Welcome to the November 2024 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.
- Apply: Lead a 2025 Tech Talk
- Attend: SOSS Community Day India
- Follow: LinkedIn, X, Mastodon, and BlueSky
The SOSS Fusion 2024 Playlist is Live!
Catch up on the highlights from SOSS Fusion 2024, The Conference for Secure Open Source Software with the full YouTube playlist. Explore keynotes, technical sessions, and workshops from industry leaders like Dan Lorenc and Cory Doctorow. Discover actionable insights and tools to secure open source software.
📺 Watch now: SOSS Fusion 2024 YouTube Playlist
Secure Your Software Supply Chain with Abhisek Datta
Join us for an insightful webinar, Policy, Security, and the Software Supply Chain, featuring security expert Abhisek Datta on November 27 from 2:00 PM – 3:00 PM. This event is hosted in the lead-up to SOSS Community Day, India, co-located with KubeCon + CloudNativeCon India 2024.
Mark your calendars and register today!
Join us in Delhi for SOSS Community Day India on December 10, 2024, co-located with KubeCon + CloudNativeCon India
Hosted by the OpenSSF, this event will bring together open source security enthusiasts to connect, collaborate, and share knowledge. Whether you’re an industry leader or a passionate technologist, this is your opportunity to dive deep into the latest open source security trends, learn from experts, and network with the vibrant open source community. Don’t miss out—register today and be part of the conversation on securing open source software!
2025 Virtual Tech Talk Call for Proposal (CFP)
We are excited to invite proposals for the 2025 Virtual Tech Talk Series, providing a platform for in-depth discussions on critical initiatives to secure open source software within the OpenSSF community. These tech talks are designed to foster knowledge sharing, highlight innovative technical projects, and showcase efforts driving the future of open source security.
Have a topic or expertise you’d like to share? Submit your Call for Proposals (CFP) by December 13, 2024, to ensure ample time for review and planning. This is your chance to contribute, connect with peers, and inspire others in the field.
Case Study: Kusari’s Implementation of OpenSSF Tools and Services
Kusari has tackled software supply chain challenges like transparency and inefficiencies by integrating OpenSSF tools such as AllStar, Scorecard, and GUAC, while adopting open standards like SLSA and OpenVEX. These solutions have enhanced their ability to manage risks and contribute actively to the OpenSSF community.
“Participating in open source communities allows us to shape the future of software supply chain technology,” says Parth Patel, Kusari’s Co-founder.
➡️ Read more about Kusari’s journey and the tools they use.
October was Cybersecurity Awareness Month!
This year, the focus was on collective action across sectors to enhance cybersecurity resilience. Organizations prioritized OSS governance, developers adopted secure coding practices, and academic institutions prepared the next generation of professionals—all contributing to safer digital ecosystems.
OpenSSF supported these efforts with resources like Developing Secure Software (LFD121) and events like SOSS Fusion, which fostered collaboration and knowledge sharing.
➡️ Read more about how we worked together to stay secure and informed.
OpenSSF Adds Minder as a Sandbox Project to Simplify the Integration and Use of Open Source Security Tools
Minder, contributed by Stacklok, simplifies the integration and use of open source security tools through a policy-based approach that spans the entire software development lifecycle. With features like noise reduction, auto-remediation, and integration with OpenSSF tools such as Sigstore, Minder empowers organizations to strengthen their security posture.
➡️ Explore Minder and see how it enhances open source security.
OpenSSF Expands Secure Development Course with Interactive Labs
The Open Source Security Foundation (OpenSSF) has enhanced its free “Developing Secure Software” course (LFD121) with hands-on labs and interactive activities. These new features provide developers with practical techniques to counter modern cyberattacks, improving engagement and knowledge retention.
With over 25,000 enrollments globally, this course offers a comprehensive learning experience covering secure design principles, implementation, and verification techniques. Developers can earn a completion certificate and access optional browser-based labs for an immersive learning experience.
➡️ Enroll in LFD121 and start building secure software today!
OpenSSF Welcomes New Members and Introduces New Initiatives at SOSS Community Day Japan
At SOSS Community Day Japan, OpenSSF celebrated its growing community with the addition of new members, including Arm, embraceable AI, Fujitsu, Ruby Central, and Trifecta Tech, furthering its mission to secure open source software.
In a recent press release, OpenSSF also announced new initiatives: Minder, a sandbox project simplifying security tool integration; bomctl, enhancing SBOM management; and Zarf, enabling secure software delivery in air-gapped environments.
➡️ Read more about our new members and initiatives.
Red Hat’s Collaboration with the OpenSSF and OSV.dev Yields Results: Red Hat Security Data Now Available in the OSV Format
Red Hat has partnered with OpenSSF and Google’s OSV.dev to make its security data available in the OSV format. This enhances transparency, accessibility, and integration with tools like OSV-Scanner, supporting better vulnerability management.
➡️ Learn more about this collaboration.
How We Can Learn from Open Source Software to Address the Challenges of AI
AI models bring transformative potential but also risks like deepfakes, bias, and misuse. Drawing from open source principles, we can address these challenges by fostering collaboration across industry, academia, and government, securing the AI supply chain, and building “secure by default” models.
OpenSSF’s work with agencies like CISA offers a roadmap for leveraging open source security principles to improve the safety and reliability of open foundation models.
➡️ Read how open source lessons can shape a secure AI future.
The OpenSSF Armored Goose “Honk”: Advancing Open Source Security
The Open Source Security Foundation’s (OpenSSF) logo features “Honk,” an armored goose holding a shield, embodying the foundation’s mission to protect open source software. Representing adaptability, resilience, and teamwork, Honk symbolizes the innovative approaches OpenSSF employs to enhance security in the open source ecosystem.
Discover the story behind Honk and how OpenSSF champions collaboration and defense in open source security.
➡️ Learn more about Honk and join the mission.
In the News
- TechCrunch: Stacklok donates its Minder supply chain security project to the OpenSSF
- The New Stack Newsletter: ISSUE 441 | All Thing Open, Open Source AI, and Seeking Opportunities
- Linux Insider: Tor and Tails Team Up for Better Online Privacy Protections
- DZone: Making Sense of Open-Source Vulnerability Databases: NVD, OSV, and More
- tl;dr sec newsletter: [tl;dr sec] #255 – AI finds 0day in SQLite, Cloud Security Tools, Auto-generate Terraform Secure Guardrails
- SiliconANGLE: How Kubernetes is aiming to transform cloud-native development and security in its next era
- Help Net Security: How Intel is making open source accessible to all developers
- SiliconANGLE: From security challenges to AI workflows: Open-source ecosystems fuel integration and innovation across industries
Meet OpenSSF at These Upcoming Events!
- Policy, Security, and the Software Supply Chain (Virtual Event): November 27, 2024
- SOSS Community Day India: December 10, 2024
- Open Source Software Stewards Manufacturers Workshop: December 10-11, 2024
Get Involved in OpenSSF
You’re invited to…
- Join a Working Group or Project
- Chat with us on Slack
- Follow us on X, Mastodon, and LinkedIn
See You Next Month
We want to get you the information you most want to see in your inbox. Have ideas or suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org, and see you next month!
Regards,
The OpenSSF Team