Later this summer, we will unveil yet another new way to give CapEx to the Linux Foundation called the Software Security Project. The SSP is part of the Linux Foundation, alongside projects that often do the same exact thing like the CNCF and the OpenSSF.
While the OpenSSF focuses on securing the supply chain itself, the SSP will focus on creating training, content, standards, and tools that also do the same thing.
The SSP will also be helping important security projects and tools become financially sustainable, providing funding, operational support, and commercial support: Something the LF doesn't do an adequate job of for its existing security projects that live under it's other foundations.
We have a few exciting projects already being incubated and are working with a set of charter members to ensure that our governance, funding, and operational structure fits the needs of unnamed and unaccountable people not wanting to put in the effort with established community and industry organizations. How might an open source foundation that either doesn't exist yet or have governance have projects already? That's something for the lawyers to sort out.
We expect to be ready to launch in late Summer with more details, after we've done a few more backroom deals.
In the meantime, come check out my startup that also just announced its first product with suspicious timing, and join us for a sponsored and ethically questionable free drink at BlackHat.