Hacks like the one of Yahoo! Years ago is something I mention because it was the one that made me understand that you had to create strong passwords and not reuse them, or others like the most recent on Twitter are large-scale examples that show that everything that can be done for security is little and that is why large companies have started this project called Open Source Security Foundation (OpenSSF).
The first thing we have to say about OpenSSF is that it is a collective and that companies such as Google, Intel, Microsoft, IBM and The Linux Foundation participate in it, and that is that open source software is gaining ground over time, up to the point of which 69% of professionals believe that this type of software is important or very important.
What will OpenSSF efforts focus on?
OpenSSF will have a lot of work since hackers never rest but we could say that this project will sit down to fight them and some characteristics of this project would be:
▸Disclosure of vulnerabilities, with the aim of accelerating the time required to correct a vulnerability and implement the solution.
▸Security tools, with the aim of improving existing security tools and developing new ones.
▸Identification of security threats, focusing on creating key metrics to better assess the security of each open source project in regards to security.
▸Promote better security practices, in general.
▸Perform Audit work and increase the security of critical open source projects.
▸Creating tools to verify the identity of developers.
And I think this is a relief for everyone because it was about time someone took the security issue seriously, in time we will see that this project succeeds and we can say that hopefully great progress will be made to combat people dedicated to cybercrime.
