A new initiative by the Open Source Security Foundation (OpenSSF) should improve the security of open source applications, German news site heise reports. The campaign, called the Alpha-Omega Project, is the result of negotiations at the White House between representatives of technology companies, US authorities and non-profit organisations. The initial funding of $5 mn. is being financed jointly by Google and Microsoft.
OpenSSF is organising the project in two parts – Alpha and Omega. In the Alpha section expert groups are analysing the security situation of the most-used open source applications to find and remedy vulnerabilities. This should train software operators and users in security awareness. In the Omega section a team of software developers is working on automated tests for over 10,000 distributed open source project to propose possible security measures to their user communities.
Open source projects and libraries are widely used in software development. The Log4Shell vulnerability in the widely-distributed Log4j Java library recently showed how critical an attack can be. Even after a month and a half it still remains unclear whether companies have survived the worst. Users and companies should therefore investigate their own systems for vulnerable instances of the Log4j library and install current patches.
More details of the Alpha-Omega Project can be found in the official announcement.