The Open Source Security Foundation, also known as OpenSSF, is a collaboration which is backed by Microsoft, Google, GitHub, NCC Group, OWASP Foundation and more. 

This foundation is associated with the Linux Foundation which works to drive innovation through open source projects. 

As open source software has become more widely used, there has been a need to ensure that it is secure when faced with potential threats. The idea of OpenSFF is to improve security through beginning together with tech leaders, online communities, and creating best practices. 

Open SFF Values 

There are eight core values that are followed as part of OpenSFF, these are: 

  1. Public good

  2. Openness/transparency

  3. Maintainers first

  4. Diversity, inclusion and representation

  5. Agile and delivery

  6. Credit where credit is due 

  7. Neutrality

  8. Empathy


Maintaining Public Good

This core value is to make sure that the security of open source is upheld as a public good for all in the community.   

Keeping open source transparent

The work of the OpenSFF is kept publicly available so that the all stakeholders are able to participate in the foundation

Putting maintainers first 

We have a lot to thank open source maintainers and developers for, and this value makes sure that they are given their due respect. 

Diversity, inclusion and representation

People from all walks of life, identities, and backgrounds are embraced to partake in the open source community. The more perspectives the better!

Agile and delivery 

In making open source more secure, leaning into experience and trying out new things is important to the foundation.

Giving credit 

As always, credit should be given where credit is due, that is why OpenSFF’s final value is to fairly acknowledge the contributions of individuals.

If you would like to find out more about the Open Source Security Foundation and get involved, visit their website