While several articles have been published about how to run your own Sigstore instance, it’s useful to understand how the public good instance is administered – both in terms of…
Read More
We are delighted to announce the 2.0 release of sigstore-python, a Python client for signing and verifying Sigstore signatures! This release has been in the works for a while and contains…
Read More
The Securing Critical Projects WG aims to solve the problem of insecure (and often unknown) critical projects. First, we focus on helping identify which projects are critical, which will allow…
Read More
From a software consumer perspective, how do we know where to start to address the real supply chain threats? Which risks are more critical than others? What framework or standard…
Read More
Prossimo continues to advance the functionality and scalability of the Rustls TLS library and the Rust for Linux effort thanks to $530,000 in funding from the OpenSSF’s Alpha-Omega project. This…
Read More
We welcome six new members from leading technology firms to the OpenSSF. New general members include Mend.io, RTX, Shopify, SlimAI, and Stacklok. New associate member, the Rust Foundation, also joins.…
Read More
Join us for an OpenSSF Tech Talk on SLSA. We’ll delve into the world of SLSA and its transformative impact on software supply chain security. You will get a comprehensive…
Read More
The Linux Foundation introduces our new vulnerability disclosure policy, which clarifies how vulnerability reporters should connect with the Linux Foundation project maintainers who are able to resolve issues.
Read More
We are excited to announce the release of the Source Code Management (SCM) Best Practices Guide by the Open Source Security Foundation (OpenSSF) Best Practices Working Group. This guide is…
Read More
The OpenSSF brought together US Government (USG) officials from the National Security Council (NSC), Office of the National Cyber Director (ONCD), and the Cybersecurity and Infrastructure Security Agency (CISA) among…
Read More