GitHub, Google, IBM, Red Hat, Microsoft, and VMware are just a few founding members of the Linux Foundation’s latest initiative that aims to smash open source software security bugs.

The new Open Source Security Foundation (OpenSSF) brings together open source security initiatives including the Linux Foundation’s Core Infrastructure Initiative (CII) and GitHub’s Open Source Security Coalition. The Linux Foundation founded CII in response to the 2014 Heartbleed bug. And the Open Source Security Coalition, founded by the GitHub Security Lab, is developing a unified format and API for vulnerability reporting to improve open source security.

OpenSSF’s founding governing board members include GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation, and Red Hat. Additional founding members include ElevenPaths, GitLab, HackerOne, Intel, Okta, Purdue, SAFECode, StackHawk, Trail of Bits, Uber, and VMware.

“Open source has become mainstream in the enterprise. As such, the security of the open source supply-chain is of paramount importance to IBM and our clients,” said Christopher Ferris, IBM fellow and CTO of open technology at IBM, in a statement, echoing his earlier comments to SDxCentral about customers wanting open source software.

“They don’t want to be locked into any one vendor, they want interoperability and affordability, and the way to do that is through open technology,” he said. The Linux Foundation says any OpenSSF specifications and projects developed will be vendor agnostic.

IBM also last year co-founded the Open Cybersecurity Alliance, which aims to make security products interoperable using open source code, standards, and protocols.

In a blog about joining the new open source group, Microsoft Azure CTO Mark Russinovich said joining OpenSSF continues Microsoft’s work with GitHub’s Open Source Security Coalition, which makes sense considering Microsoft bought GitHub two years ago. Microsoft’s involvement with that group includes providing open-source developers with best practice recommendations and helping create an ecosystem that speeds up the time to fix software vulnerabilities.

Similarly, Google posted its own blog about OpenSFF. And in that blog, Kim Lewandowski, a product security team member, and Dan Lorenc, an infrastructure security team member, discuss how Google’s own open source Tekton project works to make it easier to map vulnerabilities back to specific versions of code and then fix the code. “We’re excited to share some of these ideas with OpenSSF,” Lewandowski and Lorenc wrote.

In addition to its governing board, OpenSSF includes a Technical Advisory Council and separate oversight for each working group and project. The Linux Foundation says OpenSSF intends to host a variety of open source technical initiatives to support open source software security, and all of this will be done on GitHub.