Omkhar Arasaratnam

Early Career

Arasaratnam began his career at IBM, where he contributed to open-source software as a maintainer for Gentoo Linux on the PPC64 architecture and as a contributor to the Linux kernel. He subsequently held security engineering and leadership roles at a range of financial institutions and technology companies, including Deutsche Bank, JPMorgan Chase, and Google.

Open Source Security Foundation

In May 2023, Arasaratnam was appointed general manager of the Open Source Security Foundation (OpenSSF), a Linux Foundation initiative, succeeding Brian Behlendorf. OpenSSF coordinates industry efforts to improve the security of widely deployed open-source software used in commercial and government systems. In this role, Arasaratnam coordinated foundation initiatives and represented OpenSSF in discussions with technology companies and public-sector stakeholders, including participation in a two-day Secure Open Source Software Summit convened at the White House in September 2023 and an address at the United Nations OSPOs for Good conference at UN Headquarters in New York in July 2024.

In October 2023, Arasaratnam spoke at the Linux Foundation's Open Source Summit Europe, where he commented on proposed EU regulatory approaches to open-source software security, arguing that the Cyber Resilience Act did not adequately account for how individual contributors and foundations support the open-source ecosystem.

Arasaratnam departed OpenSSF in September 2024. In October 2024, he joined LinkedIn as its first Distinguished Engineer for Security.

XZ Utils Supply Chain Incident

In 2024, Arasaratnam was widely quoted in media coverage of a supply chain compromise discovered in XZ Utils, a data compression utility broadly used in Linux distributions. He discussed structural risks associated with volunteer-maintained infrastructure and the challenges of detecting long-term, socially engineered attacks on open-source projects. Following the incident, Arasaratnam and OpenJS Foundation executive director Robin Bender Ginn co-authored a public warning that similar social engineering attempts had targeted JavaScript projects, urging maintainers to scrutinize requests for elevated access from unknown contributors. In October 2024, he delivered a keynote at SecTor, Canada's largest cybersecurity conference, presenting on the XZ Utils backdoor as a case study in software supply chain security.

Research and Publications

Arasaratnam has co-authored research on usable privacy and digital public goods, including work published at USENIX SOUPS 2024. The paper "Privacy Requirements and Realities of Digital Public Goods" was recognized as the winner in the "Most Notable Paper – Social Impact" category at NYU Tandon's CSAW 2024 Applied Research Competition. He also contributed a chapter titled "Introduction to Cloud Computing" to the 2011 Wiley volume Auditing Cloud Computing: A Security and Privacy Guide.

Arasaratnam is listed as an inventor on multiple patents in areas including trust assertion, data validation, and cloud computing. Selected patents include work on trust assertion using hierarchical weights, externalized data validation, virtual machine allocation optimization, and software-defined community cloud architectures.

Academic and Philanthropic Work

Arasaratnam is a senior fellow at the NYU Center for Cybersecurity and serves on the NYU Cyber Fellows Advisory Council. In 2021, he and his wife established the S&K Scholarship at New York University Tandon School of Engineering, supporting graduate students pursuing cybersecurity studies.