Omkhar Arasaratnam

Omkhar Arasaratnam
Other names	Omkharan Arasaratnam
Occupations	Computer scientist Cybersecurity executive
Years active	1998–present
Employer	LinkedIn
Known for	Leadership roles in open-source software security and cybersecurity
Website	omkhar.net

Omkhar Arasaratnam is a Canadian-American computer scientist and cybersecurity executive whose work has focused on cybersecurity, open-source software security and software supply chain risk. He served as general manager of the Open Source Security Foundation (OpenSSF), a Linux Foundation initiative, from May 2023 to September 2024.^[1] In this capacity, he participated in industry and government discussions on securing widely used open-source infrastructure, including meetings convened by the White House and the United Nations.^[2][3][4]

Arasaratnam departed OpenSSF in September 2024.^[5] In October 2024, he joined LinkedIn as its first Distinguished Engineer for Security.^[6][7]

Publications

Arasaratnam has co-authored research on usable privacy and “digital public goods,” including work published by USENIX."SOUPS 2024 Accepted Papers". USENIX. Retrieved March 28, 2026.

• "Privacy Requirements and Realities of Digital Public Goods" (PDF). USENIX. 2024. Retrieved March 28, 2026.
• Arasaratnam, Omkhar (2011). "Introduction to Cloud Computing". In Halpert, Ben (ed.). Auditing Cloud Computing: A Security and Privacy Guide. Wiley. pp. 1–13. ISBN 978-0-470-87474-5.

Awards and honors

The paper “Privacy Requirements and Realities of Digital Public Goods” was recognized as the winner in the category “Most Notable Paper – Social Impact” in NYU Tandon's CSAW 2024 Applied Research Competition."CSAW turns 21 ... with powerful partnerships and new programming". NYU Tandon School of Engineering. December 17, 2024. Retrieved March 28, 2026.

Patents

Arasaratnam (also published as “Omkharan Arasaratnam”) is listed as an inventor on multiple patents in areas including trust, data validation, and cloud computing."US8615789B2 — Trust assertion using hierarchical weights". Google Patents. Retrieved March 28, 2026.

Selected patents include:

• "US8615789B2 — Trust assertion using hierarchical weights". Google Patents. Retrieved March 28, 2026.
• "US8396842B2 — Externalized data validation engine". Google Patents. Retrieved March 28, 2026.
• "US9229711B2 — Optimizing on demand allocation of virtual machines using a stateless preallocation pool". Google Patents. Retrieved March 28, 2026.
• "WO2024118389A1 — Software defined community cloud". Google Patents. Retrieved March 28, 2026.

Career

Arasaratnam began his career at IBM, where he contributed to open-source software projects as a maintainer for Gentoo Linux on the PPC64 architecture and as a contributor to the Linux kernel. ^[8][9] He later held security engineering and leadership roles at financial institutions and technology companies, including Deutsche Bank, JPMorgan Chase, and Google.^[1][10]

In May 2023, Arasaratnam was appointed general manager of the Open Source Security Foundation, succeeding Brian Behlendorf.^[1][11] OpenSSF coordinates industry efforts to improve the security of widely deployed open-source software used in commercial and government systems. As general manager, Arasaratnam coordinated foundation initiatives and represented OpenSSF in discussions with technology companies and public-sector stakeholders.

Arasaratnam departed OpenSSF in September 2024.^[12] In October 2024, he joined LinkedIn as its first Distinguished Engineer for Security.^[13][7]

Public commentary and incident response

In 2024, Arasaratnam was quoted by multiple media outlets regarding a supply chain compromise discovered in XZ Utils, a data compression utility widely used in Linux distributions.^[14][15][16]

In these interviews, he discussed structural risks associated with volunteer-maintained infrastructure and the challenges of detecting long-term, socially engineered attacks on open-source projects.^[15][16] In technical interviews, he analyzed the attacker's methodology and commented on the limitations of existing defensive tools.^[17][18]

Following the incident, Arasaratnam and OpenJS Foundation executive director Robin Bender Ginn co-authored a public warning that similar social engineering attempts had targeted JavaScript projects, urging maintainers to scrutinize requests for elevated access from unknown contributors.^[19]

Open-source security advocacy

In August 2023, Arasaratnam commented on the White House's National Cyber Workforce and Education Strategy, telling Nextgov/FCW that the strategy's focus on education and career placement would help address cybersecurity talent gaps.^[20]

In September 2023, Arasaratnam participated in the Secure Open Source Software Summit at the White House, a two-day meeting convening approximately 90 government officials and private sector executives to discuss open-source security.^[2][3][21]

In October 2023, Arasaratnam spoke at the Linux Foundation's Open Source Summit Europe, where he commented on proposed regulatory approaches to open-source software security in the European Union, arguing that the Cyber Resilience Act failed to account for how individual contributors and foundations support the open-source ecosystem.^[22]

In July 2024, Arasaratnam addressed the United Nations OSPOs for Good conference at UN Headquarters in New York, discussing how open-source contributors could support the Sustainable Development Goals.^[4][23]

In October 2024, Arasaratnam delivered a keynote address at SecTor, Canada's largest cybersecurity conference, presenting on the XZ Utils backdoor as a case study in software supply chain security.^[24]

Academic and philanthropic work

Arasaratnam is a senior fellow at the NYU Center for Cybersecurity and serves on the NYU Cyber Fellows Advisory Council.^[25]

In 2021, Arasaratnam and his wife established the S&K Scholarship at New York University Tandon School of Engineering, supporting graduate students pursuing cybersecurity studies.^[26]

References

1. "Meet New OpenSSF GM Omkhar Arasaratnam". Linux Foundation. May 30, 2023. Retrieved January 1, 2026.
2. Sabin, Sam (September 12, 2023). "Biden administration, tech industry draft a long-term plan to secure open source software". Axios. Retrieved January 1, 2026.
3. Rundle, James (September 13, 2023). "White House Calls for Stronger Open-Source Security". The Wall Street Journal. Retrieved January 1, 2026.
4. OSPOs for Good 2024 Conference Report (PDF) (Report). United Nations Office of the Secretary-General's Envoy on Technology. 2024. p. 46. Retrieved January 1, 2026.
5. "What's in the SOSS? Podcast #15 – Bidding Adieu to Omkhar Arasaratnam". Open Source Security Foundation. September 17, 2024. Retrieved March 28, 2026.
6. "Industry Moves for the week of October 7, 2024". SecurityWeek. October 7, 2024. Retrieved March 28, 2026.
7. "SecTor 2024 | Briefings Schedule". Black Hat. Retrieved March 28, 2026.
8. "Retired Gentoo developers". Gentoo Linux. Retrieved February 22, 2026.
9. Bligh, Martin J. (2003-12-15). "2.6.0-test11-mjb3". linux-kernel (Mailing list). Retrieved 2026-02-23.
10. "Data443 Risk Mitigation Welcomes Mr. Omkhar Arasaratnam to Its Advisory Board" (Press release). GlobeNewswire. July 29, 2020. Retrieved January 1, 2026.
11. Arghire, Ionut (May 11, 2023). "OpenSSF Receives $5 Million for Open Source Software Security Project". SecurityWeek. Retrieved January 1, 2026.
12. "What's in the SOSS? Podcast #15 – Bidding Adieu to Omkhar Arasaratnam". Open Source Security Foundation. September 17, 2024. Retrieved March 28, 2026.
13. "Industry Moves for the week of October 7, 2024". SecurityWeek. October 7, 2024. Retrieved March 28, 2026.
14. "The economic model that made the internet, and the hack that almost broke it". Planet Money. May 17, 2024. NPR. Retrieved January 1, 2026.
15. Satter, Raphael (April 5, 2024). "Why a near-miss cyberattack put US officials and the tech industry on edge". Reuters. Retrieved January 1, 2026.
16. "Why is so much of the internet's infrastructure run by volunteers?". The Economist. April 23, 2024. Retrieved January 1, 2026.
17. Jones, David (April 2, 2024). "Motivations behind XZ Utils backdoor may extend beyond rogue maintainer". Cybersecurity Dive. Retrieved January 1, 2026.
18. Wright, Rob; Culafi, Alexander (April 1, 2024). "XZ backdoor discovery reveals Linux supply chain attack". TechTarget. Retrieved January 1, 2026.
19. "Supply chain attack sends shockwaves through open-source community". CyberScoop. April 5, 2024. Retrieved January 1, 2026.
20. "Cyber workforce strategy requires buy-in across sectors, experts say". Nextgov/FCW. August 1, 2023. Retrieved January 1, 2026.
21. Vasquez, Christian (September 13, 2023). "Washington summit grapples with securing open source software". CyberScoop. Retrieved January 1, 2026.
22. Patel, Azania Imtiaz (October 12, 2023). "CRA(P): Will Europe throw the open source baby out with the bathwater?". The Stack. Retrieved January 1, 2026.
23. "OSPOs for Good 2024 – Speakers". United Nations Office of the Secretary-General's Envoy on Technology. Retrieved January 1, 2026.
24. "SecTor Announces Leigh Honeywell and Omkhar Arasaratnam as Keynote Speakers for SecTor 2024" (Press release). Business Wire. October 10, 2024. Retrieved January 1, 2026.
25. "Omkhar Arasaratnam". New York University Tandon School of Engineering. Archived from the original on 2025-01-18. Retrieved January 1, 2026.
26. "NYU Tandon announces 2021 S&K scholarship recipients". NYU Tandon School of Engineering. April 1, 2021. Retrieved January 1, 2026.

External links

• S&K Scholarship