Skip to main content
All Posts By

OpenSSF

SLSA Survey

New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security

By Blog

Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software professionals view these practices as useful or not? Easy or hard? To help answer these and related questions, Chainguard, the Eclipse Foundation, the Rust Foundation, and the Open Source Security Foundation (OpenSSF) partnered to field a software supply chain security survey.

Read More
OpenSSF SLSA 1.0 Release Candidate

Draft Version 1.0 of SLSA Open for Comments

By Blog

Supply-chain Levels for Software Artifacts (SLSA, pronounced “salsa”) is an OpenSSF project that provides specifications for software supply chain security, established by industry consensus. SLSA’s framework is organized into a series of levels that describe increasing security rigor. Version 0.1 of the SLSA specification has been out for some time. We’ve been steadily working in public on updates to SLSA to have a “version 1.0” ready. Now, we have a draft version 1.0, and we’re seeking your final feedback.

Read More
OpenSSF Welcomes New Members March 2023

OpenSSF Membership Growth Signals Technical Communities’ Continued Commitment to Investing in Security

By Press Release

The Open Source Security Foundation (OpenSSF) welcomes eight new members from leading technology firms. The total number of OpenSSF members is currently over 100 and organization membership saw an 88% growth in 2022 from a variety of different sectors. New OpenSSF general member commitments include those from Amesto Fortytwo, Code Intelligence, Kusari, Privado, Scotiabank, Technology Innovation Institute (TII). New associate members include the Open Source Business Alliance – Bundesverband für digitale Souveränität e.V. and Python Software Foundation. We are happy to see that technical communities continue to demonstrate a strong commitment to investing in security now and for the future.

Read More
Open Source Security Meetup, Hong Kong, March 1, 2023

Inaugural OpenSSF Hong Kong Meetup on March 1

By Blog

We’re delighted to announce the first-ever Open Source Security Foundation (OpenSSF) Meetup in Hong Kong! Whether you’re a member of technical staff or a business executive, if you want to hear the latest on the pressing challenges and leading initiatives in OSS security – please join us. All are welcome.

Read More
OSS Security Meetup in Tokyo Japan on Feb 23 2023

Join Us at the First OSS Security Meetup in Tokyo, Japan

By Blog

We are excited to present at the first ever OSS Security Meetup in Japan, on February 28 in Tokyo, hosted by Open Source Security Foundation (OpenSSF) Members. We aim to create a place where people with the same awareness and challenges related to OSS security can gather, share information mainly in Japanese, and move forward together.

Read More
Independent Security Audit Report

Independent Security Audit Impact Report

By Blog

Security audits are an extremely effective tool for improving the security of critical projects. In 2022, OpenSSF and Google sponsored a number of security audits and associated work via strategic partner Open Source Technology Improvement Fund (OSTIF). Today OSTIF released its Independent Security Audit Impact Report.

Read More
Open Source Software Security

Engaging Policy Makers and the Ecosystem on Open Source Software Globally

By Blog

Throughout 2022, the Linux Foundation and OpenSSF in particular have been at the heart of a number of important conversations concerning the open source software (OSS) community and sustainability of the ecosystem. A large part of our global engagement efforts have been focused on collaborating with leaders in the public and private sector to further the ecosystem understanding of open source software security.

Read More
OpenSSF Day Japan December 5

Takeaways from OpenSSF Day Japan

By Blog

On December 5th during Open Source Summit Japan, the Open Source Security Foundation (OpenSSF) hosted OpenSSF Day Japan 2022, a half-day event dedicated to exploring ongoing efforts to improve the security of open source software (OSS). Throughout the day, contributors and thought leaders shared their ideas and experiences with OSS security through sessions on subjects like security best practices, vulnerability discovery, securing critical projects, and the future of OSS security.

Read More