Skip to main content

📣 Submit your proposal: OpenSSF Community Day Korea | Open Source SecurityCon

OpenSSF Blog

Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.

TTX_Securing_OSS_and_Empowering_Maintainers

Apr 10, 2024 | OpenSSF

In Blog

Join us for a TTX: Securing OSS & Empowering Maintainers

At SOSS Community Day NA on April 15, 2024 the OpenSSF Community will conduct a Tabletop Exercise (TTX). Periodically walking through various scenarios of a supply chain attack in a time of calm helps identify action items that are important to prepare in advance for when real attacks occur. A… Read more.
Static Binary Analysis

Apr 4, 2024 | OpenSSF

Static Binary Analysis: A Final Exam for Software Supply Chain Protection

The compromise of VoIP provider 3CX is just one of the latest incidents to highlight gaps in software supply chain security - and the need for a new approach to supply chain risk management, writes Charlie Jones of ReversingLabs. Read more.
xz Backdoor CVE-2024-3094

Mar 30, 2024 | OpenSSF

In Blog

xz Backdoor CVE-2024-3094

CVE-2024-3094 documents a backdoor in the xz package. While the motivation behind this backdoor remains unknown, the intent was to compromise specific distributions, as the backdoors were only applied to DEB or RPM packages for the x86-64 architecture built with gcc and the gnu linker. Situations like this remind us… Read more.
VulnCon Program Committee

Mar 29, 2024 | OpenSSF

In Blog

VulnCon 2024 Wrap-up: Securing the Ecosystem through Global Cooperation

The OpenSSF was pleased to be one of the sponsors that helped contribute to the inaugural 2024 VulnCon conference that brought together experts from across industry, government, security researchers, and community members throughout 3 days and nearly 40 sessions.  Brought together by the FIRST PSIRT SIG and the CVE Board. Christopher… Read more.
Intel OpenSSF Scorecard Secure Sofware Portfolio

Mar 25, 2024 | OpenSSF

How Intel Uses OpenSSF Scorecard To Better Secure Its Software Portfolio

Scorecard is an automated tool from the OpenSSF that assesses 19 different vectors with heuristics ("checks") associated with important software security aspects and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your… Read more.
OpenSSF Blog

Mar 22, 2024 | OpenSSF

In Blog

Empowering Women in Tech: An Interview on Angela Jeffrey’s Journey to Cybersecurity

Empowering Women in Tech: An Interview on Angela Jeffrey’s Journey to Cybersecurity Interviewer: Omkhar Arasaratnam Read more.
OpenSSF Scorecard Tech Talk

Mar 21, 2024 | OpenSSF

In Blog

OpenSSF Scorecard Tech Talk Highlights

Last week the community convened for the first OpenSSF Tech Talk of the year, shining a spotlight on OpenSSF Scorecard. OpenSSF Scorecard aids developers and open source consumers in assessing how well an open source project adheres to best practices. It evaluates projects for security risks using a series of… Read more.
The OpenSSF Takes On VulnCon

Mar 20, 2024 | OpenSSF

In Blog

Driving Change Together: The OpenSSF Takes On VulnCon

The CVE and FIRST VulnCon 2024 and Annual CNA Summit is set to take place in Raleigh, North Carolina, next week! The OpenSSF is delighted to support this initiative and our cross-industry goals to sustainably make open source software safer. Read more.
Sigstore OpenSSF Graduated Project

Mar 20, 2024 | OpenSSF

Sigstore Graduates: A Monumental Step Towards Secure Software Supply Chains

Supply chain security took a giant leap forward this month as Sigstore officially became a graduated project within the Open Source Security Foundation (OpenSSF). This milestone is a testament to Sigstore's maturity, adoption, and its undeniable impact on making the creation and distribution of software more trustworthy. Read more.
First Tabletop Exercise (TTX) at SOSS Community Day North America

Mar 19, 2024 | OpenSSF

In Blog

Join OpenSSF for our First Tabletop Exercise (TTX) at SOSS Community Day North America

We're excited to announce the agenda for the Tabletop Exercise (TTX) at Secure Open Source Software (SOSS) Community Day NA in now live which will take place on April 15, 2024 in Seattle, WA.  Read more.