The Linux Foundation and the Open Source Security Foundation (OpenSSF) have launched the Open Source Software Security Mobilisation Plan following the attacks on the software supply chain.
Indeed, due to several cyber-attacks targetting supply chain and open source software more and more, it is vital that better security is put into place. The Open Source Software Security Mobilisation Plan will then help to ensure that supply chains are secured enough, improve vulnerability discovery and remediation, and shorten ecosystem patching response time.
The plan also shows the need for strategic investments to achieve a resilient software supply chain ecosystem. For this to be possible, it is necessary to have secure development education and certification, have an objective, metrics-based risk assessment dashboard for the top 10,000 OSS components, as well as implement digital signatures of software releases.
The Open Source Software Security Mobilisation Plan then aims to secure the software supply chain as much as possible, considering the recent threats and attacks.