back to article Linux Foundation rolls bunch of overlapping groups into one to tackle growing number of open-source security vulns

The Linux Foundation has formed the Open Source Security Foundation (OpenSSF) with founding board members representing companies including IBM, GitHub, Google, JPMorgan Chase, Microsoft, NCC Group, and Red Hat. The OpenSSF is a consolidation of several pre-existing efforts in the same space and intends bring the Open Source …

  1. Robert Carnegie Silver badge

    Since there are people whose day job is to write the exploit for the latest vulnerability... other people who want to prevent that also need to take the job seriously.

  2. sitta_europea

    "IBM, GitHub, Google, JPMorgan Chase, Microsoft, NCC Group, and Red Hat"

    What's one thing this lot have in common?

    No points for "a great track record in security".

    1. jake Silver badge

      But ...

      ... Shirley they do all have a great track record in security!

      For negative values of great. I for one wouldn't trust any of 'em to secure my granddaughter's piggy bank.

      1. Anonymous Coward
        Anonymous Coward

        Re: But ...

        Here's Jake to tell us aaaall about what he'd do

        1. jake Silver badge

          Re: But ...

          Only in your tiny little mind, AC.

    2. RM Myers

      And who, pray tell, does have a great record in security?

      If you have written millions of lines of code for other people, and it runs on systems accessible from the internet, you're going to have security issues. Especially considering how much code was derived from older code that was created when security was a much smaller concern.

      1. jake Silver badge

        Re: And who, pray tell, does have a great record in security?

        Code which comes from companies which are run by marketing have a distinctly worse security track record than code that comes from pretty much everywhere else. All of the outfits listed are run by marketing.

        Wait ... are you actually suggesting that current code derived from old code has holes, but it's OK, because security was less stringent when the old code was written?

        1. RM Myers
          Thumb Down

          Re: And who, pray tell, does have a great record in security?

          No, I'm not saying it is okay. I'm just saying that is one of reasons legacy code tends to have more security issues, and much current code is legacy or derived from legacy code.

  3. This post has been deleted by its author

  4. IGotOut Silver badge


    ...does it mean they are going to help unpaid devs support projects by giving them cash?

    Or just come together to bitch and point out the flaws?

    1. jake Silver badge

      Re: So....

      Just come together and bitch, delaying projects that benefit the end-user for as long as possible, while rubber-stamping projects that benefit marketing would be my guess.

  5. poohbear

    Just wondering ... are Chinese companies allowed to join?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022