OpenSSF

The Linux kernel has achieved a significant milestone in open source software security. It has been authorized as a CVE Numbering Authority (CNA) by the CVE Program. Being a CNA…

We are thrilled to announce the first event Secure Open Source Software (SOSS) Fusion Conference 2024, a two-day conference hosted by the OpenSSF in Atlanta, GA. Set to take place…

Today, the OpenSSF Securing Software Repositories Working Group released v0.1 of Principles for Package Repository Security, a framework for package repositories to assess their current security capabilities and to help…

Time is of the essence to mitigate vulnerabilities like the recent Leaky Vessels in order to reduce the chance of the vulnerabilities being exploited by attackers. As noted in Leaky…

Today the Linux Foundation announced the launch of the Post-Quantum Cryptography Alliance (PQCA), an open and collaborative initiative to drive the advancement and adoption of post-quantum cryptography. The OpenSSF looks…

The CVE-2023-6246 vulnerability in glibc can allow an attacker to escalate their local unprivileged access to the full root privilege level. CVEs like this highlight the significance of the initiatives…

As the Open Source Security Foundation (OpenSSF), our core mission is to safeguard the open source software (OSS) ecosystem and make it more secure. In 2023, we embraced a significant…

The Linux Foundation’s recent research report, titled Maintainer Perspectives on Open Source Software Security, provides valuable insights into the views and practices of OSS maintainers and core contributors. Insights were derived…