Aug 24, 2023 |
In Blog
Join Us in Adopting the Open Source Consumption Manifesto
By adopting a few common principles, software organizations can achieve real, measurable change in the security and health of their software supply chains. You are invited to adopt the new Open Source Consumption Manifesto (OSCM) developed by the OpenSSF’s End Users Working Group and to sign the Manifesto by adding… Read more.
Aug 18, 2023 |
The Rising Threat of Software Supply Chain Attacks: Managing Dependencies of Open Source Projects
If you're not using automation to monitor the security risks from your dependency tree, chances are your project is vulnerable. Although these vulnerabilities may not be malicious, they can still allow malicious actors to target your users or their data. Read more.
Aug 9, 2023 |
OpenSSF to Support DARPA on New AI Cyber Challenge (AIxCC)
The Open Source Security Foundation (OpenSSF) announced today at Black Hat 2023 its collaboration with the Defense Advanced Research Projects Agency (DARPA) on the AI Cyber Challenge (AIxCC) – a two-year competition aimed at driving innovation at the nexus of AI and cybersecurity to create a new generation of cybersecurity… Read more.
Jul 28, 2023 |
Understanding and Applying the OpenSSF Criticality Score in Open Source Projects
At Open Source Summit North America earlier this year as a 10th grader, Nathan Naveen, gave a talk about OpenSSF Criticality Score. Nathan takes a look at why understanding tools like the Criticality Score is a valuable skill for anyone involved in open source contributions, no matter your age. Read more.
Jul 27, 2023 |
In Blog
OpenSSF Vulnerability Disclosures Working Group Helps Guide and Automate Handling Risk
The OpenSSF Vulnerability Disclosures Working Group aims to improve open source security by developing and advocating well-managed vulnerability reporting and communication. We do so by documenting and supporting best vulnerability disclosure and coordination practices and help share information on vulnerability information. The group is highly involved with the ecosystem and… Read more.
Jul 21, 2023 |
Manage how you protect your assets at scale with SBOMs
While many in the industry realize the value of having a software bill of materials, creators still need to generate high-fidelity SBOMs, and software consumers must ingest and enforce actions based on a given SBOM for it to be a useful endeavor. Otherwise, we’re just adding more to the pile… Read more.
Jul 20, 2023 |
Fuzz Introspector: optimizing fuzzing workflows
Fuzz Introspector is an open source tool that at its core provides insights and suggestions for improvements on how a given project is being fuzzed. In this blog post we present background information and updates on Fuzz Introspector, which is developed in a collaboration between OpenSSF and Google’s OSS-Fuzz. Read more.
Jul 19, 2023 |
In Blog
OpenSSF Day Europe Agenda Now Live
The OpenSSF Day Europe agenda is now live! We will be hosting a full day of interesting session presentations, panels, and lightning talks on September 18th, colocated with Open Source Summit Europe in Bilbao, Spain. Plan to join us to discuss the latest and greatest in ongoing efforts to secure… Read more.
Jun 30, 2023 |
In Blog
SBOM Everywhere and the Security Tooling Working Group: Providing the Best Security Tools for Open Source Developers
This month, we present a spotlight on the SBOM Everywhere initiative, housed under the OpenSSF Security Tooling Working Group. The mission of the Security Tooling Working Group is to identify, evaluate, improve, develop & ease deployment of universally-accessible, developer focused tooling to help the open source community secure their code. Read more.
Jun 22, 2023 |
PSF Welcomes New Security Developer in Residence with Support from Alpha-Omega
Through funding by the OpenSSF’s Alpha-Omega Project, the Python Software Foundation (PSF) has hired a new security developer in residence as part of a year-long security enhancement initiative. PSF announced their intention to fill this role back in January, and after a thorough search, they have chosen Seth Michael Larson! Read more.