OpenSSF

Mar 04

This Week at OpenSSF – Feb 26

By OpenSSF Newsletter

Community Updates

SOSS Task Force – Trusted Repository Security Initiative (TRSI-TF)

Advocating for Transparent and Secure Practices

Embrace Transparency and Security: Advocate for open, secure practices to foster a trusted, innovative environment.
Champion Trusted Communities: Join a proactive network using the “Scorecard” to elevate security in package ecosystems.
Innovate with the DNS System: Help forge a layered trust system, enhancing security across repositories.
Vet Beyond the Norm: Be part of a vanguard validating security beyond DNS, setting the highest standards.

To join, simply fill out this Doodle Poll to show your interest!

Open Source Security Integration and Enhancement Task Force (OSSIE-TF)

Fortifying the Backbone of Software Supply Chains

Unite for Security Standards: Help craft universal security protocols and guidelines to protect package managers and users against prevalent threats.
Collaborate for a Safer Ecosystem: Work alongside diverse package managers and dedicated working groups to exchange vital threat intelligence, strengthening our collective defense.
Specialize in Threat Modeling: Take on the challenge of differentiating between malicious threats and vulnerabilities within top repositories. Your insights will safeguard platforms like NPM, PyPI, Gradle, Maven, and more.
Together, let’s build a secure and resilient software infrastructure.

To join, simply fill out this Doodle Poll to show your interest!

End User Group – OpenSSF End User Working Group

Driving OpenSSF Mission for Better Security

Mission: Ensure the End User’s distinct and impactful voice is heard in the development and delivery of the technical vision of the Open Source Security Foundation.
Objectives:
- Represents the interests of public and private sector organizations that primarily consume open source.
- Ensures the use cases for end user consumption of Open Source software are factored into OSSF programs.
- Provides resources to develop and implement efficient strategies, processes, tools, and best practices that secure software supply chains.
- Aims to educate other consumers on the risks associated with supply chain security.
OpenSSF Community Calendar Events:
- End User WG meeting on Thursday @ 9 am CST every 2 weeks
- End User WG -Refining Architecture and Threat Modelling meeting every Monday @ 11.30 am CST every week.

Communication Channels
- Slack
- Github issues
Work & Progress:
- Ingestion Manifesto blog
- Threat Modeling blog
- Putting together a detailed threat modeling document

Please join our team and work with us to identify threats, provide guidance on ingestion of open source software from an end user’s perspective. Let us together raise awareness of these issues and provide detailed guidance on how to mitigate threats with the Open Source supply chain to make it secure.

Reach out to operations@openssf.org if interested to participate and join our End User WG group.

Submit to Speak at SOSS Fusion 2024

CFP Open

The Secure Open Source Software (SOSS) Fusion Conference by the OpenSSF is a leading event for open source professionals, uniting diverse experts from software developers to CISOs and tech pioneers. It’s not just an event; it’s a push toward a more secure digital future. Read more.

OpenSSF Responds to US CISA RFI on Cybersecurity Risk and Secure by Design Software

Cybersecurity Risk and Secure by Design Software

OpenSSF has submitted a response to the Request For Information (RFI) on Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software issued by the US Cybersecurity and Infrastructure Security Agency (CISA). Read more.

In the Headlines

Omkhar’s comments on Apple’s new PQ3 post-quantum encryption for iMessage appeared in TechTarget and Tech Briefly.
The Alpha-Omega annual report was covered in SD Times, Inside Dev and The CyberWire.

Don’t Forget…

Mar 04

Come to First OpenSSF Tech Talk of the Year on Scorecard

By OpenSSF Blog

Join our first Tech Talk of 2024, where organizations will discuss the importance of adopting OpenSSF Scorecard. OpenSSF Scorecard helps open source maintainers improve their security best practices and helps…

Mar 04

OpenSSF, Linux Foundation Training & Certification, and CNCF Announce Scholarships to Support Women in Jordan Entering the Cybersecurity Field in Collaboration with US White House National Security Council

By OpenSSF Blog, Press Release

AMMAN, JORDAN, March 4, 2024 – Open Source Security Foundation (OpenSSF), Linux Foundation Training and Certification (LF T&C), and Cloud Native Computing Foundation (CNCF) are thrilled to announce an initiative in celebration of Women’s History Month. In collaboration with the US White House National Security Council (NSC), we are proud to support the women of Jordan by launching a pilot program offering 250 free security courses and certifications, including specialized certifications in Kubernetes and Cloud Native Security.

This initiative is a testament to our commitment to diversity, equity, and inclusion in the technology and cybersecurity fields. By providing complementary security certifications, we aim to break down barriers and create opportunities for women in Jordan, fostering a more inclusive and diverse workforce. As cybersecurity continues to experience challenges in finding enough skilled workers, this program will help build capacity in the workforce.

The pilot program is sponsored by OpenSSF and LF T&C, organizations dedicated to advancing open source software security and providing high-quality training and certification programs.

“Today’s announcement creates exciting opportunities for Jordan women to learn critical skills to enter the cybersecurity workforce and contribute to Jordan’s national security,” said Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies. “We applaud OpenSSF and the Linux Foundation for investing in women by granting these scholarships, which will strengthen our collective cybersecurity.”

“It is an honor to provide these scholarships to the women of Jordan in recognition of International Women’s Day and this year’s theme, ‘Inspire Inclusion,'” said Clyde Seepersad, SVP, General Manager, Training & Certification at Linux Foundation. “Supporting the careers of all women and increasing the supply of skilled cybersecurity professionals are both of vital, global interest.”

Omkhar Arasaratnam, General Manager of OpenSSF, added, “OpenSSF is a proud supporter of cybersecurity capacity building in diverse communities. Our Diversity Equity and Inclusion (DEI) work group and Education Special Interest Group (SIG) have made great progress toward these goals. We’re proud to collaborate on this initiative. We believe that providing opportunities for women in cybersecurity is not just the right thing to do; it is essential for building workforce capacity and the diversity of thought required to address tomorrow’s cybersecurity challenges.”

# # #

Media Contacts:

Jennifer Bly

OpenSSF

jbly@linuxfoundation.org

J Scott Punk

Linux Foundation Training & Certification

jspunk@linuxfoundation.org

Samantha L. Reposa

National Security Council

Samantha.L.Reposa@nsc.eop.gov

About the OpenSSF:

The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaborating and working upstream and with existing communities to advance open source security. For more information, please visit us at openssf.org.

About the Linux Foundation:

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenSSF, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

About the National Security Council (NSC):

The National Security Council (NSC) is the President’s principal forum for considering national security and foreign policy matters with his or her senior advisors and cabinet officials. Since its inception under President Truman, the Council’s function has been to advise and assist the President and to coordinate matters of national security among government agencies. For more information, please visit whitehouse.gov/nsc/.

Feb 27

Golden Egg Award: Celebrating Exceptional Contributions in the OpenSSF Community

By OpenSSF Blog

In Open Source Security Foundation (OpenSSF), we shine a light on those who go above and beyond in enriching our community. The Golden Egg Awards recognize individuals as the driving…

Feb 26

SOSS Community Day North America (NA) Agenda Live

By OpenSSF Blog

We're excited to announce that the agenda for Secure Open Source Software (SOSS) Community Day NA on April 15, 2024 is now available! Join us for a day of technical…

Feb 26

OpenSSF Supports White House’s Efforts to Build More Secure and Measurable Software

By OpenSSF Blog

The US Office of the National Cyber Director (ONCD) report Back to the Building Blocks: A Path Toward Secure and Measurable Software, was released today. The report provides valuable insights…

Feb 21

Submit to Speak at SOSS Fusion 2024

By OpenSSF Blog

Feb 16

Scaling Up Supply Chain Security: Implementing Sigstore for Seamless Container Image Signing

By OpenSSF Blog, Case Studies, Guest Blog

In this post, we will explore how Yahoo leverages Sigstore, in concert with Athenz, an open source platform for managing X.509 certificates, as an internal Certificate Authority, to sign and verify…

Feb 14

Linux Kernel Achieves CVE Numbering Authority Status

By OpenSSF Blog

The Linux kernel has achieved a significant milestone in open source software security. It has been authorized as a CVE Numbering Authority (CNA) by the CVE Program. Being a CNA…

Feb 13

Announcing the First Ever SOSS Fusion Conference: How You Can Get Involved

By OpenSSF Blog

We are thrilled to announce the first event Secure Open Source Software (SOSS) Fusion Conference 2024, a two-day conference hosted by the OpenSSF in Atlanta, GA. Set to take place…

Come to First OpenSSF Tech Talk of the Year on Scorecard

OpenSSF, Linux Foundation Training & Certification, and CNCF Announce Scholarships to Support Women in Jordan Entering the Cybersecurity Field in Collaboration with US White House National Security Council

About the OpenSSF:

About the Linux Foundation:

About the National Security Council (NSC):

Golden Egg Award: Celebrating Exceptional Contributions in the OpenSSF Community

SOSS Community Day North America (NA) Agenda Live

OpenSSF Supports White House’s Efforts to Build More Secure and Measurable Software

Submit to Speak at SOSS Fusion 2024

Scaling Up Supply Chain Security: Implementing Sigstore for Seamless Container Image Signing

Linux Kernel Achieves CVE Numbering Authority Status

Announcing the First Ever SOSS Fusion Conference: How You Can Get Involved

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

OpenSSF

Community Updates

In the Headlines

Don’t Forget…

About the OpenSSF:

About the Linux Foundation:

About the National Security Council (NSC):

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox