OpenSSF

Oct 11

OpenSSF introduces the Specification Security Insights 1.0

By OpenSSF Blog

The OpenSSF is thrilled to announce the release of version 1.0 for the Security Insights Specification. Security Insights provides a mechanism for maintainers to provide information about their projects' security…

Oct 10

Love0

HTTP/2 Rapid Reset Vulnerability Highlights Need for Rapid Response

By OpenSSF Blog

Open Source Software is used in critical infrastructure worldwide. As vulnerabilities like Looney Tunables, Rapid Reset, and the forthcoming cURL vulnerabilities are discovered, organizations must have a well-practiced incident response…

Oct 03

Love0

Running Sigstore as a Managed Service: A Tour of Sigstore’s Public Good Instance

By OpenSSF Blog, Guest Blog

While several articles have been published about how to run your own Sigstore instance, it’s useful to understand how the public good instance is administered – both in terms of…

Sep 29

Love0

Announcing sigstore-python 2.0

By OpenSSF Blog

We are delighted to announce the 2.0 release of sigstore-python, a Python client for signing and verifying Sigstore signatures! This release has been in the works for a while and contains…

Sep 28

Love0

OpenSSF Securing Critical Projects Working Group: Identifying and Helping Improve Top Open Source Projects

By OpenSSF Blog

The Securing Critical Projects WG aims to solve the problem of insecure (and often unknown) critical projects. First, we focus on helping identify which projects are critical, which will allow…

Sep 27

Love0

Threat Modeling the Supply Chain for Software Consumers

By OpenSSF Blog

From a software consumer perspective, how do we know where to start to address the real supply chain threats? Which risks are more critical than others? What framework or standard…

Sep 18

Love0

OpenSSF Alpha-Omega ISRG Prossimo Rustls Rust for Linux

Advancing Rustls and Rust for Linux with OpenSSF Support

By OpenSSF Blog, Guest Blog

Prossimo continues to advance the functionality and scalability of the Rustls TLS library and the Rust for Linux effort thanks to $530,000 in funding from the OpenSSF’s Alpha-Omega project. This…

Sep 18

Love1

OpenSSF Welcomes New Members in Support of Securing Open Source Software

By OpenSSF Blog, Press Release

We welcome six new members from leading technology firms to the OpenSSF. New general members include Mend.io, RTX, Shopify, SlimAI, and Stacklok. New associate member, the Rust Foundation, also joins.…

Sep 15

Love0

Join us for an OpenSSF Tech Talk on SLSA

By OpenSSF Blog

Join us for an OpenSSF Tech Talk on SLSA. We’ll delve into the world of SLSA and its transformative impact on software supply chain security. You will get a comprehensive…

Sep 14

Love0

What You Need to Know About the Linux Foundation’s New Vulnerability Reporting Policy

By OpenSSF Blog

The Linux Foundation introduces our new vulnerability disclosure policy, which clarifies how vulnerability reporters should connect with the Linux Foundation project maintainers who are able to resolve issues.

OpenSSF introduces the Specification Security Insights 1.0

HTTP/2 Rapid Reset Vulnerability Highlights Need for Rapid Response

Running Sigstore as a Managed Service: A Tour of Sigstore’s Public Good Instance

Announcing sigstore-python 2.0

OpenSSF Securing Critical Projects Working Group: Identifying and Helping Improve Top Open Source Projects

Threat Modeling the Supply Chain for Software Consumers

Advancing Rustls and Rust for Linux with OpenSSF Support

OpenSSF Welcomes New Members in Support of Securing Open Source Software

Join us for an OpenSSF Tech Talk on SLSA

What You Need to Know About the Linux Foundation’s New Vulnerability Reporting Policy

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox