Microsoft on jo vuosia investoinnut open source -sovellusten tietoturvaan ja nyt olemme liittyneet mukaan perustamaan Open Source Security Foundationia (OpenSSF). Microsoft tulee olemaan aktiivinen erityisesti seuraavilla neljällä osa-alueella:
Identifying security threats to open source projects
Helping developers to better understand the security threats that exist in the open source software ecosystem and how those threats impact specific open source projects.
Security tooling
Providing the best security tools for open source developers, making them universally accessible and creating a space where members can collaborate to improve upon existing security tooling and develop new ones to suit the needs of the broader open source community.
Security best practices
Providing open source developers with best practice recommendations, and with an easy way to learn and apply them. Additionally, we have been focused on ensuring best practices will be widely distributed to open source developers and will leverage an effective learning platform to do so.
Vulnerability disclosure
Creating an open source software ecosystem where the time to fix a vulnerability and deploy that fix across the ecosystem is measured in minutes, not months.
Lue lisää Mark Russinovichin blogista ja tule mukaan https://openssf.org ja GitHubissa https://github.com/ossf.
Microsoft joins Open Source Security Foundation
https://cloudblogs.microsoft.com/opensource/2020/08/03/microsoft-joins-open-source-security-foundation/
