loves Linux” is the factor representatives of the Redmond-based software program big say on just about each event, and reality be advised, the corporate is investing very aggressively in the whole lot that’s in any approach associated to the open-source world.
And in the present day, the Redmond-based agency is making one other comparable transfer, because it’s becoming a member of a collection of different firms for the creation of a brand new collaboration hosted on the Linux Foundation and known as Open Source Security Foundation, or OpenSSF.
As its title suggests, the entire thought of this large collaboration is to enhance safety within the open-source software program house, and Microsoft is prepared to work with different tech giants on this regard.
Already dedicated to open-source safety
The remainder of the companions embrace Google, Red Hat, IBM, Microsoft-owned GitHub, NCC Group, and OWASP Foundation.
“Open-source software is inherently community-driven and as such, there is no central authority responsible for quality and maintenance. Because source code can be copied and cloned, versioning and dependencies are particularly complex. Open-source software is also vulnerable to attacks against the very nature of the community, such as attackers becoming maintainers of projects and introducing malware. Given the complexity and communal nature of open source software, building better security must also be a community-driven process,” Microsoft explains.
Microsoft says it’s transferring a few of its earlier investments within the open-source safety world to OpenSSF, together with sources to assist establish safety threats to open supply initiatives, safety tooling, greatest practices, and vulnerability disclosure.
Microsoft says that its vulnerability disclosure system is meant to assist builders repair vulnerabilities of their open-source software program “in minutes, not in months,” one thing that might finally present customers with elevated safety too.
More details about the brand new collaboration of all of the aforementioned tech big is obtainable on the official OpenSSF web page here.