Skip to main content
Running Sigstore as a Managed Service

Oct 3, 2023 | OpenSSF

Running Sigstore as a Managed Service: A Tour of Sigstore’s Public Good Instance

While several articles have been published about how to run your own Sigstore instance, it’s useful to understand how the public good instance is administered – both in terms of configuration and also policies and best practices. Read more.
OpenSSF Chief Architect

Oct 2, 2023 | jbly

In Blog

OpenSSF Welcomes New Chief Architect, Dana Wang

The OpenSSF is pleased to welcome new Chief Architect, Dana Wang! Dana Wang is a technology leader with a track record of delivering results and making impacts at enterprise scale. Dana was formerly the Executive Director of Public Cloud Network Security at JPMorgan Chase. She led the public cloud edge… Read more.
sigstore python 2.0

Sep 29, 2023 | OpenSSF

In Blog

Announcing sigstore-python 2.0

We are delighted to announce the 2.0 release of sigstore-python, a Python client for signing and verifying Sigstore signatures! This release has been in the works for a while and contains a number of significant improvements and breaking changes to both the sigstore CLI and Python APIs. Read more.
OpenSSF Securing Critical Projects Working Group

Sep 28, 2023 | OpenSSF

In Blog

OpenSSF Securing Critical Projects Working Group: Identifying and Helping Improve Top Open Source Projects

The Securing Critical Projects WG aims to solve the problem of insecure (and often unknown) critical projects. First, we focus on helping identify which projects are critical, which will allow discovery of projects that can benefit from additional security focus. We’ve been working on curating a set of identified open… Read more.
Threat Modeling the Supply Chain for Software Consumers

Sep 27, 2023 | OpenSSF

In Blog

Threat Modeling the Supply Chain for Software Consumers

From a software consumer perspective, how do we know where to start to address the real supply chain threats? Which risks are more critical than others? What framework or standard should be adopted quickly? Those were the questions posed in the OpenSSF End Users Working Group where engineers got together… Read more.
OpenSSF Alpha-Omega ISRG Prossimo Rustls Rust for Linux

Sep 18, 2023 | OpenSSF

Advancing Rustls and Rust for Linux with OpenSSF Support

Prossimo continues to advance the functionality and scalability of the Rustls TLS library and the Rust for Linux effort thanks to $530,000 in funding from the OpenSSF’s Alpha-Omega project. This funding will further Prossimo’s efforts to bring memory safety to critical components of the Internet and further OpenSSF’s Alpha-Omega project’s… Read more.
OpenSSF New Members September 2023

Sep 18, 2023 | OpenSSF

OpenSSF Welcomes New Members in Support of Securing Open Source Software

We welcome six new members from leading technology firms to the OpenSSF. New general members include Mend.io, RTX, Shopify, SlimAI, and Stacklok. New associate member, the Rust Foundation, also joins. Technical communities continue to prioritize investment in open source security and recognize the role of supporting and sustaining open source… Read more.
SLSA Tech Talk - Oct 5

Sep 15, 2023 | OpenSSF

In Blog

Join us for an OpenSSF Tech Talk on SLSA

Join us for an OpenSSF Tech Talk on SLSA. We’ll delve into the world of SLSA and its transformative impact on software supply chain security. You will get a comprehensive overview of SLSA and dig into SLSA fundamentals, trust and transparency in software artifacts, SLSA framework levels, the industry impact… Read more.
LF Vulnerability Reporting

Sep 14, 2023 | OpenSSF

In Blog

What You Need to Know About the Linux Foundation’s New Vulnerability Reporting Policy

The Linux Foundation introduces our new vulnerability disclosure policy, which clarifies how vulnerability reporters should connect with the Linux Foundation project maintainers who are able to resolve issues. Read more.
Secure Code Management Best Practices Guide

Sep 14, 2023 | OpenSSF

In Blog

OpenSSF Releases Source Code Management Best Practices Guide

We are excited to announce the release of the Source Code Management (SCM) Best Practices Guide by the Open Source Security Foundation (OpenSSF) Best Practices Working Group. This guide is a comprehensive resource dedicated to raising awareness and education for securing and implementing best practices for SCM platforms, including GitHub… Read more.