Intelligent CISO Issue 54 | Page 69

C

Capital One joins Open Source Security Foundation

apital One joins the Open

C

Source Security Foundation
( OpenSSF ) as a premier member affirming its commitment to strengthening the open-source software supply chain .
OpenSSF is a cross-industry organisation hosted at the Linux Foundation , designed to inspire and enable the community to secure the open-source software we all depend on , including development , testing , fundraising , infrastructure and support initiatives .
Capital One joins the OpenSSF Governing Board in charge of leading the organisation and providing strategic direction . “ We are happy to welcome Capital One to the Open Source Security Foundation ,” said Brian Behlendorf , General Manager of OpenSSF .
“ As a highly regulated company that has invested in technology , Capital One has experience building the governance structure , modern architecture and collaborative culture that is critical for wellmanaged open-source software delivery . By joining the OpenSSF , Capital One is demonstrating a serious commitment to secure open-source software that benefits our entire ecosystem .”
As one of the nation ’ s leading digital banks , technology is central to Capital One ’ s business strategy and how value is delivered to more than 100 million customers . The company began a technology transformation over a decade ago , which included an open-source-first declaration in 2015 .
A modern architecture in the cloud is allowing Capital One to take advantage
of the world ’ s innovations and accelerate delivery by committing to a collaborative software-building approach among the open-source community .
“ Today some of the most groundbreaking digital experiences created for customers are based on open-source software ,” said Chris Nims , EVP of Cloud and Productivity Engineering at Capital One . “ As a company that widely adopts this technology , Capital One is incredibly proud to join the OpenSSF and the world ’ s technology leaders as we collaborate to strengthen the software security supply chain .
“ As a highly regulated company , we are seasoned in managing compliance and governance and advocate for standardisation , automation and collaboration . We look forward to working together to identify solutions that advance the OpenOSSF mission and give back to the open-source community .”
Earlier this year , the OpenSSF unveiled a 10-point plan at the Open Source Security Summit hosted in conjunction with the White House in May . The plan feeds into 10 different workstreams , like finding ways to reduce patching response times for open source software , developing new metrics to track code and components , moving the industry away from non-memory safe programming languages that make it difficult to find and fix vulnerabilities , establishing a framework for incident response teams that can be deployed across the open source community and conducting annual third-party reviews of the top 200 most critical open source security components .
More recently , the OpenSSF hosted a Town Hall especially for open-source software maintainers , contributors , software developers and open-source software users who know security is important , but haven ’ t made the leap to join an OpenSSF Working Group or Project yet . u
intelligent SOFTWARE SECURITY
www . intelligentciso . com
69