Skip to main content

Feb 27, 2024 | OpenSSF

In Blog

Golden Egg Award: Celebrating Exceptional Contributions in the OpenSSF Community

In Open Source Security Foundation (OpenSSF), we shine a light on those who go above and beyond in enriching our community. The Golden Egg Awards recognize individuals as the driving force behind innovation. More than just a token of appreciation, the Golden Egg symbolizes gratitude for their selfless dedication to… Read more.

Feb 26, 2024 | OpenSSF

In Blog

SOSS Community Day North America (NA) Agenda Live

We're excited to announce that the agenda for Secure Open Source Software (SOSS) Community Day NA on April 15, 2024 is now available! Join us for a day of technical talks, panels, and a Table Top Exercise (TTX). SOSS Community Day is co-located with Open Source Summit North America in… Read more.

Feb 26, 2024 | OpenSSF

In Blog

OpenSSF Supports White House’s Efforts to Build More Secure and Measurable Software

The US Office of the National Cyber Director (ONCD) report Back to the Building Blocks: A Path Toward Secure and Measurable Software, was released today. The report provides valuable insights into strategies to improve software security. This paper emphasizes the importance of proactive measures in mitigating vulnerabilities by examining pivotal… Read more.

Feb 21, 2024 | OpenSSF

In Blog

Submit to Speak at SOSS Fusion 2024

The Secure Open Source Software (SOSS) Fusion Conference by the OpenSSF is a leading event for open source professionals, uniting diverse experts from software developers to CISOs and tech pioneers. It's not just an event; it's a push toward a more secure digital future. Read more.

Feb 20, 2024 | aliu

In Blog

OpenSSF Responds to US CISA RFI on Cybersecurity Risk and Secure by Design Software

OpenSSF has submitted a response to the Request For Information (RFI) on Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software issued by the US Cybersecurity and Infrastructure Security Agency (CISA). We have provided insightful feedback on making software secure by design, highlighting the critical… Read more.

Feb 16, 2024 | aliu

Scaling Up Supply Chain Security: Implementing Sigstore for Seamless Container Image Signing

In this blog post, we will explore how Yahoo leverages Sigstore, in concert with Athenz, an open source platform for managing X.509 certificates, as an internal Certificate Authority, to sign and verify container images.  Read more.

Feb 16, 2024 | aliu

Alpha-Omega 2023 Annual Report

In 2023, Alpha-Omega provided ten grants to eight organizations totaling over $2.8 million dollars, with an average grant size of just over $350,000. In partnership with OpenSSF, Alpha-Omega's mission is to catalyze sustainable security improvements within the most critical open source projects and ecosystems. As a Directed Fund with three… Read more.

Feb 14, 2024 | OpenSSF

In Blog

Linux Kernel Achieves CVE Numbering Authority Status

The Linux kernel has achieved a significant milestone in open source software security. It has been authorized as a CVE Numbering Authority (CNA) by the CVE Program. Being a CNA enables the Linux kernel team to manage the vulnerabilities with more accuracy and higher quality in the future.  As Linux… Read more.

Feb 13, 2024 | OpenSSF

In Blog

Announcing the First Ever SOSS Fusion Conference: How You Can Get Involved

We are thrilled to announce the first event Secure Open Source Software (SOSS) Fusion Conference 2024, a two-day conference hosted by the OpenSSF in Atlanta, GA. Set to take place on October 22-23, 2024, at The Hotel at Avalon, this event is dedicated to Securing Open Source Software (SOSS). The… Read more.
OpenSSF Participates in U.S. AI Safety Institute Consortium

Feb 12, 2024 | OpenSSF

In AI, Blog

OpenSSF Participates in Department of Commerce Consortium Dedicated to AI Safety

The Open Source Security Foundation (OpenSSF) is participating in the Biden-Harris Administration’s first-ever Consortium Dedicated to AI Safety, led by the US Department of Commerce. We join over 200 leading artificial intelligence (AI) stakeholders in supporting the development and deployment of trustworthy and safe AI along with other Linux Foundation… Read more.