Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Aug 27, 2024 |
Innovative Supply Chain Security for Enterprise Cloud Platform Service
This blog explores how Guidewire Cloud Platform is using and collaborating with GUAC. Read more.
Aug 19, 2024 |
In Blog
A Bird’s-Eye View of LFD 121 (Developing Secure Software) — and Why Every Developer Should Take It
Software security has continued to grow in importance. The Linux Foundation has undertaken various initiatives around open source software security, such as the Open Source Security Foundation (OpenSSF)—–a full list of initiatives is available on LF Security. Read more.
Aug 15, 2024 |
In Blog
GUAC v0.8.0 Released
GUAC v0.8.0 is now available. This release brings support for license information, node deletion, and many other improvements. Read more.
Aug 14, 2024 |
In Blog
Announcing SigstoreCon: Supply Chain Day!
Join us for SigstoreCon: Supply Chain Day! Co-located with Kubecon NA 2024 in Salt Lake City, attendees will learn about simplifying signing and verification for digital artifacts using Sigstore, as well as related software supply chain efforts such as SLSA, The Update Framework, binary transparency, and more! CFP deadline is September 13. Read more.
Aug 12, 2024 |
In Blog
Mitigating Attack Vectors in GitHub Workflows
GitHub Actions are commonly used to automate processes in repositories, by running CI (continuous integration) tests on pull requests for example. It can also be used to make a package release process more secure just by making it automated. But, it is important to be careful to ensure that they… Read more.
Aug 8, 2024 |
In Blog
Call for Proposals: SOSS Community Day Japan 2024
We are excited to announce that the OpenSSF is hosting Security of Open Source Software (SOSS) Community Day Japan 2024, scheduled for Wednesday, October 30, 2024. This one-day event will take place in Tokyo, Japan, and the call for proposals (CFP) is now open. Read more.
Aug 8, 2024 |
In Blog
What’s Next for Open Source? Workshop Highlights and Calls to Action to Inspire Progress for Global Sustainability
In July, a historic moment took place for open source, where it took center stage at the two-day "OSPOs for Good" symposium at the United Nations. Co-hosted by Kenya and Germany, experts from the worlds of open source, government, and NGOs came together to learn and share how open source is… Read more.
Aug 6, 2024 |
In Blog
OSS Security Adventure: Recap of Recent Security-Focused Events Featuring OpenSSF
In July, Open Source Security Foundation (OpenSSF) participated in three key events that highlight its dedication to enhancing open source software security for the global public good: the United Nations OSPOs for Good 2024 Conference and the What’s Next for Open Source? Workshops both in New York City, as well… Read more.
Aug 5, 2024 |
New Guide for Package Repositories to Adopt Trusted Publishers
By Seth Michael Larson The Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group (WG) has just released a new guide for maintainers of open source software repositories. The guide details a new security capability named “Trusted Publishers” which utilizes the OpenID Connect standard (OIDC) to authenticate with a… Read more.
Jul 31, 2024 |
Neo Malware: Malicious Open Source Packages
Malware is at the top of the list among things that keep security and development organizations on edge. Read more.