As part of Arduino’s mission to create user-friendly tech, security has always been a top priority. It’s not enough to make hardware, tools, and programs that people find intuitive and easy to use, it’s also important to make sure people feel safe.

As part of the of their continuing effort to keep Arduino products secure, on October 30, 2020 the team at Arduino announced they would be joining the Open Source Security Foundation (OpenSFF), a cross-industry collaborative initiative to secure open source projects.

The Work of the Open Source Security Foundation

The Open Source Security Foundation is hosted by the Linux foundation. It brings together leaders across the tech community in order to improve the security of open source software. By creating a broader network under one umbrella, its mission is to accelerate security initiatives with support and shared best practices from across the industry.

The first two initiatives of the Open Source Security Foundation are the Core Infrastructure Initiative and the Open Source Security Coalition. The goal is to bring together experts from a variety of organizations and perspectives to determine which are the most significant security threats and then decide cooperatively how best to solve them, ultimately by building new and improved open source security technologies.

As open source becomes more ubiquitous, it’s more necessary than ever to build and maintain a critical infrastructure and determine standards and best practices to keep global technology secure. The Foundation was established on the recognition that security professionals and innovators need a forum to collaborate to develop methods that will secure the worldwide open source supply chain.

The Open Source Security Foundation is bringing together tech leaders from academia, private companies, and non-profits. Arduino is joining a roster of initial members that includes Google, Microsoft, GitHub, IBM, JPMorgan Chase, NCC Group, Red Hat, OWASP Foundation, and others.

At the outset, the Open Source Security Foundation is sponsoring multiple Working Groups. These include:

• Vulnerability Disclosures: creating an open source software ecosystem where it’s more efficient to fix vulnerabilities

• Security Tooling: collaboratively developing the best security tools for open source developers and making them broadly accessible.

• Identifying Security Threats to Open Source Projects: identifying a set of key metrics and building tools to communicate risks to stakeholders.

• Security Best Practices: collaboratively defining standards and recommendations.

• Securing Critical Projects: performing audits, improvements, and hands-on tactical security initiatives.

   

The Arduino Donation Program 

Arduino’s participation in the Open Source Security Foundation is part of their Arduino Donation Program, a philanthropic effort to fund worthy projects that improve and enhance the global open-source community.

Arduino believes software should be kept free for all users, and the Arduino Donation Program helps make this possible. Currently, Arduino tools and libraries are available and used by millions of people around the world, including schools, workshops, private companies, and non-profits.

In addition to supporting the new Open Source Security Foundation, the Arduino Donation Program also empowers Arduino’s team of engineers and designers to develop new open source tools and features; fix bugs; and create documentation, libraries, and tutorials to support the open source community.

Get involved and Support the Global Open-Source Community

Do you want to contribute your effort and/or support to securing open source technologies? Anyone can contribute to the Open Source Security Foundation or participate in one of the Working Groups or projects. (After all, this is open source!) You can find out more at https://openssf.org/getinvolved/.

You can also make a contribution to the Arduino Donation Program at https://www.arduino.cc/en/donate/.

And to learn more about the latest updates and initiatives from Arduino and Raspberry Pi, be sure to check back for more of our articles here on the Vilros blog!