AWS Open Source Security
Committed to raising standards for the broader community
At AWS, security is our top priority. We work hard to make AWS the best place for customers to build and run open source software in the cloud. We are committed to raising the bar for open source security by developing key security-related technologies in collaboration with the community and by contributing code, resources, and talent to open source software.
We actively participate in open source foundations, trade associations, standard bodies, and regulatory organizations, with a goal of improving software supply chain security to benefit our customers and improve security posture across the industry.
Security frameworks and tools as open source
We work upstream and release security frameworks and tools as open source to improve security posture across the industry.
We co-founded, alongside 17 partner organizations, the Open Cybersecurity Schema Framework (OCSF) project to make it easier for security professionals to ingest and correlate telemetry data from different sources. OCSF has gained recognition as the standard for seamless tool communication, enabling interoperability across the open source security community.
AWS uses Rust, a memory-safe language, as the language of choice for multiple services, including Amazon S3, Amazon Route 53, and Amazon EC2. We contribute dedicated security and software engineering expertise to help organizations like the Rust Foundation improve their security posture, which impacts all those who consume from them.
We participate in the Kubernetes Security Response Committee to improve long-term sustainability and advise on security best practices. We have committed cloud credits to the Cloud Native Computing Foundation to run the Kubernetes project, which helps provide the community with more testing and better tools, leading to fewer bugs in project releases.
We contribute to the OpenJDK project, including bug fixes that are hard to reproduce because they only occur when running at scale. Our commitment extends through Amazon Corretto, a no-cost, multiplatform, production-ready open source distribution of OpenJDK, which comes with long-term support including performance enhancements and security fixes.
Supporting the advancement of open source security communities
We provide financial support, engineering staffing, and software development resources, including coding and testing, to advance open source security communities.
Shared learnings
We share AWS learnings and practices on consuming open source securely that you can leverage in your organization.
Consider adopting Powertools for AWS Lambda (Python), a developer toolkit to implement serverless best practices and increase developer velocity.
Learn about our approach to the Apache Log4j (Log4Shell) vulnerability and our guidance to help customers respond.
Learn more about the security practices we use via the GitHub repository, such as the recent security audit completed by the OpenSearch team at AWS.
Featured AWS open source security projects
Some of the most popular open source developer tools, platforms, databases, and services on AWS are based on leading open source projects. Amazon-led projects of note include:
Snapchange
Snapchange started as an experiment by the Find and Fix (F2) open source security research team to explore the potential of using KVM in enabling snapshot fuzzing. It’s one of a number of tools and techniques used by the F2 team in its research efforts to enable a secure and trustworthy open source supply chain for AWS and its customers.
Cedar
Define permissions as easy-to-understand policies with Cedar, an open source language for access control built by using automated reasoning and differential testing.
Bottlerocket
AWS launched Bottlerocket, a Rust language-oriented Linux for containers, and the Amazon EC2 team uses Rust as the language of choice for new AWS Nitro System components.
Kani Rust Verifier Project
This is an open source project maintained by AWS that helps the verification of unsafe code blocks in Rust that may contain memory safety issues, leading to security concerns.
Firecracker
Written in Rust, Firecracker provides the open source virtualization technology that powers AWS Lambda and other serverless offerings.
