Skip to main content
All Posts By

OpenSSF

SOSS Fusion 24 CFP Results

SOSS Fusion 2024 CFP Results: A Look at Our Diverse and Engaging Program

By Blog

As the Call for Proposals (CFP) for the Secure Open Source Software (SOSS) Fusion Conference wrapped up, we wanted to share some insights about the submissions that highlight how Fusion will be a premier event in open source security. SOSS Fusion brings together the brightest minds in software development and cybersecurity to secure the open source software that we all depend on. With a total of 198 submissions from 143 different organizations (including individual contributors as well as small or medium-sized enterprises, the Program Committee (PC) is currently reviewing proposals to finalize an agenda that promises to be both innovative and engaging.

Breakdown of SOSS Fusion CFP Submissions

Nearly 50% of submissions are focused on Software Development and Open Source Software as well as AI and Security. Nearly 20% of the submissions focused on the topic of OSS Consumption and End Users. 30% of the submissions focused on a variety of topics such as Diversity and Community Development, Public Policy, OSPOs and Security, as well Security Education.

Just over 80% of the talks submitted have never been presented before, indicating that we may be reaching an audience that is not engaged in other conferences. This diversity of content aligns with our goal of fostering fresh ideas and innovative approaches to open source security. Nearly 60% of submissions come from a diversity, equity, and inclusion background and just over 40% of the submissions come from the greater Global community, outside the United States and Canada.

Sponsor SOSS Fusion or a Co-Located Event

We currently have sponsorship opportunities available for organizations that want to show their support for open source security. Whether you are a large enterprise organization or a startup, sponsoring SOSS Fusion will give your organization the key visibility and recognition aligned to a critical topic that affects everyone: the security of our open source ecosystems. Check out the sponsorship prospectus or get in touch with our team today!

Just before SOSS Fusion, we are excited to offer opportunities for co-located events. These events are smaller gatherings that help create a community to discuss important issues. A limited number of spots are available.

Key Dates to Remember

  • CFP Notifications: Tuesday, July 30
  • Schedule Announcement: Wednesday, July 31
  • Presentation Slide Due Date: Friday, October 18
  • Event Dates: Monday, October 21 (Co-Located Events), Tuesday, October 22 – Wednesday, October 23 (Fusion Conference)

The agenda will be confirmed by the PC on July 29, ensuring a well-rounded and comprehensive program that addresses the most pressing issues in open source security.

What to Expect at SOSS Fusion 2024

The SOSS Fusion Conference will host in-depth technical conversations on innovative and industry-leading ways to secure open source software. This collaborative platform will feature a range of session types, including lightning talks, session presentations, panel discussions, and keynote sessions. Attendees can look forward to gaining insights from thought leaders and participating in discussions on various topics, including:

  • OSPO: Security and Open Source Program Offices
  • Maintainer Roles: Securing Open Source Software
  • Dev: Secure Integration in the Software Development Lifecycle
  • What’s Next: Fresh Ideas for Security Research & Innovation
  • Digital Public Goods (DPG): Public Sector Promotion & Adoption
  • Public Policy: Regulations to Improve Open Source Security
  • As We Are: How Diversity Improves Security
  • Education (K-12+): The Future of Secure Open Source Software
  • End Users: Secure Supply Chains
  • Dependencies: Understanding the OSS in Your Stack
  • Towards a Secure Baseline: Ecosystem’s Role in Security
  • AI for Security: Leveraging AI to Secure Open Source Software
  • Security for AI: Starting with Security for Open Source AI

Join Us in Atlanta

SOSS Fusion 2024 will take place in Atlanta, Georgia, and promises to be an event filled with knowledge sharing, networking, and collaboration. Don’t miss the opportunity to be part of this groundbreaking event that is set to shape the future of open source software security.

For more information, including registration details, sponsorship opportunities, and travel arrangements, please visit our SOSS Fusion event page.

OpenSSF July Newsletter

OpenSSF Newsletter – July 2024

By Newsletter

Welcome to the July 2024 edition of the OpenSSF Newsletter, with our latest information on what’s been happening lately and what’s on our radar.

An Open Source Approach to Threat Mitigation in AWS

AnOpenSourceApproach

Securing cloud environments is a top priority for organizations today. Leveraging open source tools like Falco, combined with AWS Lambda, provides powerful solutions for monitoring and responding to security threats. Learn how Falco and Falco Talon can automate threat detection and response, ensuring robust cloud security.

Read More

A Deep Dive into SBOMit and Attestations

SBOMit and Attestations

December 2023 saw the launch of SBOMit, a project that helps enhance the reliability and integrity of SBOMs (Software Bills of Materials). It does so by including, along with SBOMs, a series of in-toto attestations that are produced while the software is being created. SBOMit is hosted under the OpenSSF Security Tooling Working Group.

But why are these attestations important for SBOMs and how do they work? 

Read the blog to learn more.

Improving OpenSSF Scorecard Scores: StepSecurity Automation for Four Key Checks

ImprovingOpenSSFScorecardScores

Implementing security best practices is essential for open source maintainers to ensure their projects are secure and free from vulnerabilities. However, many maintainers find this task complex and time-consuming when done manually. The OpenSSF Scorecard offers an automated heuristic of how well key security processes are implemented in a project.

Read more

Chainguard Enhances Security With OSV Advisory Feed

OSV

In today’s rapidly evolving open source ecosystem, managing vulnerabilities efficiently is crucial. To address this, Chainguard is now publishing its security advisory feed in the Open Source Vulnerabilities (OSV) format. This integration aims to simplify vulnerability management and enhance security for users of open source software. 

Read more

Why are Organizations Struggling to Implement Secure Software Development?

Cover_Secure_Software_Development_Education_2024_Survey

The Secure Software Development Education 2024 Survey, conducted through a partnership between the Open Source Security Foundation (OpenSSF) and Linux Foundation (LF) Research, examines the secure software development education needs of professionals in this field. 

Read more

Learn How To Develop Secure Software!

Developing_Secure_Software

The Open Source Security Foundation (OpenSSF), in partnership with Linux Foundation Training & Certification, offers a free online training course, Developing Secure Software (LFD121). Those who complete the course and pass the final exam will earn a free certificate of completion valid for two years. 

Read more

AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 1

AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability1

Could artificial intelligence (AI) practically help find and fix vulnerabilities in a scalable way? We don’t know for certain, but there’s hope that it could. In this article, we’ll look at a competition to encourage the development of AI-enabled tools that will automatically find and fix vulnerabilities. 

Read more

The Linux Foundation and OpenSSF Release Report on the State of Education in Secure Software Development

StateofEducationReport

Linux Foundation Research and the Open Source Security Foundation (OpenSSF) are pleased to release a new report titled “Secure Software Development Education 2024 Survey: Understanding Current Needs.” Based on a survey of nearly 400 software development professionals, the analysis explores the current state of secure software development and underscores the urgent need for formalized industry education and training programs.

Read More

AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 2

AIxCCChallenge_Part2

In part 1, we discussed the Artificial Intelligence Cyber Challenge (AIxCC), a two-year competition to create AI systems that find software vulnerabilities and develop fixes to them. We also discussed a specific vulnerability in the Linux kernel, called needle, as an example of the kind of vulnerability we’d like such tools to find and fix. In part 1 we discussed how such tools might be able to find vulnerabilities. Now let’s talk a little bit about how they might fix them. Real competitors in AIxCC might do things differently; this article simply helps us understand what they’re trying to do.

Read More

Recognizing Excellence in OSS Community: Golden Egg Award Nominations Are Now Open!

GoldenEggAwardEU

The Open Source Security Foundation (OpenSSF) is thrilled to announce that nominations for the Golden Egg Award are now open! This award honors individuals who have made outstanding contributions to the open source security community. After its successful debut at SOSS Community Day North America, the award is back to recognize more exceptional individuals at SOSS Community Day Europe this September. If you know someone who has demonstrated exceptional dedication and impact in our community, now is the time to nominate them for this esteemed recognition.

Read More

In the News

Meet OpenSSF at These Upcoming Events!

Get Involved in OpenSSF

You’re invited to…

See You Next Month

We want to get you the information you most want to see in your inbox. Have suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org and see you next month! 

Regards,

The OpenSSF Team