Wipro Limited has joined the governing board of the Open Source Security Foundation (OpenSSF) to help combat the growing danger to the software supply chain.
The OpenSSF is a cross-industry organisation based at the Linux Foundation that brings together the world’s most important open source security initiatives to help identify and fix security vulnerabilities in open source software, as well as develop better tooling, training, research, best practises, and vulnerability disclosure practises.
Wipro’s open source expertise will join other members in determining direction through the foundation’s governance and working committees, in addition to developing and sharing best practises for safe coding and software components for the projects under the OpenSSF umbrella.
Wipro Ltd was trading at Rs597.50 a piece at around 9.22 a.m. on the BSE, up Rs9.85 or 1.68 percent from its previous close of Rs587.65 per piece.
“We are thrilled to now count Wipro as a key strategic partner in the OpenSSF community,” said Brian Behlendorf, General Manager, OpenSSF.
“With their massive global technology team building open source software, and their reach across so many critical sectors, they will be tremendously helpful in driving adoption for the specifications, systems, software and content coming from the OpenSSF. In fact, they are already participating!”
“We’re excited to be a member of this important industry initiative and to work with our peers to help ensure the integrity of the global software supply chain”, said Andrew Aitken, Global Open Source Leader, Wipro Limited.
“With Board representation from our CTO, Subha Tatavarti, and subject matter experts engaged in all working groups and projects, Wipro is fully committed to helping the industry develop better methods, processes and tools to identify and remediate vulnerabilities. In addition, our goal is to improve and share secure coding best practices with the community to address the growing threat to our software supply chain.”
Wipro’s open-source and cybersecurity professionals are now contributing to OpenSSF’s six core working groups and projects, collaborating with community members to develop use cases and gain experience-based insights to broaden the scope of future services. Among them are the following:
- The Sigstore project (which includes the Cosign, Rektor, and Fulcio subprojects) extends current code signing capabilities to enable a wider range of pipeline tools and standardises code signature validation automation. Wipro’s contribution is to Cosign, where we’re building automation scripts for use with popular CICD pipeline tooling to verify code signing of docker containers; Helm Charts, Tekton Bundles, and others, to ensure no tampering or updates were made after creation; and Rektor, where we’ll provide documentation on how to use the Rektor APIs for retrieving log data to provide appropriate metrics that will help make decisions on the trust, acceptance, and validity of the sig.
- The SLSA project is developing a security framework, a checklist of standards and controls, and securing packages and infrastructure in projects to prevent tampering, improve integrity, and secure packages and infrastructure. Wipro is identifying and testing procedures and tools to automate software supply chain security requirements and encourage the framework’s adoption in the industry. Wipro is also involved in similar external efforts such as OpenChain (an ISO standard for open source licence compliance) and SPDX (a software development exchange) (ISO Standard for communicating SBOM information). Wipro’s involvement in these projects, together with its expertise working with businesses in a variety of industries and regions, provides essential input to OpenSSF working groups, particularly in the areas of Best Practices and Vulnerability Disclosures.