Skip to main content
All Posts By

OpenSSF

securing open source software act of 2022

The United States Securing Open Source Software Act: What You Need to Know 

By Blog

The Securing Open Source Software Act is in response to the Log4Shell vulnerability discovered in late November 2021. What is the Securing Open Source Software Act about? On 21st September 2022, U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, introduced bipartisan legislation, the Securing Open Source Software Act, to help protect federal agencies and critical infrastructure systems by strengthening the security of software.

Read More
SigstoreCon North America

First-Ever SigstoreCon at KubeCon + CloudNativeCon North America 2022

By Blog

This year SigstoreCon will be hosted for the first time! The one-day event will take place on October 25, in Detroit Michigan, in co-location with KubeCon + CloudNativeCon North America. SigstoreCon aims to help accelerate how you secure your software supply chain. The great news is that this is a vendor-neutral conference organized by the open source Sigstore community and will focus on all things Sigstore.

Read More
OpenSSF CVD Guide for Finders

Coordination is Key! The OpenSSF’s CVD Guide for Finders

By Blog

The Vulnerability Disclosures Working Group is proud to unveil the next evolution in improving open source coordination of vulnerability disclosures by crafting a new guide focused on the Security researcher or Finder persona. The newly published Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects provides valuable best practices on how Finders can best engage and work with the open source community on discovered vulnerabilities.

Read More
Alpha-Omega Project

Alpha-Omega Project Announces Over $1.5M in Grants to Critical Open Source Projects and New Omega Analysis Toolchain

By Blog

As part of the OpenSSF’s continued investment in critical open-source projects, we are happy to announce new partnerships and tooling from the Alpha-Omega Project. Alpha-Omega will sponsor critical security work with a $460K grant to the Rust Foundation. This work expands on funding previously announced earlier this year, bringing our total investment to over $1.5M this year.

Read More
Show Off Your Score OpenSSF Security Scorecards

Show Off Your Security Score: Announcing Scorecards Badges

By Blog

We are excited to release new features from the Scorecards project, the OpenSSF tool that helps maintainers follow best security practices. The Scorecards GitHub Action now supports a REST API for quickly viewing project scores, and we’ve added one of our favorite new features: badges! We hope these additions will make interacting with Scorecards smoother than ever for open source maintainers and consumers.  

Read More
openssf npm best practices guide

npm Best Practices for the Supply-Chain

By Blog

We are excited to announce the v1 release of the “npm Best Practices,” a new guide focused on dependency management and supply chain security for npm. This release is the result of the OpenSSF Best Practice Working Group. It is a critical step to help JavaScript and TypeScript developers reduce risks as they choose open-source dependencies to use in their projects.

Read More