OpenSSF

Aug 18

The Rising Threat of Software Supply Chain Attacks: Managing Dependencies of Open Source Projects

By OpenSSF Blog, Guest Blog

If you're not using automation to monitor the security risks from your dependency tree, chances are your project is vulnerable. Although these vulnerabilities may not be malicious, they can still…

Aug 09

OpenSSF to Support DARPA on New AI Cyber Challenge (AIxCC)

By OpenSSF AI, Blog, Press Release

The Open Source Security Foundation (OpenSSF) announced today at Black Hat 2023 its collaboration with the Defense Advanced Research Projects Agency (DARPA) on the AI Cyber Challenge (AIxCC) – a…

Jul 28

Understanding and Applying the OpenSSF Criticality Score in Open Source Projects

By OpenSSF Blog, Guest Blog

At Open Source Summit North America earlier this year as a 10th grader, Nathan Naveen, gave a talk about OpenSSF Criticality Score. Nathan takes a look at why understanding tools…

Jul 27

OpenSSF Vulnerability Disclosures Working Group Helps Guide and Automate Handling Risk

By OpenSSF Blog

The OpenSSF Vulnerability Disclosures Working Group aims to improve open source security by developing and advocating well-managed vulnerability reporting and communication. We do so by documenting and supporting best vulnerability…

Jul 21

Manage how you protect your assets at scale with SBOMs

By OpenSSF Blog, Guest Blog

While many in the industry realize the value of having a software bill of materials, creators still need to generate high-fidelity SBOMs, and software consumers must ingest and enforce actions…

Jul 20

Fuzz Introspector: optimizing fuzzing workflows

By OpenSSF Blog, Guest Blog

Fuzz Introspector is an open source tool that at its core provides insights and suggestions for improvements on how a given project is being fuzzed. In this blog post we…

Jun 30

SBOM Everywhere and the Security Tooling Working Group: Providing the Best Security Tools for Open Source Developers

By OpenSSF Blog

This month, we present a spotlight on the SBOM Everywhere initiative, housed under the OpenSSF Security Tooling Working Group. The mission of the Security Tooling Working Group is to identify,…

Jun 22

Python Software Foundation Alpha Omega Welcome New PSF Security Developer in Residence

PSF Welcomes New Security Developer in Residence with Support from Alpha-Omega

By OpenSSF Alpha-Omega, Blog

Through funding by the OpenSSF’s Alpha-Omega Project, the Python Software Foundation (PSF) has hired a new security developer in residence as part of a year-long security enhancement initiative. PSF announced…

Jun 20

Why SBOM Generators Need to Accurately Represent Open Source Licenses

By OpenSSF Blog, Guest Blog

SBOMs enable organizations to identify vulnerabilities, track open-source usage, and ensure compliance with numerous licensing obligations. Having a “single source of truth” for security and licensing information helps everyone. Let’s…

May 31

OpenSSF Supply Chain Integrity Working Group Provides Security Guidance, Practical Frameworks, and Tools

By OpenSSF Blog

Within the OpenSSF Supply Chain Integrity Working Group (SCI WG), we’re hosting a global community of individuals and organizations collaborating on scalable standardized attestable practices for supply chain security. Along…

The Rising Threat of Software Supply Chain Attacks: Managing Dependencies of Open Source Projects

OpenSSF to Support DARPA on New AI Cyber Challenge (AIxCC)

Understanding and Applying the OpenSSF Criticality Score in Open Source Projects

OpenSSF Vulnerability Disclosures Working Group Helps Guide and Automate Handling Risk

Manage how you protect your assets at scale with SBOMs

Fuzz Introspector: optimizing fuzzing workflows

SBOM Everywhere and the Security Tooling Working Group: Providing the Best Security Tools for Open Source Developers

PSF Welcomes New Security Developer in Residence with Support from Alpha-Omega

Why SBOM Generators Need to Accurately Represent Open Source Licenses

OpenSSF Supply Chain Integrity Working Group Provides Security Guidance, Practical Frameworks, and Tools

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

OpenSSF

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox