Here’s the good news. According to the Open Source Security Foundation (OpenSSF), it will cost less than $150 million to secure open source software. More good news, industry giants Amazon, Intel, Google, and Microsoft have already pledged $30 million. Just $120 million to go toward a secure open source future, right?
Well, no, because the bad news is that no generalized approach to open source security is going to work. OpenSSF has a fantastic 10-point plan to foster a multifaceted approach to security. This approach has a better chance of succeeding than the more piecemeal approaches of the past, argued Brian Behlendorf, general manager of the OpenSSF, on a recent press call, because “there’s not one root cause or one root approach that’s going to address them all.”