Skip to main content
Becoming a CVE Numbering Authority

Nov 27, 2023 | OpenSSF

In Blog

OpenSSF introduces guide to becoming a CVE Numbering Authority as an Open Source project

The Open Source Security Foundation (OpenSSF) is excited to announce a new guide for Open Source projects that are interested in issuing and managing their own CVE IDs through the CVE Numbering Authority (CNA) program. The guide is available on GitHub and will be kept up-to-date with changes to CNA… Read more.
OpenSSF Sigstore Simplifying Code Signing for Open Source Ecosystems

Nov 21, 2023 | OpenSSF

Sigstore: Simplifying Code Signing for Open Source Ecosystems

This month’s spotlight focuses on the Sigstore project. Digital signatures play a critical role in the software supply chain, by providing verifiable attributes of authentication, integrity, and non-repudiation of artifacts as they are distributed between consumers and producers. By ensuring that the origin of the software can be reliably traced… Read more.
OpenSSF Mission Vision Values Strategy

Nov 20, 2023 | OpenSSF

In Blog

OpenSSF publishes Mission, Vision, Values, and Strategy

The open source software (OSS) community is ever-changing, and the security of OSS rapidly evolves in parallel. This requires OpenSSF to regularly re-evaluate our focus and approach to intentionally improve OSS security.  Today the Open Source Security Foundation (OpenSSF) releases an updated Mission, Vision, Values and Strategy (MVS) for the… Read more.
SBOM Consumption

Nov 17, 2023 | OpenSSF

In Blog

Securing the Software Supply Chain Report Recommends SBOM Consumption Practices for Critical Infrastructure Providers

In an era where cyber threats continue to evolve, securing the software supply chain has become paramount for organizations globally. Recognizing the critical need for a robust framework, the US National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and… Read more.
OpenSSF Guest Blog Editorial Review Panel

Nov 16, 2023 | OpenSSF

In Blog

OpenSSF Kicks Off Guest Blog Editorial Review Panel to Amplify Voices in the Security Community

Open source software (OSS) has grown exponentially in its adoption and usage in recent years, making its security a top priority. The Open Source Security Foundation (OpenSSF) recognizes the need to foster a community that shares knowledge, insights, and best practices to fortify OSS. With this in mind, we're pleased… Read more.
OpenSSF Alpha Omega Rust Foundation

Nov 15, 2023 | OpenSSF

Alpha-Omega to Continue Support of Rust Foundation Security Initiative in 2024

Today, Alpha-Omega is excited to announce our second year of supporting the Rust Foundation Security Initiative.  We believe that this funding will build on the good work and momentum established by the Rust Foundation in 2023. Through this partnership, we are helping relieve maintainer burdens while paving an important path… Read more.
OpenSSF supports oss-security and linux-distros mailing lists

Nov 14, 2023 | OpenSSF

In Blog

OpenSSF Supports oss-security and (linux-)distros Mailing Lists

As a part of the OpenSSF's mission to sustainably secure the development, maintenance and consumption of open source software, the OpenSSF earlier this year started to sponsor the operation of a critical piece of the community's infrastructure for communication.  The oss-security and (linux)-distros mailing lists, which are operated by Openwall,… Read more.
How to Use Open Source to Help Comply with SCM Best Practices

Nov 9, 2023 | OpenSSF

How to Use Open Source to Help Comply with SCM Best Practices: A Tutorial on Combining OpenSSF Scorecard and Legitify

A few weeks ago, the OpenSSF Best Practices Working Group published the Source Code Management (SCM) Best Practices guide. This guide is the result of a collaboration of multiple leading security community members under the OpenSSF umbrella. The SCM Best Practices guide provides a comprehensive set of recommendations for securing SCM… Read more.
OpenSSF ONCD RFI OSS Security Response

Nov 8, 2023 | OpenSSF

In Blog

OpenSSF Responds to US Federal Government RFI on Open Source Software Security

The OpenSSF has submitted a response to the Request For Information (RFI) on open source software (OSS) security and memory safe programming languages from the US White House Office of the National Cyber Director (ONCD) and its partners in the Open-Source Software Security Initiative (OS3I). We have thoroughly reviewed the… Read more.

Nov 6, 2023 | OpenSSF

Alpha-Omega Grant To Help Homebrew Reach SLSA Build Level 2

Alpha-Omega is pleased to announce a grant to the Homebrew project to enable Sigstore attestations and verification of Homebrew packages. When complete the project will allow organizations to securely verify the provenance of the toolchains on their workstations and in their build environments. This is a critical part of securing… Read more.