Omkhar Arasaratnam

Omkhar Arasaratnam
Occupations
  • Computer scientist
  • Cybersecurity executive
Years active1998–present
EmployerLinkedIn
Known forLeadership roles in open-source software security and cybersecurity
Websiteomkhar.net

Omkhar Arasaratnam is a Canadian-American computer scientist and cybersecurity executive whose work has focused on cybersecurity, open-source software security and software supply chain risk. He served as general manager of the Open Source Security Foundation (OpenSSF), a Linux Foundation initiative, from May 2023 to September 2024.[1] In this capacity, he participated in industry and government discussions on securing widely used open-source infrastructure, including meetings convened by the White House and the United Nations.[2][3][4]

Since October 2024, Arasaratnam has served as distinguished engineer for security at LinkedIn.[5]

Career

Arasaratnam began his career at IBM, where he contributed to open-source software projects as a maintainer for Gentoo Linux on the PPC64 architecture and as a contributor to the Linux kernel. [6][7] He later held security engineering and leadership roles at financial institutions and technology companies, including Deutsche Bank, JPMorgan Chase, and Google.[1][8]

In May 2023, Arasaratnam was appointed general manager of the Open Source Security Foundation, succeeding Brian Behlendorf.[1][9] OpenSSF coordinates industry efforts to improve the security of widely deployed open-source software used in commercial and government systems. As general manager, Arasaratnam coordinated foundation initiatives and represented OpenSSF in discussions with technology companies and public-sector stakeholders.

Arasaratnam departed OpenSSF in September 2024 and joined LinkedIn as distinguished engineer for security, where his work has focused on software supply chain risk and platform security.[10]

Public commentary and incident response

In 2024, Arasaratnam was quoted by multiple media outlets regarding a supply chain compromise discovered in XZ Utils, a data compression utility widely used in Linux distributions.[11][12][13]

In these interviews, he discussed structural risks associated with volunteer-maintained infrastructure and the challenges of detecting long-term, socially engineered attacks on open-source projects.[12][13] In technical interviews, he analyzed the attacker's methodology and commented on the limitations of existing defensive tools.[14][15]

Following the incident, Arasaratnam and OpenJS Foundation executive director Robin Bender Ginn co-authored a public warning that similar social engineering attempts had targeted JavaScript projects, urging maintainers to scrutinize requests for elevated access from unknown contributors.[16]

Open-source security advocacy

In August 2023, Arasaratnam commented on the White House's National Cyber Workforce and Education Strategy, telling Nextgov/FCW that the strategy's focus on education and career placement would help address cybersecurity talent gaps.[17]

In September 2023, Arasaratnam participated in the Secure Open Source Software Summit at the White House, a two-day meeting convening approximately 90 government officials and private sector executives to discuss open-source security.[2][3][18]

In October 2023, Arasaratnam spoke at the Linux Foundation's Open Source Summit Europe, where he commented on proposed regulatory approaches to open-source software security in the European Union, arguing that the Cyber Resilience Act failed to account for how individual contributors and foundations support the open-source ecosystem.[19]

In July 2024, Arasaratnam addressed the United Nations OSPOs for Good conference at UN Headquarters in New York, discussing how open-source contributors could support the Sustainable Development Goals.[4][20]

In October 2024, Arasaratnam delivered a keynote address at SecTor, Canada's largest cybersecurity conference, presenting on the XZ Utils backdoor as a case study in software supply chain security.[21]

Academic and philanthropic work

Arasaratnam is a senior fellow at the NYU Center for Cybersecurity and serves on the NYU Cyber Fellows Advisory Council.[22]

In 2021, Arasaratnam and his wife established the S&K Scholarship at New York University Tandon School of Engineering, supporting graduate students pursuing cybersecurity studies.[23]

References

  1. ^ a b c "Meet New OpenSSF GM Omkhar Arasaratnam". Linux Foundation. May 30, 2023. Retrieved January 1, 2026.
  2. ^ a b Sabin, Sam (September 12, 2023). "Biden administration, tech industry draft a long-term plan to secure open source software". Axios. Retrieved January 1, 2026.
  3. ^ a b Rundle, James (September 13, 2023). "White House Calls for Stronger Open-Source Security". The Wall Street Journal. Retrieved January 1, 2026.
  4. ^ a b OSPOs for Good 2024 Conference Report (PDF) (Report). United Nations Office of the Secretary-General's Envoy on Technology. 2024. p. 46. Retrieved January 1, 2026.
  5. ^ "Industry Moves for the week of October 7, 2024". SecurityWeek. October 7, 2024. Retrieved February 22, 2026.
  6. ^ "Retired Gentoo developers". Gentoo Linux. Retrieved February 22, 2026.
  7. ^ Bligh, Martin J. (2003-12-15). "2.6.0-test11-mjb3". linux-kernel (Mailing list). Retrieved 2026-02-23.
  8. ^ "Data443 Risk Mitigation Welcomes Mr. Omkhar Arasaratnam to Its Advisory Board" (Press release). GlobeNewswire. July 29, 2020. Retrieved January 1, 2026.
  9. ^ Arghire, Ionut (May 11, 2023). "OpenSSF Receives $5 Million for Open Source Software Security Project". SecurityWeek. Retrieved January 1, 2026.
  10. ^ "SecTor 2024 Announces Record-Breaking Attendance Following Successful Close of Toronto Event" (Press release). Business Wire. October 30, 2024. Retrieved January 1, 2026.
  11. ^ "The economic model that made the internet, and the hack that almost broke it". Planet Money. May 17, 2024. NPR. Retrieved January 1, 2026.
  12. ^ a b Satter, Raphael (April 5, 2024). "Why a near-miss cyberattack put US officials and the tech industry on edge". Reuters. Retrieved January 1, 2026.
  13. ^ a b "Why is so much of the internet's infrastructure run by volunteers?". The Economist. April 23, 2024. Retrieved January 1, 2026.
  14. ^ Jones, David (April 2, 2024). "Motivations behind XZ Utils backdoor may extend beyond rogue maintainer". Cybersecurity Dive. Retrieved January 1, 2026.
  15. ^ Wright, Rob; Culafi, Alexander (April 1, 2024). "XZ backdoor discovery reveals Linux supply chain attack". TechTarget. Retrieved January 1, 2026.
  16. ^ "Supply chain attack sends shockwaves through open-source community". CyberScoop. April 5, 2024. Retrieved January 1, 2026.
  17. ^ "Cyber workforce strategy requires buy-in across sectors, experts say". Nextgov/FCW. August 1, 2023. Retrieved January 1, 2026.
  18. ^ Vasquez, Christian (September 13, 2023). "Washington summit grapples with securing open source software". CyberScoop. Retrieved January 1, 2026.
  19. ^ Patel, Azania Imtiaz (October 12, 2023). "CRA(P): Will Europe throw the open source baby out with the bathwater?". The Stack. Retrieved January 1, 2026.
  20. ^ "OSPOs for Good 2024 – Speakers". United Nations Office of the Secretary-General's Envoy on Technology. Retrieved January 1, 2026.
  21. ^ "SecTor Announces Leigh Honeywell and Omkhar Arasaratnam as Keynote Speakers for SecTor 2024" (Press release). Business Wire. October 10, 2024. Retrieved January 1, 2026.
  22. ^ "Omkhar Arasaratnam". New York University Tandon School of Engineering. Archived from the original on 2025-01-18. Retrieved January 1, 2026.
  23. ^ "NYU Tandon announces 2021 S&K scholarship recipients". NYU Tandon School of Engineering. April 1, 2021. Retrieved January 1, 2026.
This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.