The Linux Foundation welcomed the
Open Cybersecurity Schema Framework (OCSF) to
the Linux Foundation family of projects. This new partnership aims to
drive the development and adoption of an open, extensible framework for
cybersecurity data schemas. OCSF enables security teams and data
producers to work seamlessly within a standardized framework to
accelerate threat detection, response, and innovation.
Founded in 2022 with support from leading technology
companies-including AWS, Cisco, IBM, Splunk, and derived from schema
work done by Broadcom (Symantec)-OCSF provides a unified language to
simplify and standardize how security data is managed, shared, and
analyzed across diverse environments. The OCSF project has grown
significantly into a thriving ecosystem with over 900 contributors and
200 participating organizations, including security-focused independent
software vendors (ISVs), government agencies, educational institutions,
and enterprises. With OCSF now under the Linux Foundation, contributors
have greater access to develop and expand a framework that empowers data
producers, engineers, and security teams to work together seamlessly to effectively address emerging cyber threats.
"With cybersecurity incidents on the rise, the need for
collaborative, open source solutions grows with each passing day," said
Executive Director of the Linux Foundation, Jim Zemlin. "We are pleased
to bring the Open Cybersecurity Schema Framework into the Linux
Foundation, marking a unique opportunity for the industry to converge on
how security data is managed and used."
Detection engineering, threat hunting, analytics development, and the
rise of artificial intelligence are often hindered by the absence of a
standard format and data model for cybersecurity logs and alerts. The
OCSF framework comprises a set of data types, an attribute dictionary,
and a taxonomy. Since its initial release of version 1.0.0 in September
2023, OCSF has undergone rapid evolution, demonstrating the community's
commitment to continuously enhancing the framework. The latest version,
1.3.0, released in August 2024, introduces new event classes for
software inventory, remediation activities, and an OSINT profile for
cyber threat intelligence enrichment, further solidifying OCSF's role in
standardizing cybersecurity data. Developed initially as a schema for
cybersecurity events, the OCSF's open standard can today be adopted in
any environment, application, or solution.
For more information and to contribute, visit: https://ocsf.io/.
AWS
"We believe that joining the Linux Foundation will strengthen OCSF's
role as a leading open security data schema and accelerate its adoption
across the industry," said Gee Rittenhouse, Vice President of Security Services, AWS.
"With the Linux Foundation's extensive resources and strong governance
model, we aim to empower the security community to collaborate more
effectively and drive innovation in addressing cyber risks."
Broadcom
"Broadcom is proud to have contributed the Symantec ICD schema as the
foundation for the OCSF project. We support OCSF in our own portfolio
today, helping streamline Security Operations for organizations that
leverage a wide range of telemetry sources in their investigations,"
said Jason Rolleston, Vice President and General Manager, Enterprise Security Group, Broadcom.
"Joining the Linux Foundation will greatly enhance the visibility of
OCSF, increase innovation around the standard, and hasten its overall
adoption."
Cisco
"In my experience developing eBPF and Cilium, I've seen firsthand how
open standards can drive innovation and efficiency. Adopting the Open
Cybersecurity Schema Framework (OCSF) under the Linux Foundation will
similarly enable organizations like Cisco to enhance real-time threat
detection and response," said Thomas Graf, Co-founder and Chief Technology Officer, Isovalent, now part of Cisco.
"By reducing the friction associated with data normalization, we can
focus more on proactive security strategies and delivering value to our
customers."
IBM
"OCSF and IBM share a passion for open-source innovation and a commitment to strengthening the cybersecurity community," said Sridhar Muppidi, IBM Fellow, VP & CTO, IBM Security.
"As AI and hybrid cloud transformation evolve, OCSF's work is more
crucial than ever. We're excited to support its journey with the Linux
Foundation and to continue shaping a secure, collaborative future
together."