As part of Arduino’s mission to create user-friendly tech, security has always been a top priority. It’s not enough to make hardware, tools, and programs that people find intuitive and easy to use, it’s also important to make sure people feel safe.
As part of the of their continuing effort to keep Arduino products secure, on October 30, 2020 the team at Arduino announced they would be joining the Open Source Security Foundation (OpenSFF), a cross-industry collaborative initiative to secure open source projects.
The Work of the Open Source Security Foundation
TheOpen Source Security Foundation is hosted by the Linux foundation. It brings together leaders across the tech community in order to improve the security of open source software. By creating a broader network under one umbrella, its mission isto acceleratesecurityinitiatives with support and shared best practices from across the industry.
The first two initiatives of the Open Source Security Foundation are theCore Infrastructure Initiative and the Open Source Security Coalition. The goal is to bring together experts from a variety of organizations and perspectives to determine which are the most significant security threats and then decide cooperatively how best to solve them, ultimately by building new and improved open source security technologies.
As open source becomes moreubiquitous, it’s more necessary than ever to build and maintain a critical infrastructure and determine standards and best practices to keep global technology secure. TheFoundation was established on the recognition that security professionals and innovators need a forum to collaborate to develop methods that will secure the worldwide open source supply chain.
The Open SourceSecurity Foundation is bringing togethertech leaders from academia, private companies, and non-profits. Arduino is joining a roster of initial members that includes Google, Microsoft,GitHub,IBM, JPMorgan Chase, NCC Group,Red Hat,OWASP Foundation, and others.
At the outset, the Open Source Security Foundation is sponsoring multiple Working Groups. These include:
Vulnerability Disclosures: creatinganopen source software ecosystem whereit’s more efficient to fix vulnerabilities
Security Tooling: collaboratively developingthe best security tools for open source developers and making thembroadly accessible.
Identifying Security Threats to Open Source Projects: identifying a set of key metrics and building tools to communicaterisksto stakeholders.
Security Best Practices: collaboratively defining standards and recommendations.
Securing Critical Projects: performing audits, improvements, and hands-on tacticalsecurity initiatives.
The Arduino Donation Program
Arduino’s participation in the Open Source Security Foundationis part of their Arduino Donation Program, a philanthropic effort to fund worthy projects that improve and enhance the global open-source community.
Arduino believes software should be kept free for all users, and the Arduino Donation Programhelps make this possible. Currently, Arduino tools and libraries are available and used by millions of people around the world, including schools, workshops, private companies, and non-profits.
In addition to supporting the new Open Source Security Foundation, the Arduino Donation Program also empowers Arduino’s team of engineers and designers to develop new open source tools and features; fix bugs; and create documentation, libraries, and tutorials to support the open source community.
Get involved and Support the Global Open-Source Community
Doyou want to contribute your effort and/or support to securing open source technologies? Anyone can contribute to the Open Source Security Foundation or participate in one of the Working Groups or projects. (After all, this is open source!) You can find out more at.
Andto learn more about the latest updates and initiatives from Arduino and Raspberry Pi, be sure to checkback for more of ourarticles here ontheVilrosblog!
GET IN TOUCH