Community Updates
SOSS Task Force – Trusted Repository Security Initiative (TRSI-TF)
Advocating for Transparent and Secure Practices
- Embrace Transparency and Security:Â Advocate for open, secure practices to foster a trusted, innovative environment.
- Champion Trusted Communities:Â Join a proactive network using the “Scorecard” to elevate security in package ecosystems.
- Innovate with the DNS System:Â Help forge a layered trust system, enhancing security across repositories.
- Vet Beyond the Norm:Â Be part of a vanguard validating security beyond DNS, setting the highest standards.
To join, simply fill out this Doodle Poll to show your interest!
Open Source Security Integration and Enhancement Task Force (OSSIE-TF)
Fortifying the Backbone of Software Supply Chains
- Unite for Security Standards:Â Help craft universal security protocols and guidelines to protect package managers and users against prevalent threats.
- Collaborate for a Safer Ecosystem:Â Work alongside diverse package managers and dedicated working groups to exchange vital threat intelligence, strengthening our collective defense.
- Specialize in Threat Modeling:Â Take on the challenge of differentiating between malicious threats and vulnerabilities within top repositories. Your insights will safeguard platforms like NPM, PyPI, Gradle, Maven, and more.
- Together, let’s build a secure and resilient software infrastructure.
To join, simply fill out this Doodle Poll to show your interest!
End User Group – OpenSSF End User Working Group
Driving OpenSSF Mission for Better Security
- Mission: Ensure the End User’s distinct and impactful voice is heard in the development and delivery of the technical vision of the Open Source Security Foundation.
- Objectives:
- Represents the interests of public and private sector organizations that primarily consume open source.
- Ensures the use cases for end user consumption of Open Source software are factored into OSSF programs.
- Provides resources to develop and implement efficient strategies, processes, tools, and best practices that secure software supply chains.
- Aims to educate other consumers on the risks associated with supply chain security.
- OpenSSF Community Calendar Events:
- End User WG meeting on Thursday @ 9 am CST every 2 weeks
- End User WG -Refining Architecture and Threat Modelling meeting every Monday @ 11.30 am CST every week.
- Communication Channels
- Work & Progress:
- Ingestion Manifesto blog
- Threat Modeling blog
- Putting together a detailed threat modeling document
Please join our team and work with us to identify threats, provide guidance on ingestion of open source software from an end user’s perspective. Let us together raise awareness of these issues and provide detailed guidance on how to mitigate threats with the Open Source supply chain to make it secure.
Reach out to operations@openssf.org if interested to participate and join our End User WG group.
Submit to Speak at SOSS Fusion 2024
The Secure Open Source Software (SOSS) Fusion Conference by the OpenSSF is a leading event for open source professionals, uniting diverse experts from software developers to CISOs and tech pioneers. It’s not just an event; it’s a push toward a more secure digital future. Read more.
OpenSSF Responds to US CISA RFI on Cybersecurity Risk and Secure by Design Software
OpenSSF has submitted a response to the Request For Information (RFI) on Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software issued by the US Cybersecurity and Infrastructure Security Agency (CISA). Read more.
In the Headlines
- Omkhar’s comments on Apple’s new PQ3 post-quantum encryption for iMessage appeared in TechTarget and Tech Briefly.Â
- The Alpha-Omega annual report was covered in SD Times, Inside Dev and The CyberWire.Â
Don’t Forget…
