Sep 8, 2023 |
In Blog
Behind the Scenes of the Alpha-Omega Summer Mentorship Program
The Alpha Omega Summer Mentorship Program recently wrapped up and was a resounding success. The program connected senior software security engineers with newcomers to open source, software development, and security research. Entry-level contributors had the opportunity to help accelerate Omega's mission under the guidance of experienced mentors. Get a behind-the-scenes… Read more.
Sep 7, 2023 |
VDR, VEX, OpenVEX and CSAF
Early adopters of SBOM have proposed new standards as well as updates to existing standards to specify the status of each vulnerability alongside the SBOM itself. In this context, existing practices such as VDR, CSAF, and emerging standards VEX and OpenVEX are playing a key role. Read more.
Sep 6, 2023 |
Strengthening Open Source Software: Best Practices for Enhanced Security
Securing the open source ecosystem isn't a passive act. It calls for proactive participation through regular code reviews, vulnerability assessments, or simply staying updated with the latest security protocols. Every user, every developer, and every enthusiast has a role to play. Read more.
Aug 31, 2023 |
In Blog
Introducing RSTUF, Repository Service for TUF
We’re thrilled to announce that RSTUF, Repository Service for TUF, has joined the OpenSSF as an OpenSSF Sandbox Project. This is a major step forward in ensuring we can improve secure content distribution. RSTUF helps address a major challenge: securing software repositories, particularly ensuring the integrity of software updates, is… Read more.
Aug 30, 2023 |
In Blog
OpenSSF Securing Software Repositories Working Group: Repositories, Registries, and Tools
The OpenSSF Securing Software Repositories Working Group focuses on the maintainers of software repositories, software registries, and the tools that rely on them. By repositories, we include all platforms where software is developed, including GitHub and other platforms. By registries, we include platforms such as package registries and other ways… Read more.
Aug 28, 2023 |
In Blog
Submit to Speak at OpenSSF Day Japan
We are pleased to announce that OpenSSF Day Japan will be taking place on December 4, 2023 at the Ariake Central Tower Hall & Conference, colocated with Open Source Summit Japan in Tokyo, Japan. Registration is now open, and you are invited to submit your talk to the call for… Read more.
Aug 28, 2023 |
In Blog
OpenSSF Scorecard Launches v4.12 with Support for GitLab
Today, we are excited to announce OpenSSF Scorecard v4.12. This release adds support for GitLab and brings the project closer to its longer-term goal of supporting all types of hosted repositories. Previously, Scorecard has been limited to GitHub-based repositories along with some support for local Git repositories. Read more.
Aug 25, 2023 |
In Blog
What You Need to Know About the US Federal Government’s RFI on Open Source Software Security
The US Federal Government's recent Request for Information (RFI) on Open Source Software Security (announced by the US White House) is a noteworthy development for open source software (OSS). This RFI originated from the Open-Source Software Security Initiative (OS3I) interagency working group created to improve OSS security. This blog post… Read more.
Aug 24, 2023 |
In Blog
Join Us in Adopting the Open Source Consumption Manifesto
By adopting a few common principles, software organizations can achieve real, measurable change in the security and health of their software supply chains. You are invited to adopt the new Open Source Consumption Manifesto (OSCM) developed by the OpenSSF’s End Users Working Group and to sign the Manifesto by adding… Read more.
Aug 18, 2023 |
The Rising Threat of Software Supply Chain Attacks: Managing Dependencies of Open Source Projects
If you're not using automation to monitor the security risks from your dependency tree, chances are your project is vulnerable. Although these vulnerabilities may not be malicious, they can still allow malicious actors to target your users or their data. Read more.