Capital One pledges to boost the open source software supply chain by becoming a flagship member of the Open Source Security Foundation (OpenSSF). The Linux Foundation is home to OpenSSF, a cross-industry group that aims to motivate and empower the community to secure the open source software that we all rely on through development, testing, fundraising, infrastructure, and support activities.
Capital One joins the OpenSSF Governing Board in charge of leading the organization and providing strategic direction. “We are happy to welcome Capital One to the Open Source Security Foundation,” says Brian Behlendorf, General Manager of OpenSSF. “As a highly regulated company that has invested in technology, Capital One has experience building the governance structure, modern architecture and collaborative culture that is critical for well-managed open source software delivery. By joining the OpenSSF, Capital One is demonstrating a serious commitment to secure open source software that benefits our entire ecosystem.”
As one of the country’s leading digital banks, Capital One relies heavily on technology to bring value to its more than 100 million customers. The business started transforming its technology over ten years ago, and in 2015 made an open source-first commitment. By committing to a collaborative software-building method within the open source community, Capital One is able to benefit from global developments and speed delivery thanks to a modern architecture in the cloud.
The OpenSSF released a 10-point strategy earlier this year at the Open Source Security Summit, which was held in May and was co-hosted by the White House. The plan feeds into ten different workstreams, such as figuring out how to speed up the process of patching open source software, creating new metrics to track code and components, urging businesses to abandon non-memory safe programming languages that make it difficult to find and fix vulnerabilities, creating a framework for incident response teams that can be deployed across the open source community, and conducting annual third-party reviews of the top 200 most critical open source projects.
Recently, the OpenSSF held a Town Hall meeting specifically for people who maintain, contribute to, develop, and utilise open source software but haven’t yet taken the plunge and joined an OpenSSF Working Group or Project. There will be an OpenSSF Day EU on Tuesday, September 13 at the Open Source Summit Europe in Dublin, Ireland, as well as online.
OnePassword, AWS, Atlassian, Cisco, Citi, Coinbase, Dell Technologies, Ericsson, Fidelity, GitHub, Google, Huawei, Intel, IBM, JFrog, JPMorgan Chase, Meta, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, Sonatype, VMware, and Wipro are among the other OpenSSF premier members that Capital One joins.