NCC Group’s Jennifer Fernick elected to Governing Board of Open Source Security Foundation

Jennifer Fernick, Senior Vice President (SVP) & Global Head of Research at NCC Group, was recently elected as the General Member Representative on the Governing Board of the Open Source Security Foundation (openssf.org), an organization which she and a group of colleagues from across the tech industry and the security community founded in 2020.

In this role, Jennifer joins senior technical executives from major technology companies including AWS, Cisco, Dell, GitHub, Google, Facebook, IBM, Intel, Microsoft, Oracle, Red Hat, VMWare, and more to help lead an industry-wide effort to help secure the open source ecosystem.

Following her election, Jennifer said: “Scalable improvements to the core infrastructure of the internet through dedicated investment in the security of the open source ecosystem is one of the most high-impact ways to strengthen the security, privacy, and resilience of our increasingly interconnected world.

Earlier this month, Jennifer was an invited Keynote Speaker at the Linux Foundation Member Summit, where she made a case for why coordinated efforts to secure the open source ecosystem are urgently needed to strengthen software supply chain security. She and her co-speaker, David Wheeler of the Linux Foundation, also highlighted progress made since OpenSSF's founding in August 2020.

Last month at KubeCon, the Open Source Security Foundation’s new General Manager, Brian Behlendorf, announced a $10 million dollar investment to “identify and fix cybersecurity vulnerabilities in open source software and develop improved tooling, training, research, best practices, and vulnerability disclosure practices.”

Consultants and researchers from across NCC Group are invited to make contributions to OpenSSF’s efforts to improve open source security - and supported in this pursuit with dedicated, paid research time - as a part of NCC Group’s research working group focusing on Reducing Vulnerabilities at Scale, which seeks to explore new ways for detecting, remediating, and even preventing security vulnerabilities at massive scale.