AWS Open Source Security
Committed to raising standards for the broader community
At AWS, security is our top priority. We work hard to make AWS the best place for customers to build and run open source software in the cloud. We are committed to raising the bar for open source security by developing key security-related technologies in collaboration with the community and by contributing code, resources, and talent to open source software.
We actively participate in open source foundations, trade associations, standard bodies, and regulatory organizations, with a goal of improving software supply chain security to benefit our customers and improve security posture across the industry.
Security frameworks and tools as open source
We work upstream and release security frameworks and tools as open source to improve security posture across the industry.
We co-founded, alongside 17 partner organizations, the Open Cybersecurity Schema Framework (OCSF) project to make it easier for security professionals to ingest and correlate telemetry data from different sources. OCSF has gained recognition as the standard for seamless tool communication, enabling interoperability across the open source security community.
AWS uses Rust, a memory-safe language, as the language of choice for multiple services, including Amazon S3, Amazon Route 53, and Amazon EC2. We contribute dedicated security and software engineering expertise to help organizations like the Rust Foundation improve their security posture, which impacts all those who consume from them.
We participate in the Kubernetes Security Response Committee to improve long-term sustainability and advise on security best practices. We have committed cloud credits to the Cloud Native Computing Foundation to run the Kubernetes project, which helps provide the community with more testing and better tools, leading to fewer bugs in project releases.
We contribute to the OpenJDK project, including bug fixes that are hard to reproduce because they only occur when running at scale. Our commitment extends through Amazon Corretto, a no-cost, multiplatform, production-ready open source distribution of OpenJDK, which comes with long-term support including performance enhancements and security fixes.
Supporting the advancement of open source security communities
We provide financial support, engineering staffing, and software development resources, including coding and testing, to advance open source security communities.
We share AWS learnings and practices on consuming open source securely that you can leverage in your organization.
Consider adopting Powertools for AWS Lambda (Python), a developer toolkit to implement serverless best practices and increase developer velocity.
Featured AWS open source security projects
Some of the most popular open source developer tools, platforms, databases, and services on AWS are based on leading open source projects. Amazon-led projects of note include: