Skip to main content

July 2021 Update – New members and new resources for Best Practices and Vulnerability Disclosures underway

By July 28, 2021Blog

The Open Source Security Foundation (OpenSSF) community is working diligently to improve the security of the open source ecosystem. This is no small mission, so we are excited to share all of the work that is happening. In case you missed our recent Town Hall meeting, the resources can be found here

New members

First off, we’re excited to announce 10 new members have joined the OpenSSF. The commitments from companies industry-wide demonstrate the priority to secure the open source software that runs our business and our lives. Our newest members join at least 35 other companies and include Accurics, Anchore, Bloomberg Finance, Cisco Systems, Codethink, Cybertrust Japan, OpenUK, ShiftLeft, Sontaype and Tidelift. 

Working Group Progress

Our working groups are where the work gets done, and contributors from across the industry have made important progress in recent months. 

Vulnerability Disclosures

The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication. Its latest work includes: 

  • OSS Vulnerability Disclosure good practices whitepaper, targeting September to publish.
  • Setting up a call with the CVE Board to hear about the changes to the program and provide them feedback from our perspective
  • Ongoing talks with CERT-CC about their open sourcing their VINCE vulnerability coordination tool

Best Practices

The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers. Its latest work includes:

About the OpenSSF

The OpenSSF is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. It combines the Linux Foundation’s Core Infrastructure Initiative (CII), founded in response to the 2014 Heartbleed bug, and the Open Source Security Coalition, founded by the GitHub Security Lab to build a community to support open source security for decades to come. 

For more information and to learn how to get involved, including information about participating in working groups and advisory forums, please visit