Sep 28, 2023 |
In Blog
OpenSSF Securing Critical Projects Working Group: Identifying and Helping Improve Top Open Source Projects
The Securing Critical Projects WG aims to solve the problem of insecure (and often unknown) critical projects. First, we focus on helping identify which projects are critical, which will allow discovery of projects that can benefit from additional security focus. We’ve been working on curating a set of identified open… Read more.
Sep 27, 2023 |
In Blog
Threat Modeling the Supply Chain for Software Consumers
From a software consumer perspective, how do we know where to start to address the real supply chain threats? Which risks are more critical than others? What framework or standard should be adopted quickly? Those were the questions posed in the OpenSSF End Users Working Group where engineers got together… Read more.
Sep 18, 2023 |
Advancing Rustls and Rust for Linux with OpenSSF Support
Prossimo continues to advance the functionality and scalability of the Rustls TLS library and the Rust for Linux effort thanks to $530,000 in funding from the OpenSSF’s Alpha-Omega project. This funding will further Prossimo’s efforts to bring memory safety to critical components of the Internet and further OpenSSF’s Alpha-Omega project’s… Read more.
Sep 18, 2023 |
OpenSSF Welcomes New Members in Support of Securing Open Source Software
We welcome six new members from leading technology firms to the OpenSSF. New general members include Mend.io, RTX, Shopify, SlimAI, and Stacklok. New associate member, the Rust Foundation, also joins. Technical communities continue to prioritize investment in open source security and recognize the role of supporting and sustaining open source… Read more.
Sep 15, 2023 |
In Blog
Join us for an OpenSSF Tech Talk on SLSA
Join us for an OpenSSF Tech Talk on SLSA. We’ll delve into the world of SLSA and its transformative impact on software supply chain security. You will get a comprehensive overview of SLSA and dig into SLSA fundamentals, trust and transparency in software artifacts, SLSA framework levels, the industry impact… Read more.
Sep 14, 2023 |
In Blog
What You Need to Know About the Linux Foundation’s New Vulnerability Reporting Policy
The Linux Foundation introduces our new vulnerability disclosure policy, which clarifies how vulnerability reporters should connect with the Linux Foundation project maintainers who are able to resolve issues. Read more.
Sep 14, 2023 |
In Blog
OpenSSF Releases Source Code Management Best Practices Guide
We are excited to announce the release of the Source Code Management (SCM) Best Practices Guide by the Open Source Security Foundation (OpenSSF) Best Practices Working Group. This guide is a comprehensive resource dedicated to raising awareness and education for securing and implementing best practices for SCM platforms, including GitHub… Read more.
Sep 13, 2023 |
OpenSSF Gathers US Government and Industry Leaders at Secure Open Source Software Summit 2023
The OpenSSF brought together US Government (USG) officials from the National Security Council (NSC), Office of the National Cyber Director (ONCD), and the Cybersecurity and Infrastructure Security Agency (CISA) among others with industry leaders at the Secure Open Source Software (SOSS) Summit 2023. Participants at the Summit discussed the security… Read more.
Sep 12, 2023 |
In Blog
CISA’s Open Source Software Security Roadmap
We’re excited about the announcement of the US Cybersecurity and Infrastructure Security Agency (CISA)’s Open Source Software Security Roadmap. The Roadmap, released today, clearly articulates a risk assessment and implementation plan to help secure open source software (OSS) usage in the US Federal Government and private sector. Read more.
Sep 11, 2023 |
In Blog
Sessions Not to Miss at Open Source Summit and OpenSSF Day Europe
Open Source Summit Europe in Bilbao, Spain is only one week away! Join us as in-person or virtual attendee for both OpenSSF Day Europe and Open Source Summit Europe. Here are some sessions you won’t want to miss from both events. Read more.