OpenSSF

Oct 20

SLSA Tech Talk Highlights

By OpenSSF Blog

Earlier this month we held a Tech Talk on Securing the Software Supply Chain: An In-Depth Exploration of SLSA. SLSA, or Supply-chain Levels for Software Artifacts, is an OpenSSF project…

Oct 18

Love0

OpenSSF Day Japan Agenda Now Live

By OpenSSF Blog

The OpenSSF Day Japan agenda is now live! We have a great day of session presentations, panels, and lightning talks lined up on December 4th, colocated with Open Source Summit…

Oct 17

Love0

OpenSSF Welcomes New Governing Board Chair, Arun Gupta

By OpenSSF Blog

The OpenSSF is pleased to welcome new Governing Board Chair, Arun Gupta who was elected by the OpenSSF Governing Board and will serve from October 2023 to October 2024. Join…

Oct 16

Love0

Reflections on 2023 Milestones from Two-Term Board Chair, Jamie Thomas

By OpenSSF Blog

Like the open source ecosystem itself, the OpenSSF has grown and evolved during a very busy 2023. It’s no longer debatable, everyone depends upon open source software today. Two-Term OpenSSF…

Oct 13

Love0

US Government Fact Sheet on Improving Security of Open Source Software in Operational Technology and Industrial Control Systems (OT / ICS)

By OpenSSF Blog

This week, CISA, FBI, NSA, and the US Department of the Treasury released guidance on Improving Security of Open Source Software (OSS) in Operational Technology (OT) and Industrial Control Systems…

Oct 12

Love0

Introducing OpenSSF’s Malicious Packages Repository

By OpenSSF Blog

Today, the OpenSSF Package Analysis team is excited to announce the launch of our Malicious Packages repository, the first open source system for collecting and publishing cross-ecosystem reports of malicious…

Oct 11

Love0

OpenSSF introduces the Specification Security Insights 1.0

By OpenSSF Blog

The OpenSSF is thrilled to announce the release of version 1.0 for the Security Insights Specification. Security Insights provides a mechanism for maintainers to provide information about their projects' security…

Oct 10

Love0

HTTP/2 Rapid Reset Vulnerability Highlights Need for Rapid Response

By OpenSSF Blog

Open Source Software is used in critical infrastructure worldwide. As vulnerabilities like Looney Tunables, Rapid Reset, and the forthcoming cURL vulnerabilities are discovered, organizations must have a well-practiced incident response…

Oct 03

Love0

Running Sigstore as a Managed Service: A Tour of Sigstore’s Public Good Instance

By OpenSSF Blog, Guest Blog

While several articles have been published about how to run your own Sigstore instance, it’s useful to understand how the public good instance is administered – both in terms of…

Sep 29

Love0

Announcing sigstore-python 2.0

By OpenSSF Blog

We are delighted to announce the 2.0 release of sigstore-python, a Python client for signing and verifying Sigstore signatures! This release has been in the works for a while and contains…

SLSA Tech Talk Highlights

OpenSSF Day Japan Agenda Now Live

OpenSSF Welcomes New Governing Board Chair, Arun Gupta

Reflections on 2023 Milestones from Two-Term Board Chair, Jamie Thomas

US Government Fact Sheet on Improving Security of Open Source Software in Operational Technology and Industrial Control Systems (OT / ICS)

Introducing OpenSSF’s Malicious Packages Repository

OpenSSF introduces the Specification Security Insights 1.0

HTTP/2 Rapid Reset Vulnerability Highlights Need for Rapid Response

Running Sigstore as a Managed Service: A Tour of Sigstore’s Public Good Instance

Announcing sigstore-python 2.0

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox