OpenSSF

Apr 15

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

By OpenSSF Blog

The recent attempted XZ Utils backdoor (CVE-2024-3094) may not be an isolated incident as evidenced by a similar credible takeover attempt intercepted by the OpenJS Foundation, home to JavaScript projects…

Apr 15

Love0

Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security

By OpenSSF Blog

We’re excited to announce the winners of the Golden Egg Awards. These awards shine a light on those who go above and beyond in enriching our community. The Golden Egg…

Apr 12

Love0

Sessions You Won’t Want to Miss at SOSS Community Day NA and Open Source Summit North America 2024

By OpenSSF Blog

Get ready for the Secure Open Source Software (SOSS) Community Day NA and Open Source Summit North America 2024, next week in Seattle, Washington! These events are where open source…

Apr 11

Love0

“What’s in the SOSS?” Podcast is Now Live

By OpenSSF Blog

In our first podcast – Vincent Danen and the Art of Vulnerability Management, Omkhar Arasaratnam, General Manager of OpenSSF, talks to Vincent Danen, Vice President of Product Security at Red Hat,…

Apr 10

Love0

TTX_Securing_OSS_and_Empowering_Maintainers

Join us for a TTX: Securing OSS & Empowering Maintainers

By OpenSSF Blog

At SOSS Community Day NA on April 15, 2024 the OpenSSF Community will conduct a Tabletop Exercise (TTX). Periodically walking through various scenarios of a supply chain attack in a…

Apr 04

Love0

Static Binary Analysis: A Final Exam for Software Supply Chain Protection

By OpenSSF Blog, Guest Blog

The compromise of VoIP provider 3CX is just one of the latest incidents to highlight gaps in software supply chain security - and the need for a new approach to…

Mar 30

Love0

xz Backdoor CVE-2024-3094

By OpenSSF Blog

CVE-2024-3094 documents a backdoor in the xz package. While the motivation behind this backdoor remains unknown, the intent was to compromise specific distributions, as the backdoors were only applied to…

Mar 29

Love0

VulnCon 2024 Wrap-up: Securing the Ecosystem through Global Cooperation

By OpenSSF Blog

The OpenSSF was pleased to be one of the sponsors that helped contribute to the inaugural 2024 VulnCon conference that brought together experts from across industry, government, security researchers, and…

Mar 25

Love0

Intel OpenSSF Scorecard Secure Sofware Portfolio

How Intel Uses OpenSSF Scorecard To Better Secure Its Software Portfolio

By OpenSSF Blog, Case Studies

Scorecard is an automated tool from the OpenSSF that assesses 19 different vectors with heuristics ("checks") associated with important software security aspects and assigns each check a score of 0-10.…

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security

Sessions You Won’t Want to Miss at SOSS Community Day NA and Open Source Summit North America 2024

“What’s in the SOSS?” Podcast is Now Live

Join us for a TTX: Securing OSS & Empowering Maintainers

Static Binary Analysis: A Final Exam for Software Supply Chain Protection

xz Backdoor CVE-2024-3094

VulnCon 2024 Wrap-up: Securing the Ecosystem through Global Cooperation

How Intel Uses OpenSSF Scorecard To Better Secure Its Software Portfolio

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

OpenSSF

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox