Gore argues that Open Source software is built collaboratively. It doesn’t have a single ‘owner’ or a vendor. The community as a whole is the owner. What it means is that when it comes to security there is no ‘throat to choke’. No one owns SSL flaws, no one owns Heartbleed. Where does the buck stop? The Linux Foundation has been working on improving the security of open source projects, whether it hosts them or not. OpenSSF is an ambitious project in the direction of promoting the security of open-source software.
“I really see a massive explosion just waiting to happen in security benefits from that specific point of view where all the Linux Foundation projects can institutionalize security learnings, patterns, behaviors and operate in ways which were only available to large corporations,” said Gore.
Here are some of the topics that we covered:
Q: What is OpenSSF?
Q: What is the significance and importance of the foundation?
Q: How will it have an impact across the Linux Foundation?
Q: Security should be part of the development pipeline and not an afterthought?
Q: What value is Polyverse bringing to the openSSF?