OCSF Simplifies Security Data Challenges and Creates Flexibility for Security Teams and Data Producers, Empowering Organizations to Effectively Mitigate Cyber Risks
NAPA, Calif., Nov. 19, 2024 – Linux Foundation Member Summit – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, welcomes the Open Cybersecurity Schema Framework (OCSF) to the Linux Foundation family of projects. This new partnership aims to drive the development and adoption of an open, extensible framework for cybersecurity data schemas. OCSF enables security teams and data producers to work seamlessly within a standardized framework to accelerate threat detection, response, and innovation.
Founded in 2022 with support from leading technology companies—including AWS, Cisco, IBM, Splunk, and derived from schema work done by Broadcom (Symantec)—OCSF provides a unified language to simplify and standardize how security data is managed, shared, and analyzed across diverse environments. The OCSF project has grown significantly into a thriving ecosystem with over 900 contributors and 200 participating organizations, including security-focused independent software vendors (ISVs), government agencies, educational institutions, and enterprises. With OCSF now under the Linux Foundation, contributors have greater access to develop and expand a framework that empowers data producers, engineers, and security teams to work together seamlessly to effectively address emerging cyber threats.
OCSF provides a unified language to simplify and standardize how security data is managed, shared, and analyzed.
“With cybersecurity incidents on the rise, the need for collaborative, open source solutions grows with each passing day,” said Executive Director of the Linux Foundation, Jim Zemlin. “We are pleased to bring the Open Cybersecurity Schema Framework into the Linux Foundation, marking a unique opportunity for the industry to converge on how security data is managed and used.”
Detection engineering, threat hunting, analytics development, and the rise of artificial intelligence are often hindered by the absence of a standard format and data model for cybersecurity logs and alerts. The OCSF framework comprises a set of data types, an attribute dictionary, and a taxonomy. Since its initial release of version 1.0.0 in September 2023, OCSF has undergone rapid evolution, demonstrating the community’s commitment to continuously enhancing the framework. The latest version, 1.3.0, released in August 2024, introduces new event classes for software inventory, remediation activities, and an OSINT profile for cyber threat intelligence enrichment, further solidifying OCSF’s role in standardizing cybersecurity data. Developed initially as a schema for cybersecurity events, the OCSF’s open standard can today be adopted in any environment, application, or solution.
For more information and to contribute, visit: https://ocsf.io/.
Supporting Quotes
AWS
“We believe that joining the Linux Foundation will strengthen OCSF’s role as a leading open security data schema and accelerate its adoption across the industry,” said Gee Rittenhouse, Vice President of Security Services, AWS. “With the Linux Foundation’s extensive resources and strong governance model, we aim to empower the security community to collaborate more effectively and drive innovation in addressing cyber risks.”
Broadcom
“Broadcom is proud to have contributed the Symantec ICD schema as the foundation for the OCSF project. We support OCSF in our own portfolio today, helping streamline Security Operations for organizations that leverage a wide range of telemetry sources in their investigations,” said Jason Rolleston, Vice President and General Manager, Enterprise Security Group, Broadcom. “Joining the Linux Foundation will greatly enhance the visibility of OCSF, increase innovation around the standard, and hasten its overall adoption.”
Cisco
“In my experience developing eBPF and Cilium, I’ve seen firsthand how open standards can drive innovation and efficiency. Adopting the Open Cybersecurity Schema Framework (OCSF) under the Linux Foundation will similarly enable organizations like Cisco to enhance real-time threat detection and response,” said Thomas Graf, Co-founder and Chief Technology Officer, Isovalent, now part of Cisco. “By reducing the friction associated with data normalization, we can focus more on proactive security strategies and delivering value to our customers.”
IBM
“OCSF and IBM share a passion for open-source innovation and a commitment to strengthening the cybersecurity community,” said Sridhar Muppidi, IBM Fellow, VP & CTO, IBM Security. “As AI and hybrid cloud transformation evolve, OCSF’s work is more crucial than ever. We’re excited to support its journey with the Linux Foundation and to continue shaping a secure, collaborative future together.”
Splunk
“We are proud to continue our support for the Open Cybersecurity Schema Framework (OCSF) as it joins The Linux Foundation’s family of projects,” said Paul Agbabian, Vice President of Security Technology Leadership, Splunk, a Cisco company. “In just two years, OCSF has grown from a small group of companies into a diverse coalition that includes industry leaders, customers, government agencies and educational institutions, all working together to address shared security challenges. With The Linux Foundation’s support and infrastructure, OCSF will be well-positioned to sustain and extend its impact, driving further innovation and interoperability in open-source cybersecurity.”
About the Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
Leave a Reply