With the development of new artificial intelligence (AI) models and capabilities, attention has been drawn to their potential harms and misuse: from generating deepfakes and disinformation, algorithmic bias, or being used to perpetuate other harms or biases.
OSV is an open format for describing software vulnerabilities. It provides security researchers, vendors, and consumers with an easy to understand format for exchanging vulnerability information. OSV.dev is a database that hosts and aggregates OSV data.
Growing Member Base and New Initiatives Continue to Advance Open Source Software Security TOKYO, JAPAN – October 30, 2024 – The Open Source Security Foundation (OpenSSF), a global cross-industry initiative...
Today, I’m excited to announce that Stacklok is contributing our Minder open source project to the Open Source Security Foundation (OpenSSF). Minder makes it simpler for developers and security teams to adopt a policy-based approach to open source software security; it reduces noise, alerts to risk only when necessary, auto-remediates inconsistencies and spans the entire…
October is Cybersecurity Awareness Month! Proclaimed since 2004, October is the month dedicated to raising awareness about cybersecurity and taking simple steps to keep individuals and organizations safe. This year, let’s focus on collective action across different sectors. This post explores more about what actions different stakeholders can take in order to increase their cybersecurity…
Challenge For many years, the software supply chain has suffered from a lack of transparency and inefficient, unsustainable security management methods such as spreadsheets, emails, and word of mouth. The...
Welcome to the October 2024 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community. Take: Developing...
Event aims to create a more secure open source future by covering high-priority topics and offering workshops and industry expert insights WASHINGTON — October 22, 2024 — The Open Source...
Open source security isn’t just about technology—it’s about the people behind it. Developer Relations (DevRel) connects developers, maintainers, and contributors, ensuring that they have the tools and support to make open source software more secure and resilient.
