OpenSSF

Apr 15

OpenSSF Announces New Members & Initiatives at SOSS Community Day North America

By OpenSSF Blog, Press Release

The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), is excited to announce new members from…

Apr 15

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

By OpenSSF Blog

The recent attempted XZ Utils backdoor (CVE-2024-3094) may not be an isolated incident as evidenced by a similar credible takeover attempt intercepted by the OpenJS Foundation, home to JavaScript projects…

Apr 15

Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security

By OpenSSF Blog

We’re excited to announce the winners of the Golden Egg Awards. These awards shine a light on those who go above and beyond in enriching our community. The Golden Egg…

Apr 12

Sessions You Won’t Want to Miss at SOSS Community Day NA and Open Source Summit North America 2024

By OpenSSF Blog

Get ready for the Secure Open Source Software (SOSS) Community Day NA and Open Source Summit North America 2024, next week in Seattle, Washington! These events are where open source…

Apr 11

“What’s in the SOSS?” Podcast is Now Live

By OpenSSF Blog

In our first podcast – Vincent Danen and the Art of Vulnerability Management, Omkhar Arasaratnam, General Manager of OpenSSF, talks to Vincent Danen, Vice President of Product Security at Red Hat,…

Apr 10

TTX_Securing_OSS_and_Empowering_Maintainers

Join us for a TTX: Securing OSS & Empowering Maintainers

By OpenSSF Blog

At SOSS Community Day NA on April 15, 2024 the OpenSSF Community will conduct a Tabletop Exercise (TTX). Periodically walking through various scenarios of a supply chain attack in a…

Apr 04

Static Binary Analysis: A Final Exam for Software Supply Chain Protection

By OpenSSF Blog, Guest Blog

The compromise of VoIP provider 3CX is just one of the latest incidents to highlight gaps in software supply chain security - and the need for a new approach to…

Mar 30

xz Backdoor CVE-2024-3094

By OpenSSF Blog

CVE-2024-3094 documents a backdoor in the xz package. While the motivation behind this backdoor remains unknown, the intent was to compromise specific distributions, as the backdoors were only applied to…

Mar 29

VulnCon 2024 Wrap-up: Securing the Ecosystem through Global Cooperation

By OpenSSF Blog

The OpenSSF was pleased to be one of the sponsors that helped contribute to the inaugural 2024 VulnCon conference that brought together experts from across industry, government, security researchers, and…

OpenSSF Announces New Members & Initiatives at SOSS Community Day North America

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security

Sessions You Won’t Want to Miss at SOSS Community Day NA and Open Source Summit North America 2024

“What’s in the SOSS?” Podcast is Now Live

Join us for a TTX: Securing OSS & Empowering Maintainers

Static Binary Analysis: A Final Exam for Software Supply Chain Protection

xz Backdoor CVE-2024-3094

VulnCon 2024 Wrap-up: Securing the Ecosystem through Global Cooperation

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

OpenSSF

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox