“Tech companies pledged an initial $30 million to fund the 10-point Open Source Software Security Mobilization Plan they developed with White House officials and released Thursday he plan comes in response to vulnerabilities and weaknesses in widely deployed open source software — which makes up 70% to 90% of software stacks — that threaten the security of federal agencies, infrastructure providers, businesses and nonprofits.
‘It requires a cohesive effort because there’s not one root cause or one root approach that’s going to address them all,’ said Brian Behlendorf, general manager of the Linux Foundation’s Open Source Security Foundation (OpenSSF), on a press call Thursday. ‘’Industry recognizes that; I think the public sector partners recognize that as well.’…”
“OpenSFF brought together more than 90 executives from 37 companies and officials from the National Security Council, Office of the National Cyber Director, Cybersecurity and Infrastructure Security Agency, National Institute of Standards and Technology, Department of Energy, and Office of Management and Budget for its second summit to finalize the plan. The National Security Council led the first summit in January…” Read the full article here.
Source: Tech companies put initial $30M toward securing open source software supply chain – By Dave Nyczepir, May 13, 2022. FedScoop.