Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Deprecated: Invalid characters passed for attempted conversion, these have been ignored in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 455
Warning: Undefined variable $tag_slugs in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 547
Warning: Undefined variable $author_id in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 805
Feb 6, 2024 |
In Blog
Time is of the Essence to Mitigate Vulnerabilities like Leaky Vessels
Time is of the essence to mitigate vulnerabilities like the recent Leaky Vessels in order to reduce the chance of the vulnerabilities being exploited by attackers. As noted in Leaky Vessels: Docker and runc container breakout vulnerabilities, “Snyk security researcher Rory McNamara, with the Snyk Security Labs team, identified four… Read more.
Feb 6, 2024 |
In Blog
Post-Quantum Cryptography Alliance Launch
Today the Linux Foundation announced the launch of the Post-Quantum Cryptography Alliance (PQCA), an open and collaborative initiative to drive the advancement and adoption of post-quantum cryptography. The OpenSSF looks forward to closely collaborating with PQCA, so that high-assurance implementations of post-quantum algorithms will be widely adopted along with the… Read more.
Feb 5, 2024 |
In Blog
CVE-2023-6246 Root Access Vulnerability in glibc
The CVE-2023-6246 vulnerability in glibc can allow an attacker to escalate their local unprivileged access to the full root privilege level. CVEs like this highlight the significance of the initiatives that OpenSSF has been championing like Memory Safe Languages, Tools, and Coordinated Vulnerability Disclosure. Read more.
Feb 2, 2024 |
In Blog
OpenSSF Champions a More Secure Future in Collaboration with Public Sector
As the Open Source Security Foundation (OpenSSF), our core mission is to safeguard the open source software (OSS) ecosystem and make it more secure. In 2023, we embraced a significant opportunity to further this mission by working with the US government, including its Open-Source Software Security Initiative (OS3I). Read more.
Jan 31, 2024 |
In Blog
Maintainer Motivations, Challenges, and Best Practices on Open Source Software Security
The Linux Foundation’s recent research report, titled Maintainer Perspectives on Open Source Software Security, provides valuable insights into the views and practices of OSS maintainers and core contributors. Insights were derived from survey data, and the report features a foreword from Cisco’s Stephen Augustus, a maintainer, contributor, and one of open… Read more.
Jan 24, 2024 |
In Blog
OSS Security Sessions & FOSDEM Survival Guide
Are you going to FOSDEM - the biggest open source event in Europe? It can be very overwhelming for anyone new to the event. If you are interested in open source security and policy, there are be some events and talks that you do not want to miss. Here is… Read more.
Jan 18, 2024 |
In Blog
Introducing gittuf: A Security Layer for Git Repositories
We’re pleased to announce that gittuf, a security layer for Git repositories, has joined the OpenSSF as a sandbox project. The project is housed under the Supply Chain Integrity Working Group. Read more.
Jan 11, 2024 |
In Blog
Submit to Speak at SOSS Community Day North America 2024
We are thrilled to announce that the OpenSSF is hosting SOSS Community Day North America 2024, on April 15, 2024 in Seattle, Washington. This is a one day event co-located with Open Source Summit North America dedicated to Securing Open Source Software (SOSS). The call for proposal (CFP) to speak… Read more.
Jan 4, 2024 |
In Blog
OpenSSF Election Results for Technical Advisory Council and Representatives to the Governing Board
We are excited to start 2024 by announcing several key election results. OpenSSF Associate Members and General Members and the Community elected their representatives to the Governing Board and we elected a new and expanded Technical Advisory Council (TAC). Read more.
Dec 21, 2023 |
In Blog
Recap of OpenSSF Day Japan
As 2023 drew to a close, OpenSSF convened the open source community in Tokyo, Japan, to delve into discussions surrounding the challenges, overarching solutions, ongoing initiatives, and triumphs in fortifying the open source software (OSS) supply chain. Alongside dedicated OpenSSF contributors and thought leaders, we embarked on an in-depth exploration… Read more.