🤖 Download the Free eBook: Securing Open Source in the Age of AI

OpenSSF

Prioritizing Security: Key Findings from the OpenSSF Survey for Financial Institutions

The Linux Foundation's Open Source Security Foundation (OpenSSF) Secure Software Development Education 2024 Survey offers crucial insights that are particularly relevant to the financial services industry, including FINOS members such as sell-side banks, buy-side firms, and wealth managers. As these organizations increasingly rely on software to drive operations, the emphasis on secure software development becomes critical.

OpenSSF Newsletter – August 2024

Welcome to the August 2024 edition of the OpenSSF Newsletter, with our latest information on what’s been happening lately and what’s on our radar. Take: Developing Secure Software (LFD121) Attend: SOSS Community Day EU Sponsor: SOSS Fusion

GUAC v0.8.0 Released

GUAC v0.8.0 is now available. This release brings support for license information, node deletion, and many other improvements.

Announcing SigstoreCon: Supply Chain Day!

Join us for SigstoreCon: Supply Chain Day! Co-located with Kubecon NA 2024 in Salt Lake City, attendees will learn about simplifying signing and verification for digital artifacts using Sigstore, as well as related software supply chain efforts such as SLSA, The Update Framework, binary transparency, and more! CFP deadline is September 13.

Mitigating Attack Vectors in GitHub Workflows

GitHub Actions are commonly used to automate processes in repositories, by running CI (continuous integration) tests on pull requests for example. It can also be used to make a package release process more secure just by making it automated. But, it is important to be careful to ensure that they are safe and do not…