What we learned from building an industry coalition

What we learned from building an industry coalition

Securing the open source supply chain is critically important for developer communities and the entire software ecosystem. In recent years, the industry has seen an uptick in the adoption of open source components spurring new technology. However, this increase in adoption also increases the open source supply chain’s susceptibility to threats such as the backdoor attempts we have seen in package managers or massive credential harvesting.

Securing the open source supply chain is critically important for developer communities and the entire software ecosystem. In recent years, the industry has seen an uptick in the adoption of open source components spurring new technology. However, this increase in adoption also increases the open source supply chain’s susceptibility to threats such as the backdoor attempts we have seen in package managers or massive credential harvesting.

In November 2019, GitHub announced the Open Source Security Coalition (OSSC) to bring together organizations committed to open source security and secure software development globally. The coalition sought to provide a space for collaboration on existing initiatives while encouraging the generation of new efforts.

After its announcement, GitHub served as a neutral convener to grow and drive the coalition toward fulfilling its mission.

Here’s what we learned.

Understanding your audience and its needs are key.  

Before officially kicking off, we surveyed partners’ motivations for joining the coalition. Open source security researchers faced many challenges when it came to their work. Some of these challenges included a lack of resources, user adoption, community engagement that stalled projects, and insufficient communication among organizations creating siloed and competing initiatives.

Through our initial research efforts and discussions, we originally identified nine potential work streams. However, after additional feedback, we landed on four key areas for the coalition:

  1. Identifying threats to open source projects
  2. Best practices for open source developers,
  3. Security tooling, and
  4. Vulnerability disclosures.

Security researchers are eager to come together to help secure open source software

As the coalition’s original 14 partners grew to 21 partners, we learned that these partners viewed the coalition as a newly-established forum that could play a key role in contributing to the overall health and security of the internet. Among many benefits, partners viewed the coalition as a space to pool resources reaching equity in tooling and expertise, coordinate on building scalable infrastructure, break down silos, and decrease duplication of industry efforts.

company machine learning industry coalition

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Applications of machine learning in different industry domains

We supply you with world class machine learning experts / ML Developers with years of domain experience who can add more value to your business.

Hire Machine Learning Developers in India

We supply you with world class machine learning experts / ML Developers with years of domain experience who can add more value to your business.

Hire Machine Learning Developer | Hire ML Experts in India

We supply you with world class machine learning experts / ML Developers with years of domain experience who can add more value to your business.

What is Supervised Machine Learning

What is neuron analysis of a machine? Learn machine learning by designing Robotics algorithm. Click here for best machine learning course models with AI

Pros and Cons of Machine Learning Language

AI, Machine learning, as its title defines, is involved as a process to make the machine operate a task automatically to know more join CETPA