Skip to main content

đź“š FREE Security Course: Learn to Develop Secure Software With LFD121 đź“š ENROLL NOW

search
All Posts By

OpenSSF

Mar 04

Week at a Glance – Mar 4

By Newsletter

Community Updates

Metrics & Metadata WG

The Working Group “Metrics & Metadata” (formerly “Identifying Security Threats”) started three years ago by releasing the first version of the paper “Threats, Risks, and Mitigations in the Open Source Ecosystem” to help open source maintainers and contributors identify threats in the development cycles of a project and evaluate risks in the open source ecosystem. 

Keeping in mind this purpose, the Working Group has continued to work on projects that could help open source consumers to better evaluate the health of open source projects. 

We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part. 

Working Group Calendar: Metrics & Metadata WG meeting on Tuesday @ 6 PM (UTC) every 2 weeks.

Slack Channel: #wg_metrics_and_metadata

GitHub Repositories:

Projects:

  • SECURITY INSIGHTS Specification
  • Risk Assessment Dashboard SIG

Luigi Gubello (Co-Lead of Metrics & Metadata Working Group)

Micheal Scovetta (Co-Lead of Metrics & Metadata Working Group)

Last Updates:

  • We have improved the Docker container to run the SECURITY INSIGHTS Validator (ossf/si-tooling) by making it easier to use.
  • We have published a GitHub Action (luigigubello/security-insights-validator-ga) to run the SECURITY INSIGHTS Validator directly in the GitHub Workflows.
  • We are actively working on the release v1.1 of the SECURITY INSIGHTS specification.

Everyone is welcome, and we appreciate contributions, questions, feedback, and help because they assist us in improving our work. 🌸 Don’t be afraid if you don’t work in the info security field; we genuinely value contributions from individuals with diverse backgrounds 🦄.

OpenSSF Supports White House’s Efforts to Build More Secure and Measurable Software

Efforts to Build More Secure and Measurable Software
The US Office of the National Cyber Director (ONCD) report Back to the Building Blocks: A Path Toward Secure and Measurable Software, was released today. The report provides valuable insights into strategies to improve software security. This paper emphasizes the importance of proactive measures in mitigating vulnerabilities by examining pivotal principles such as memory safety, measurements, and metrics to help enhance software security. The OpenSSF supports efforts like this from the public sector, which improve the security of open source software.  Read more.

SOSS Community Day North America (NA) Agenda Live

SOSS Community Day register now

We’re excited to announce that the agenda for Secure Open Source Software (SOSS) Community Day NA on April 15, 2024 is now available! Join us for a day of technical talks, panels, and a Table Top Exercise (TTX). SOSS Community Day is co-located with Open Source Summit North America in Seattle, WA.  Read more.

Golden Egg Award: Celebrating Exceptional Contributions in the OpenSSF Community

Golden Egg AwardIn Open Source Security Foundation (OpenSSF), we shine a light on those who go above and beyond in enriching our community. The Golden Egg Awards recognize individuals as the driving force behind innovation. Read more.

In the Headlines

Don’t Forget…

SOSS

 

 

 

Mar 04

This Week at OpenSSF – Feb 26

By Newsletter

Community Updates

SOSS Task Force – Trusted Repository Security Initiative (TRSI-TF)

Advocating for Transparent and Secure Practices

  • Embrace Transparency and Security: Advocate for open, secure practices to foster a trusted, innovative environment.
  • Champion Trusted Communities: Join a proactive network using the “Scorecard” to elevate security in package ecosystems.
  • Innovate with the DNS System: Help forge a layered trust system, enhancing security across repositories.
  • Vet Beyond the Norm: Be part of a vanguard validating security beyond DNS, setting the highest standards.

To join, simply fill out this Doodle Poll to show your interest!

Open Source Security Integration and Enhancement Task Force (OSSIE-TF)

Fortifying the Backbone of Software Supply Chains

  • Unite for Security Standards: Help craft universal security protocols and guidelines to protect package managers and users against prevalent threats.
  • Collaborate for a Safer Ecosystem: Work alongside diverse package managers and dedicated working groups to exchange vital threat intelligence, strengthening our collective defense.
  • Specialize in Threat Modeling: Take on the challenge of differentiating between malicious threats and vulnerabilities within top repositories. Your insights will safeguard platforms like NPM, PyPI, Gradle, Maven, and more.
  • Together, let’s build a secure and resilient software infrastructure.

To join, simply fill out this Doodle Poll to show your interest!

End User Group – OpenSSF End User Working Group

Driving OpenSSF Mission for Better Security

  • Mission: Ensure the End User’s distinct and impactful voice is heard in the development and delivery of the technical vision of the Open Source Security Foundation.
  • Objectives:
    • Represents the interests of public and private sector organizations that primarily consume open source.
    • Ensures the use cases for end user consumption of Open Source software are factored into OSSF programs.
    • Provides resources to develop and implement efficient strategies, processes, tools, and best practices that secure software supply chains.
    • Aims to educate other consumers on the risks associated with supply chain security.
  • OpenSSF Community Calendar Events:
    • End User WG meeting on Thursday @ 9 am CST every 2 weeks
    • End User WG -Refining Architecture and Threat Modelling meeting every Monday @ 11.30 am CST every week.

Please join our team and work with us to identify threats, provide guidance on ingestion of open source software from an end user’s perspective. Let us together raise awareness of these issues and provide detailed guidance on how to mitigate threats with the Open Source supply chain to make it secure.

Reach out to operations@openssf.org if interested to participate and join our End User WG group.

Submit to Speak at SOSS Fusion 2024

CFP Open

The Secure Open Source Software (SOSS) Fusion Conference by the OpenSSF is a leading event for open source professionals, uniting diverse experts from software developers to CISOs and tech pioneers. It’s not just an event; it’s a push toward a more secure digital future. Read more.

OpenSSF Responds to US CISA RFI on Cybersecurity Risk and Secure by Design Software

Cybersecurity Risk and Secure by Design Software

OpenSSF has submitted a response to the Request For Information (RFI) on Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software issued by the US Cybersecurity and Infrastructure Security Agency (CISA). Read more.

In the Headlines

Don’t Forget…

SOSS

Mar 04
Celebrating Women's History Month

OpenSSF, Linux Foundation Training & Certification, and CNCF Announce Scholarships to Support Women in Jordan Entering the Cybersecurity Field in Collaboration with US White House National Security Council

By Blog, Press Release

AMMAN, JORDAN, March 4, 2024 – Open Source Security Foundation (OpenSSF), Linux Foundation Training and Certification (LF T&C), and Cloud Native Computing Foundation (CNCF) are thrilled to announce an initiative in celebration of Women’s History Month. In collaboration with the US White House National Security Council (NSC), we are proud to support the women of Jordan by launching a pilot program offering 250 free security courses and certifications, including specialized certifications in Kubernetes and Cloud Native Security.

This initiative is a testament to our commitment to diversity, equity, and inclusion in the technology and cybersecurity fields. By providing complementary security certifications, we aim to break down barriers and create opportunities for women in Jordan, fostering a more inclusive and diverse workforce. As cybersecurity continues to experience challenges in finding enough skilled workers, this program will help build capacity in the workforce.

The pilot program is sponsored by OpenSSF and LF T&C, organizations dedicated to advancing open source software security and providing high-quality training and certification programs.

“Today’s announcement creates exciting opportunities for Jordan women to learn critical skills to enter the cybersecurity workforce and contribute to Jordan’s national security,” said Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies. “We applaud OpenSSF and the Linux Foundation for investing in women by granting these scholarships, which will strengthen our collective cybersecurity.” 

“It is an honor to provide these scholarships to the women of Jordan in recognition of International Women’s Day and this year’s theme, ‘Inspire Inclusion,'” said Clyde Seepersad, SVP, General Manager, Training & Certification at Linux Foundation. “Supporting the careers of all women and increasing the supply of skilled cybersecurity professionals are both of vital, global interest.”

Omkhar Arasaratnam, General Manager of OpenSSF, added, “OpenSSF is a proud supporter of cybersecurity capacity building in diverse communities. Our Diversity Equity and Inclusion (DEI) work group and Education Special Interest Group (SIG) have made great progress toward these goals. We’re proud to collaborate on this initiative. We believe that providing opportunities for women in cybersecurity is not just the right thing to do; it is essential for building workforce capacity and the diversity of thought required to address tomorrow’s cybersecurity challenges.”

# # # 

Media Contacts:

Jennifer Bly

OpenSSF

jbly@linuxfoundation.org 


J Scott Punk

Linux Foundation Training & Certification

jspunk@linuxfoundation.org  

Samantha L. Reposa

National Security Council

Samantha.L.Reposa@nsc.eop.gov

About the OpenSSF:

The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaborating and working upstream and with existing communities to advance open source security. For more information, please visit us at openssf.org

About the Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenSSF, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

About the National Security Council (NSC):

The National Security Council (NSC) is the President’s principal forum for considering national security and foreign policy matters with his or her senior advisors and cabinet officials. Since its inception under President Truman, the Council’s function has been to advise and assist the President and to coordinate matters of national security among government agencies. For more information, please visit whitehouse.gov/nsc/.

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get Involved
Close Menu