Modern application stacks rely on open source software (OSS), making it a permanent part of the IT landscape. This makes OSS security vital for enterprises. While overall OSS security is sound, the communities that work on them vary. This makes it difficult for developers to choose the right security software or libraries using objective criteria.

Open Source Security Foundation (OpenSSF), a cross-industry forum whose effort is backed by Linux Foundation, was founded to meet the calls for better OSS security. This report offers an analysis intended to support this effort. It is also a complete copy that Linux Foundation and Snyk prepared for testimony at the U.S. House Committee on Science and Technology.

Key topics:

• OSS security perspectives from Linux Foundation
• How organizations are addressing and prioritizing their cybersecurity needs
• The IT industry takes a more active role in improving OSS security and sustainability
• Key conclusions and recommendations