Minder applies policies to eliminate risk across the software development lifecycle
The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software, has welcomed Minder as its newest sandbox project within the Security Tooling Working Group. Minder makes it easier for an organization to consistently adopt security tooling, including other OpenSSF projects, and enforce a policy-based approach to open source software security.
Also Read: A Comprehensive Guide to DDoS Protection Strategies for Modern Enterprises
Minder brings developers and security teams together to discover and eliminate risk before code is merged, using best practices from the OpenSSF Scorecard, Sigstore and similar projects. Minder integrates these projects for organizations that want a platform to manage open source security; it automates the application and enforcement of policies across groups of repositories, cryptographically signs software artifacts and more. The outcome is more control and consistency, but also more speed enabled by clear boundaries and automation.
“Open source software is a wellspring of innovation. There are some incredible projects already housed in the OpenSSF that drive tremendous value, but require expertise to operationalize,” said Craig McLuckie, CEO and co-founder of Stacklok. “Minder addresses this gap by making it easier to use these tools and centralizing control of policy across the software development lifecycle. We’re eager to work even more closely with the OpenSSF to make open source software safer and more sustainable to consume.”
“We believe organizations that adopt a policy-based approach to security are best positioned to stay steps ahead of threat actors,” said Bob Callaway, Head of Google’s Open Source Security Team and OpenSSF Technical Advisory Council Member. “To that end, Minder brings a complementary set of capabilities to the OpenSSF Security Tools Working Group.”
Also Read: Protecting APIs at the Edge
As a sandbox project, Minder will now benefit from OpenSSF governance models and resources. The Security Tools Working Group will provide guidance on how to grow and improve the project, and engage a wider set of maintainers and contributors.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
