Early adopters of SBOM have proposed new standards as well as updates to existing standards to specify the status of each vulnerability alongside the SBOM itself. In this context, existing…
Read More
Securing the open source ecosystem isn't a passive act. It calls for proactive participation through regular code reviews, vulnerability assessments, or simply staying updated with the latest security protocols. Every user,…
Read More
We’re thrilled to announce that RSTUF, Repository Service for TUF, has joined the OpenSSF as an OpenSSF Sandbox Project. This is a major step forward in ensuring we can improve…
Read More
The OpenSSF Securing Software Repositories Working Group focuses on the maintainers of software repositories, software registries, and the tools that rely on them. By repositories, we include all platforms where…
Read More
We are pleased to announce that OpenSSF Day Japan will be taking place on December 4, 2023 at the Ariake Central Tower Hall & Conference, colocated with Open Source Summit…
Read More
Today, we are excited to announce OpenSSF Scorecard v4.12. This release adds support for GitLab and brings the project closer to its longer-term goal of supporting all types of hosted…
Read More
The US Federal Government's recent Request for Information (RFI) on Open Source Software Security (announced by the US White House) is a noteworthy development for open source software (OSS). This…
Read More
By adopting a few common principles, software organizations can achieve real, measurable change in the security and health of their software supply chains. You are invited to adopt the new…
Read More
If you're not using automation to monitor the security risks from your dependency tree, chances are your project is vulnerable. Although these vulnerabilities may not be malicious, they can still…
Read More
The Open Source Security Foundation (OpenSSF) announced today at Black Hat 2023 its collaboration with the Defense Advanced Research Projects Agency (DARPA) on the AI Cyber Challenge (AIxCC) – a…
Read More