Skip to main content

Snyk joins OpenSSF: Tackling open source supply chain security with a developer-first approach

Written by:
wordpress-sync/blog-feature-snyk-openssf

October 19, 2021

0 mins read

I’m excited to share that Snyk has joined the Linux Foundation’s expanded support of the Open Source Security Foundation (OpenSSF) as a premier member alongside Microsoft, Google, Cisco, Facebook, Intel, VMware, Red Hat, Oracle, and others. As Snyk’s mission is to enable developers to develop fast while staying secure, we believe that this cross-industry collaboration is critical to the future of software development and improving the security of open source.

It’s no secret that today, the vast majority of applications are built using open source. While open source enables developers to be agile and maintain a rapid pace of development — both crucial requirements for businesses to be able to remain competitive — this growing reliance also introduces security risk. More and more, software supply chain attacks are leveraging open source to exploit vulnerabilities in open source packages and distribute malicious code. The recent U.S Executive Order highlights this specific risk as part of explaining the need for the wider cybersecurity initiative.

Given the open and communal nature of open source, there is a clear need for working together to mitigate this risk. There is no central authority responsible for ensuring the quality, maintenance and security of open source and so collaboration projects such as OpenSSF will help formulate standardized, consistent, and common secure development practices. 

We also believe that the successful implementation of these practices has to start with the developers themselves. Developers are the ones deciding how to build their applications and ultimately, are also responsible for the integrity, quality, and security of their code.

Snyk's solutions have always been used by open source developers to build securely. Snyk Open Source provides them with visibility into the open source components they are using, and helps them find and fix vulnerabilities they introduce. Snyk Advisor helps them research these open source components before being included in projects. More recently, Snyk Learn provides interactive security education, enabling them to learn about vulnerabilities, including how to find and exploit them.

Our goal in joining OpenSSF is to work with the community to formulate a powerful and standardized approach to secure open source at scale, supporting both open source maintainers and individual contributors alike, and leveraging the Snyk technology to help this cause wherever it can be helpful.

I’m excited to be part of OpenSSF and look forward to working together with the Linux Foundation and the OpenSSF partners to secure the world’s open source software!

wordpress-sync/blog-feature-snyk-openssf

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.