Join us for an OpenSSF Tech Talk on SLSA. We’ll delve into the world of SLSA and its transformative impact on software supply chain security. You will get a comprehensive…
Read More
The Linux Foundation introduces our new vulnerability disclosure policy, which clarifies how vulnerability reporters should connect with the Linux Foundation project maintainers who are able to resolve issues.
Read More
We are excited to announce the release of the Source Code Management (SCM) Best Practices Guide by the Open Source Security Foundation (OpenSSF) Best Practices Working Group. This guide is…
Read More
The OpenSSF brought together US Government (USG) officials from the National Security Council (NSC), Office of the National Cyber Director (ONCD), and the Cybersecurity and Infrastructure Security Agency (CISA) among…
Read More
We’re excited about the announcement of the US Cybersecurity and Infrastructure Security Agency (CISA)’s Open Source Software Security Roadmap. The Roadmap, released today, clearly articulates a risk assessment and implementation…
Read More
The Alpha Omega Summer Mentorship Program recently wrapped up and was a resounding success. The program connected senior software security engineers with newcomers to open source, software development, and security…
Read More
Early adopters of SBOM have proposed new standards as well as updates to existing standards to specify the status of each vulnerability alongside the SBOM itself. In this context, existing…
Read More
Securing the open source ecosystem isn't a passive act. It calls for proactive participation through regular code reviews, vulnerability assessments, or simply staying updated with the latest security protocols. Every user,…
Read More
We’re thrilled to announce that RSTUF, Repository Service for TUF, has joined the OpenSSF as an OpenSSF Sandbox Project. This is a major step forward in ensuring we can improve…
Read More
The OpenSSF Securing Software Repositories Working Group focuses on the maintainers of software repositories, software registries, and the tools that rely on them. By repositories, we include all platforms where…
Read More