Gidauniyar Linux ta sanar da samuwar wani sabon aikin da ake kira "OpenSSF" (Open Source Security Foundation) wacce Babban burinta shine tarawa aikin shugabannin masana'antu a fagen haɓaka ingantaccen software don inganta tsaro.
Tare da shi OpenSSF za su ci gaba da haɓaka manufofi kamar Infrastructure Initiative da kuma Open Source Security Coalition (Central Infrastructure Initiative da Open Source Security Coalition) kuma zasu hada sauran ayyukan da suka shafi tsaro wadanda kamfanonin da suka shiga aikin ke aiwatarwa.
Membobin da suka kafa kungiyar OpenSSF sun hada da GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation, da Red Hat.
Duk da yake a nasa bangaren GitLab, HackerOne, Intel, Uber, VMware, ElevenPaths, Okta, Purdue, SAFECode, StackHawk, da Trail of Bits shiga a matsayin mahalarta.
La OpenSSF haɗin gwiwa ne tsakanin masana'antu tara shugabanni don inganta tsaro na software mai buɗewa ta hanyar kirkirar al'umma mafi yawa, takamaiman manufofi kuma mafi kyawun ayyuka.
Dalilin halittar wannan aikin an haifeshi daga karatun duniyar zamani wanda a Buɗe tushen software yana cikin babban buƙata a yankuna da yawa na masana'antar, amma saboda cikakkun bayanai game da ci gaba, amintaccen tasirin sarkokin dogaro da mahalarta ci gaba.
OpenSSF haɗin gwiwar masana'antu ne wanda ke tattaro shugabanni don haɓaka tsaro na software na buɗe tushen (OSS) ta hanyar gina babbar al'umma tare da manufofi masu kyau da kyawawan halaye.
Saboda haka, don tabbatar da tsaro na ayyukan buɗe ido, yana da mahimmanci a bincika ba kawai babbar lambar ba, har ma da masu dogara, kazalika da gano masu ci gaban da aka karɓi lambar su a cikin aikin da ingantaccen ingantaccen lokacin bita da ƙaddamarwa.
Kari kan hakan, tsaro yana bukatar amfani da ingantattun tsarin ginawa da gina tabbaci.
Buɗe tushen software ya zama gama gari a cikin cibiyoyin bayanai, na'urorin masarufi, da aiyuka, wanda ke wakiltar ƙimarta tsakanin masu fasaha da kasuwanci iri ɗaya.
Saboda tsarin ci gabanta, buɗaɗɗen tushe wanda daga ƙarshe ya isa ga masu amfani na ƙarshe yana da jerin masu ba da gudummawa da dogaro. Yana da mahimmanci waɗanda ke da alhakin tsaron mai amfani ko ƙungiyar ku su iya fahimta da kuma tabbatar da tsaron wannan jerin abubuwan dogaro.
Aikin OpenSSF zai mai da hankali kan yankuna kamar su haɗin watsa bayanai masu rauni y facin rarraba, kayan aiki masu tasowa don tsaro, wallafe-wallafe mafi kyawun tsari don amintaccen ƙungiyar ci gaba, - gano barazanar da ke da alaƙa da software na tushen tushe, yi aikin Bincike da haɓaka tsaro na mahimman ayyukan buɗe tushen abubuwa, ƙirƙirar kayan aiki don tabbatar da ainihin masu haɓakawa.
Daga cikin barazanar da rashin sanin masu ci gaban ya haifar, da yuwuwar maharin ya sami haƙƙin kiyayewa don yin canje-canje na ɓarna, yin rijistar asusun don sake duba lambar su, tare da ambaton halartar masu yaudarar masu yin wasu mutane ko da'awar aiki ga wasu kamfanoni.
Jim Zemlin, Shugaba na Gidauniyar ta Linux ya ce "Mun yi imanin cewa bude tushe abu ne mai amfanar jama'a kuma a dukkan masana'antu muna da wani aiki na hada kai don ingantawa da tallafawa tsaro na kayan aikin bude kayan da duk muka dogara da su."
Misali, batutuwan tantancewa sun hada da abin da ya faru tare da dogaro da laburaren taron bayan an sauya rakiyar zuwa wani mutum da ba a tantance ba wanda tsohon manajan ya tuntube shi ta hanyar imel, ko lamura da yawa na toshe-tallace-tallace da browserari masu bincike na ɓangare na uku.
Finalmente idan kanaso ka kara sani game da shi, zaka iya bincika bayanai a cikin asalin littafin Linux Foundation A cikin mahaɗin mai zuwa.
Ko kuma zaka iya ziyartar gidan yanar gizo na OpenSSF A cikin mahaɗin mai zuwa.