August 2, 2022 in Blog

Get Up to Speed with OpenSSF at Next Virtual Town Hall

At the next virtual OpenSSF Town Hall you will get an in-depth tour of several key initiatives and find out how to get involved yourself in the exciting work of…
Read More
July 26, 2022 in Blog

Take Survey to Help Improve Software Supply Chain Integrity Practices

A new survey by Chainguard in collaboration with the Eclipse Foundation, the Rust Foundation and OpenSSF aims to understand the software supply chain integrity practices of a broad range of…
Read More
July 22, 2022 in Blog

Join Us at the First OpenSSF Open Source Security Meetup in India

I’m very excited to present at the first ever Open Source Security Foundation (OpenSSF) meetup in India, next Thursday, July 28 in Bangalore, hosted by OpenSSF Premier Member, Wipro. Companies and…
Read More
July 20, 2022 in Blog

OpenSSF Supports Movements toward Multi-Factor Authentication

By: The OpenSSF Technical Advisory Council  On July 8th, 2022, the Python Package Index (PyPI) announced a security key giveaway for maintainers of critical projects, where “critical” is a label…
Read More
July 19, 2022 in Blog

OpenSSF Day Videos Now Available from Open Source Summit North America

The first ever OpenSSF Day at the Open Source Summit North America (OSS NA) was a big success. On June 20th, we gathered in Austin, Texas and online to understand…
Read More
July 18, 2022 in Blog

Results of Sigstore and slf4j Security Audits Including 1 High Risk Vulnerability Found and Fixed

We’re excited to report the results of two security audits, one for Sigstore and one for slf4j. The goal of security audits is to find vulnerabilities so they can be…
Read More
June 22, 2022 in Blog

Free Training Course Teaches How to Secure a Software Supply Chain with Sigstore

To make it easier to use Sigstore’s toolkit to its full potential, OpenSSF and Linux Foundation Training & Certification released a free online training course, Securing Your Software Supply Chain…
Read More
June 21, 2022 in Blog

State of Open Source Security 2022 from Snyk & the Linux Foundation

Snyk has teamed up with the Linux Foundation to research and report on security concerns in the open source ecosystem. The 2022 State of Open Source Security report shows that…
Read More
June 20, 2022 in Blog

New Untold Stories of Open Source Podcast Features OpenSSF’s Brian Behlendorf on his Journey to Securing the FOSS Software Supply Chain

The Linux Foundation released a new podcast series, “The Untold Stories of Open Source.” Join us each week as we meet the people behind the code, discover their often unconventional…
Read More
June 20, 2022 in Blog

OpenSSF Makes Secure Software Development Training Available on Organizations’ Learning Management Systems

The free "Developing Secure Software" (LFD121) online training course is now available through SCORM Connect, so that organizations with their own SCORM-compliant Learning Management Systems (LMSs) can integrate the course…
Read More
June 20, 2022 in Blog

OpenSSF Funds Python and Eclipse Foundations and Acquires through Alpha-Omega Project

As part of the OpenSSF’s continued investment in critical open-source projects, we are pleased to announce that the OpenSSF’s Alpha-Omega Project has committed to $800,000 in funding split equally among…
Read More
June 9, 2022 in Blog

Introducing Fuzz Introspector, an OpenSSF Tool to Improve Fuzzing Coverage

We are excited to announce an initial release of Fuzz Introspector, a collaborative effort from OpenSSF members, that provides actionable insights for developers to identify fuzzing coverage blockers by analyzing…
Read More
May 11, 2022 in Blog

Testimony to the US House Committee on Science and Technology

We’re pleased to share that Brian Behlendorf, OpenSSF General Manager, testified to the United States House of Representatives Committee on Science, Space, and Technology today. Brian's testimony shares the work…
Read More
April 28, 2022 in Blog

Introducing Package Analysis: Scanning open source packages for malicious behavior

By Caleb Brown and David A. Wheeler, on behalf of Securing Critical Projects Working Group Today we're pleased to announce the initial prototype version of the Package Analysis project, an…
Read More
April 19, 2022 in Blog

Your Favorite Software Repositories, Now Working Together

Authors: Dustin Ingram (Google), Jacques Chester (Shopify) A software repository is a critical component of any open source ecosystem: it provides a trusted central channel to publish, store and distribute…
Read More
April 18, 2022 in Blog

OpenSSF Selects Node.js as Initial Project to Improve Supply Chain Security

Authors: Brian Behlendorf, OpenSSF, and Robin Bender Ginn, OpenJS Foundation Today, we’re excited to announce that Node.js is the first open source community to be supported by OpenSSF's Alpha-Omega Project.…
Read More
March 30, 2022 in Blog

Free Developing Secure Software Training Course From OpenSSF Now Available

Log4Shell, SolarWinds Compromise, Heartbleed – cybersecurity breaches have become household names in recent years. These issues are costing organizations billions of dollars in prevention and remediation costs, yet at the…
Read More
March 17, 2022 in Blog

Open Source is Global, So OpenSSF Must Be Too

There was once a time when we marveled at the global nature of the open source user and contributor community, when it was a thrill to get a question or…
Read More
February 2, 2022 in Blog

OpenSSF Webinar: Introduction to Project Alpha-Omega

We've scheduled a webinar on February 16, 2022 at 10:00 AM US/Pacific time for anyone who wants to learn more about Project Alpha-Omega and registration is now open! Hear from…
Read More
January 19, 2022 in Blog

Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4

Authors: Best Practices Working Group, Laurent Simon (Google), Azeem Shaikh (Google), and Jose Palafox (GitHub) Today, two members of the Open Source Security Foundation, Google and GitHub, are partnering to…
Read More
January 13, 2022 in Blog

The OpenSSF and the Linux Foundation Address Software Supply Chain Security Challenges at White House Summit

Today marks an important moment in the Linux Foundation’s history of engagement with public sector organizations. The White House convened an important cross-section of the Open Source developer and commercial…
Read More
December 16, 2021 in Blog

Open Source Foundations Must Work Together to Prevent the Next Log4Shell Scramble

As someone who has spent their entire career in open source software (OSS), the Log4Shell scramble (an industry-wide four-alarm-fire to address a serious vulnerability in the Apache Log4j package) is…
Read More
December 10, 2021 in Blog

Securing Critical Open Source Projects with Multifactor Authentication

The Open Source Security Foundation (OpenSSF) Developer Best Practices Working Group has undertaken a project to improve the overall security and integrity of critical open source software projects and their…
Read More
November 15, 2021 in Blog

November Town Hall Recording

On behalf of the OpenSSF community and staff, thank you to everyone who joined our quarterly town hall meeting today. If you weren't able to attend the live presentation, check…
Read More
October 25, 2021 in Blog

OpenSSF Quarterly Town Hall Announcement – UPDATED

The OpenSSF community is excited to chat more in-depth about several exciting project updates and recent announcements! We hope you'll join us for our next community Town Hall, to be…
Read More
October 13, 2021 in Blog

The World’s Major Technology Providers Converge to Improve the Security of Software Supply Chains

Imagine you have created an open source project that has become incredibly popular.  Thousands, if not millions, of developers worldwide, rely on the lines of code that you wrote. You…
Read More
September 27, 2021 in Blog

Announcing the OpenSSF Vulnerability Disclosure WG guide to disclosure for OSS projects

Authors: Anne Bertucio, Christopher Robinson, David Wheeler, OpenSSF Vulnerability Disclosure WG members Vulnerability disclosure is the process of reporting, remediating, and communicating the details of a discovered vulnerability.  This…
Read More
August 11, 2021 in Blog

Introducing the Allstar GitHub App

Authors: Mike Maraya, Jeff Mendoza We’re excited to announce Allstar, a GitHub app that provides automated continuous enforcement of security best practices for GitHub projects. With Allstar, owners can check…
Read More
July 28, 2021 in Blog

July 2021 Update – New members and new resources for Best Practices and Vulnerability Disclosures underway

The Open Source Security Foundation (OpenSSF) community is working diligently to improve the security of the open source ecosystem. This is no small mission, so we are excited to share…
Read More
May 14, 2021 in Blog

How LF communities enable security measures required by the US Executive Order on Cybersecurity

Our communities take security seriously and have been instrumental in creating the tools and standards that every organization needs to comply with the recent US Executive Order Overview The US…
Read More
May 5, 2021 in Blog

Introducing the Security Reviews Initiative

Author: Michael Scovetta, on behalf of the Identifying Security Threats Working Group In addition to the Security Metrics initiative, the OpenSSF is proud to announce the Security Reviews initiative. Security…
Read More
May 4, 2021 in Blog

May 2021 Update: OpenSSF Unveils New Security Initiative

The Open Source Security Foundation (OpenSSF) community is working diligently to improve the security of the open source ecosystem. This is no small mission, so we are excited to share…
Read More
May 3, 2021 in Blog

Introducing the Security Metrics Initiative

Author: Michael Scovetta, on behalf of the Identifying Security Threats Working Group The OpenSSF would like to announce the initial release of the Security Metrics initiative. The primary objective of…
Read More
April 14, 2021 in Blog

Upcoming OpenSSF Town Hall on May 3, 2021

The OpenSSF community has been working diligently to improve the security of the open source ecosystem. We would like to share all of the great work that is happening and…
Read More
February 3, 2021 in Blog

Upcoming OpenSSF Town Hall on February 22

The OpenSSF community has been working fast and furious since its formation last year to improve the security of the open-source ecosystem. We all know this is no small mission…
Read More
January 28, 2021 in Blog

January 2021 Update: New Technical Vision Informs Working Group Progress 

The OpenSSF community has been working fast and furious since its formation last year to improve the security of the open source ecosystem. We all know this is no small…
Read More
January 27, 2021 in Blog

Digital Identity Attestation Roundup

Author: Kim Lewandowski, on behalf of the Digital Identity Attestation Working Group We kicked off the first Digital Identity Attestation Working Group meeting under the OpenSSF in August, 2020. The…
Read More
December 9, 2020 in Blog

Introducing the OpenSSF CVE Benchmark

Author: Bas van SchaikToday, at Black Hat Europe, the Open Source Security Foundation (OpenSSF) unveiled its latest initiative: the OpenSSF CVE Benchmark. The benchmark consists of vulnerable code and metadata…
Read More
November 23, 2020 in Blog

OpenSSF Town Hall Recording: Now Available!

The video recording of the Open Source Security Foundation (OpenSSF)  “Public Town Hall” meeting of November 9, 2020 is now available! This meeting shares updates and celebrates accomplishments during the…
Read More
November 6, 2020 in Blog

Security Scorecards for Open Source Projects

Author: Kim Lewandowski, Google Product Manager One of the first things I wanted to do when the OpenSSF launched was help people make better decisions about security when consuming open…
Read More
October 29, 2020 in Blog

Announcing: Secure Software Development EdX course, Sign Up Today!

The Open Source Security Foundation (OpenSSF) has developed a trio of free courses on how to develop secure software. These courses are part of the Secure Software Development Fundamentals Professional…
Read More
October 21, 2020 in Blog

OpenSSF Public Town Hall – November 9 2020, 10am Pacific

Please join us for the first-ever OpenSSF Town Hall Meeting on November 9, 2020 from 10 AM to 12 PM Pacific Time (US and Canada). In this meeting, we will…
Read More
October 7, 2020 in Blog

OpenSSF seeks Security Community Individual Representative for Governing Board

The Open Source Security Foundation (OpenSSF) is accepting nominations for the Security Community Individual Representative seat on our Governing Board. The nomination period is open until October 23 2020, after…
Read More