Linux Foundation Adopts Website Security and Encryption Platform

The Linux Foundation is moving to place open source at the fore of web security by taking the Internet Security Research Group under its wing, along with Let’s Encrypt, the group’s open certificate authority platform. Akamai, Cisco Systems (CSCO), Electronic Frontier Foundation, Mozilla and other organizations are joining in the effort.

The Internet Security Research Group has operated independently since its founding in 2014, with Josh Aas of Mozilla serving as its executive director, and representatives of several other major open source organizations on its board. The Linux Foundation’s agreement to take over hosting the project will give the initiative a new credential within the open source community, however.

At the same time, the move makes it easier for the Linux Foundation to take an active role in promoting open source Web security through the Let’s Encrypt platform, which provides a free resource for website maintainers to create SSL certificates to encrypt their sites.

In that way, the agreement complements the Linux Foundation’s launch about a year ago of the Core Infrastructure Initiative. One of the first goals of that project was to beef up the security of OpenSSL, the open source Web encryption platform whose exploitation made possible the Heartbleed bug in 2014.

For advocates of open source security, then, this is welcome news. But you don’t have to love open source to appreciate this agreement. Anyone with a website can benefit, since Let’s Encrypt provides a free and simple way to add SSL security to a site—now with the backing of the Linux Foundation.