Skip to main content

May 17, 2024 | OpenSSF

Where Does Your Software (Really) Come From?

Software is a funny, profound thing: Each piece of it is an invisible machine, seemingly made of magic words, designed to run on the ultimate, universal machine. It’s not alive, but it has a lifecycle. It starts out as source code—just text files sitting in a repository somewhere—and then later… Read more.

May 16, 2024 | OpenSSF

In Blog

Join Our Upcoming OpenSSF Tech Talk: Proactive Supply Chain Security with GUAC

Join our upcoming Tech Talk, "Proactive Supply Chain Security with GUAC," on June 6, 2024, at 10 AM PT/1 PM ET, as we discuss proactive vulnerability management and software supply chain security. Read more.

May 14, 2024 | OpenSSF

In Blog

Call for Proposals: Submit to Speak at SOSS Community Day Europe

Join us in Vienna, Austria, for the Secure Open Source Software (SOSS) Community Day Europe 2024, an enriching gathering where members from across the security and open source ecosystem converge to exchange ideas and advancements. Formerly known as OpenSSF Days, SOSS Community Days reflect our broader commitment to fortifying the… Read more.

May 13, 2024 | OpenSSF

In Blog

Unlock the Keys to Improved Software Security

This post summarizes key steps that software developers can take to improve software security. It is a text version of a talk given at Open Source Summit North America (OSS NA) 2024. Read more.

May 8, 2024 | OpenSSF

DruBOM: An SBOM for Drupal

DruBOM is a Software Bill of Materials (SBOM) for Drupal. It is a list of all the dependencies of a Drupal project, including the Drupal core, modules, themes, and libraries. Read more.

May 2, 2024 | OpenSSF

In Blog

Recap of SOSS Community Day North America 2024

On April 15, 2024, Secure Open Source Software (SOSS) Community Day North America (NA) brought together the open source community in Seattle to delve into discussions surrounding the challenges, overarching solutions, ongoing initiatives, and triumphs in fortifying the open source software (OSS) supply chain. Alongside dedicated SOSS contributors and thought… Read more.
Keynote Speaker Announced

May 1, 2024 | OpenSSF

OpenSSF Taps Bruce Schneier to Discuss AI and OSS Security During Keynote at SOSS Fusion Conference 2024

OpenSSF Taps Bruce Schneier to Discuss AI and OSS Security During Keynote at SOSS Fusion Conference 2024 Register by Aug. 9 for special early bird giveaways! Get access to interactive workshops, in-depth discussions and valuable sessions about securing open source software Read more.

Apr 24, 2024 | OpenSSF

Spotlight on the OpenSSF AI/ML Working Group

By Mihai Maruseac and Jay White What do open source software, security and AI/ML have in common? The intersection of these topics is what the OpenSSF AI/ML Working Group tackles. Almost a year ago, a group of people at the confluence of security and AI/ML came together under the OpenSSF… Read more.

Apr 22, 2024 | OpenSSF

In Blog

Join Us at the OSS Security Meetup in Tokyo, Japan With General Manager Omkhar + SOSS Community Day North America Event Report

We are excited to announce that the members of the Open Source Security Foundation (OpenSSF), A cross-industry initiative that brings together the industry’s most important open source security initiatives and the individuals and companies that support them, will hold the Meetup on Monday, May 13th at Cybertrust Japan having OpenSSF… Read more.
Beyond Scores with OpenSSF Scorecard

Apr 17, 2024 | OpenSSF

Beyond Scores with OpenSSF Scorecard: Granular Structured Results for Custom Policy Enforcement

OpenSSF Scorecard is a tool to help open source projects reduce software supply-chain risks. Scorecard analyzes projects against a series of heuristics and generates scores from 0–10 for the project — 0 meaning that the project employs high-risk practices and 10 meaning that the project follows security best practices. Read more.