🎙️ Submit your talk for: OpenSSF Community Day Europe by July 12

OpenSSF

OpenSSF Welcomes New Members in Support of Securing Open Source Software

We welcome six new members from leading technology firms to the OpenSSF. New general members include Mend.io, RTX, Shopify, SlimAI, and Stacklok. New associate member, the Rust Foundation, also joins. Technical communities continue to prioritize investment in open source security and recognize the role of supporting and sustaining open source communities in maintaining a healthy,…

Join us for an OpenSSF Tech Talk on SLSA

Join us for an OpenSSF Tech Talk on SLSA. We’ll delve into the world of SLSA and its transformative impact on software supply chain security. You will get a comprehensive overview of SLSA and dig into SLSA fundamentals, trust and transparency in software artifacts, SLSA framework levels, the industry impact of SLSA, and more. You…

OpenSSF Releases Source Code Management Best Practices Guide

We are excited to announce the release of the Source Code Management (SCM) Best Practices Guide by the Open Source Security Foundation (OpenSSF) Best Practices Working Group. This guide is a comprehensive resource dedicated to raising awareness and education for securing and implementing best practices for SCM platforms, including GitHub and GitLab.

OpenSSF Gathers US Government and Industry Leaders at Secure Open Source Software Summit 2023

The OpenSSF brought together US Government (USG) officials from the National Security Council (NSC), Office of the National Cyber Director (ONCD), and the Cybersecurity and Infrastructure Security Agency (CISA) among others with industry leaders at the Secure Open Source Software (SOSS) Summit 2023. Participants at the Summit discussed the security challenges for the consumption of…

CISA’s Open Source Software Security Roadmap

We’re excited about the announcement of the US Cybersecurity and Infrastructure Security Agency (CISA)’s Open Source Software Security Roadmap. The Roadmap, released today, clearly articulates a risk assessment and implementation plan to help secure open source software (OSS) usage in the US Federal Government and private sector.

Behind the Scenes of the Alpha-Omega Summer Mentorship Program

The Alpha Omega Summer Mentorship Program recently wrapped up and was a resounding success. The program connected senior software security engineers with newcomers to open source, software development, and security research. Entry-level contributors had the opportunity to help accelerate Omega's mission under the guidance of experienced mentors. Get a behind-the-scenes look at how the program…

VDR, VEX, OpenVEX and CSAF

Early adopters of SBOM have proposed new standards as well as updates to existing standards to specify the status of each vulnerability alongside the SBOM itself. In this context, existing practices such as VDR, CSAF, and emerging standards VEX and OpenVEX are playing a key role.

Introducing RSTUF, Repository Service for TUF

We’re thrilled to announce that RSTUF, Repository Service for TUF, has joined the OpenSSF as an OpenSSF Sandbox Project. This is a major step forward in ensuring we can improve secure content distribution. RSTUF helps address a major challenge: securing software repositories, particularly ensuring the integrity of software updates, is crucial to protect against supply…