Nov 27, 2024 |
In Blog
Shaping the Future of Generative AI: A Focus on Security
Open Source Security Foundation (OpenSSF), with its focus on securing open source software, plays a pivotal role in establishing best practices for developing secure AI systems. In 2024, the OpenSSF AI/ML Working Group launched a new project focused on model signing. This initiative is developing a proof of concept for model signing… Read more.
Nov 25, 2024 |
In Blog
Understanding the CRA: OpenSSF’s Role in the Cyber Resilience Act Implementation – Part 1
With publishing as Regulation (EU) 2024/2847 in the Official Journal of the European Union, the Cyber Resilience Act (CRA) enters into force (EIF) on December 10, 2024. The CRA will fully apply three years later, on December 11, 2027. The CRA will obligate all products with digital elements, including their… Read more.
Nov 11, 2024 |
In Blog
The OpenSSF Armored Goose “Honk”: Advancing Open Source Security
The Open Source Security Foundation (OpenSSF) logo presents a compelling visual narrative featuring “Honk”, an armored goose holding a shield. This unique and creative mascot perfectly embodies the foundation's mission in open source security. Why the goose? Read more.
Nov 4, 2024 |
In Blog
How We Can Learn from Open Source Software to Address the Challenges of AI
With the development of new artificial intelligence (AI) models and capabilities, attention has been drawn to their potential harms and misuse: from generating deepfakes and disinformation, algorithmic bias, or being used to perpetuate other harms or biases. Read more.
Nov 1, 2024 |
Red Hat’s Collaboration with the OpenSSF and OSV.dev Yields Results: Red Hat Security Data Now Available in the OSV Format
OSV is an open format for describing software vulnerabilities. It provides security researchers, vendors, and consumers with an easy to understand format for exchanging vulnerability information. OSV.dev is a database that hosts and aggregates OSV data. Read more.
Oct 29, 2024 |
OpenSSF Welcomes New Members and Introduces New Initiatives at SOSS Community Day Japan
Growing Member Base and New Initiatives Continue to Advance Open Source Software Security TOKYO, JAPAN – October 30, 2024 – The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), is excited to announce new members from… Read more.
Oct 29, 2024 |
OpenSSF Expands Secure Development Course with Interactive Labs
The Open Source Security Foundation (OpenSSF) today announced an expansion of its free course “Developing Secure Software” (LFD121). The course now features interactive learning scenarios to better equip developers to build software that resists modern cyberattacks. Read more.
Oct 28, 2024 |
OpenSSF Adds Minder as a Sandbox Project to Simplify the Integration and Use of Open Source Security Tools
Today, I’m excited to announce that Stacklok is contributing our Minder open source project to the Open Source Security Foundation (OpenSSF). Minder makes it simpler for developers and security teams to adopt a policy-based approach to open source software security; it reduces noise, alerts to risk only when necessary, auto-remediates… Read more.
Oct 25, 2024 |
In Blog
Cybersecurity Awareness Month 2024: Stay Secure, Stay Informed
October is Cybersecurity Awareness Month! Proclaimed since 2004, October is the month dedicated to raising awareness about cybersecurity and taking simple steps to keep individuals and organizations safe. This year, let’s focus on collective action across different sectors. This post explores more about what actions different stakeholders can take in… Read more.
Oct 24, 2024 |
Case Study: Kusari’s Implementation of OpenSSF Tools and Services
Challenge For many years, the software supply chain has suffered from a lack of transparency and inefficient, unsustainable security management methods such as spreadsheets, emails, and word of mouth. The severity of these challenges was highlighted during incidents like Log4Shell, where the limitations of these approaches became evident — organizations… Read more.