What is the Alpha-Omega Project? Its purpose is to “improve global open source software supply chain security by working with project maintainers to systematically look for new, as-yet-undiscovered vulnerabilities in open-source code” and then fix them. This is vital to improving open-source security.
To make this happen, the Linux Foundation‘s partner group — Open Source Security Foundation (OpenSSF), Google, and Microsoft — are joining forces to work with security experts and use automated security testing to improve open-source security. Microsoft and Google are bringing an initial investment of $5 million to the Alpha-Omega Project.
Software supply chain security has become essential. One major security problem after another — including the SolarWinds software supply chain attack, the Log4j vulnerability, and the npm bad code injection episode — can be traced back to software supply chain vulnerabilities.