

Welcome to the June 2024 edition of the OpenSSF Newsletter, with our latest information on what’s been happening lately and what’s on our radar.
We’re looking for proposals in the form of session presentations, panels, keynote sessions, and lightning talks. Submit to speak on any one of the following topics:
The Call for Proposals closes Friday, July 12, at 11:59 PM EDT.
The Open Source Security Foundation (OpenSSF), a project of the Linux Foundation focused on improving the security of open source software, is proud to announce its collaboration with the Eclipse Foundation and a leading open source consortium to work on the European Union’s (E.U.) Cyber Resilience Act (CRA).
There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to their source code and build instructions. And with more than 100 million developers building on GitHub, we want to ensure that developers have the tools needed to help.
At Secure Open Source Software (SOSS) Community Day North America 2024, we held a panel discussion on DEI (Diversity, Equity and Inclusion) at Open Source Security Foundation (OpenSSF). In preparing for this discussion we had a lot of conversations and realized we each had diverse perspectives.
The Open Source Security Foundation (OpenSSF)’s mission is to strengthen the open source software ecosystem through a collaborative initiative across industry. But did you know about the other initiatives focusing on strengthening open source security, happening across the Linux Foundation?
OpenSSF is making waves globally, with our footprint evident in discussions and events across continents. Join us on an “OSS Security Adventure” as we delve into our impactful presence at the SOSS Policy Summit in Brussels, the RSA Conference in San Francisco, and our engaging meetup in Tokyo.
Introducing our new co-host for “What’s in the SOSS?” podcast, Christopher Robinson (CRob). As the Director of Security Communications at Intel Corporation and Chair of OpenSSF’s Technical Advisory Committee, CRob’s 25 years of experience in various sectors will enrich our podcast discussions. The latest episode features his day-to-day activities, podcast vision, and advice for those entering cybersecurity.
Stacklok, founded by Kubernetes co-creator Craig McLuckie and Sigstore creator Luke Hinds, enhances open source software security using Sigstore. By integrating Sigstore into their products, Trusty and Minder, Stacklok helps developers and maintainers secure their software supply chains with tools for artifact signing and verification. This case study highlights Stacklok’s commitment to making open source software safer and their contributions to the OpenSSF community.
In today’s rapidly evolving open source ecosystem, managing vulnerabilities efficiently is crucial. That’s why we’re excited to share that Canonical is now issuing Ubuntu Security Notices (USNs) in the open source OSV format. This collaboration aims to simplify vulnerability management and enhance security for our users.
In this Tech Talk, you will meet the GUAC maintainers as they cover the project and its recent release, roadmap plans, and how you can contribute. Cybersecurity threats are constantly and quickly changing, but GUAC can help you stay ahead.
Check out this blog for a summary of the tech talk highlights and watch experts discuss its benefits & real-world uses. Slides & recording are available.
OpenSSF offers two comprehensive, free courses designed to help software developers improve their skills in secure software development and supply chain security.
Developing Secure Software (LFD121)
This course covers the fundamentals of developing secure software and is available on the Linux Foundation Training & Certification platform. It is entirely online, self-paced, and takes about 14-18 hours to complete. Both the course and the certificate of completion are free. Upon finishing the course and passing the final exam, participants will earn a certificate valid for two years.
Securing Your Software Supply Chain with Sigstore (LFS182)
This course teaches software developers, DevOps engineers, security engineers, and software maintainers how to use Sigstore’s toolkit to enhance software supply chain security. It covers the use of Cosign, Fulcio, and Rekor tools and is available on the Linux Foundation Training & Certification platform. The course is free, online, self-paced, and takes about 8 hours to complete. Familiarity with Linux terminals, command line tools, and intermediate cloud computing and DevOps concepts is recommended.
Get Involved in OpenSSF
You’re invited to…
We want to get you the information you most want to see in your inbox. Have suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org and see you next month!
Regards,
The OpenSSF Team