Why Socket Joined the Open Source Security Foundation
Socket is joining the Open Source Security Foundation (OpenSSF), the cross-industry organization working on the most important open source security initiatives.
Feross Aboukhadijeh
December 5, 2022
Socket helps developers ship faster and spend less time on security busywork by helping them safely find, audit, and manage Open Source Software at scale. The Socket platform enables security and developer teams to work together to securely use and maintain OSS within the organization.
Open source has won. But security has often been an afterthought. That’s why we are thrilled to share that Socket is joining the Open Source Security Foundation (OpenSSF), the cross-industry organization bringing together the most important open source security initiatives and the individuals and companies that support them.
Feross Aboukhadijeh, CEO, Socket
As maintainers of open source packages which are installed over 1 billion times per month, the Socket team is intimately familiar with the massive growth in open source dependency usage. Modern applications use thousands of dependencies written by hundreds of maintainers, and installing even one package leads to dozens of transitive dependencies coming along for the ride.
Unfortunately, it is far too easy for a bad actor to infiltrate the software supply chain and wreak havoc. That’s why Socket is proud to join OpenSSF and do our part to make open source safe for everyone with our industry-leading approach to software composition analysis which is already used by thousands of companies to detect and prevent supply chain attacks.
The Socket team is excited to work with other OpenSSF member companies to safeguard the open source ecosystem for everyone.
“A growing community of organizations, developers, researchers, and security professionals are investing the time and resources needed to strengthen open source security,” said Jamie Thomas, OpenSSF Board Chair and IBM Enterprise Security Executive. “New members of OpenSSF are joining at a time when cross-industry collaboration and innovation are needed more than ever to proactively respond to pervasive cybersecurity threats.”
This is just the start of our work to secure the open source supply chain for everyone. We are excited to collaborate with all OpenSSF members to make software supply chains more secure for everyone.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Ready to block malicious and vulnerable dependencies?
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.
Socket researchers found a malicious Maven package impersonating the legitimate ‘XZ for Java’ library, introducing a backdoor for remote code execution.