A well-designed Open Source Program Office (OSPO), when present, is the center of competency for an organization’s open source operations and structure. Here are a dozen ways OSPOs can be…
Along the River Liffey in Dublin, Ireland we hosted OpenSSF Day EU at the Open Source Summit Europe earlier this month where community members gathered together to discuss the challenges,…
The Securing Open Source Software Act is in response to the Log4Shell vulnerability discovered in late November 2021. What is the Securing Open Source Software Act about? On 21st September…
This year SigstoreCon will be hosted for the first time! The one-day event will take place on October 25, in Detroit Michigan, in co-location with KubeCon + CloudNativeCon North America.…
SBOM Everywhere, as the name suggests, is working towards bringing SBOMs to all of open source in a way that is non disruptive. The first effort of the SBOM Everywhere…
The Vulnerability Disclosures Working Group is proud to unveil the next evolution in improving open source coordination of vulnerability disclosures by crafting a new guide focused on the Security researcher…
In response to the growing concern around open source software development, OpenSSF’s Best Practices for Open Source Developers Working Group (WG) has been diligently working with concerned members and community…
As part of the OpenSSF’s continued investment in critical open-source projects, we are happy to announce new partnerships and tooling from the Alpha-Omega Project. Alpha-Omega will sponsor critical security work…
OpenSSF is excited to announce its newest WG (Working Group), the End Users WG. This WG will focus on representing and addressing the challenges enterprises face when adopting (and using)…
We are excited to release new features from the Scorecards project, the OpenSSF tool that helps maintainers follow best security practices. The Scorecards GitHub Action now supports a REST API…