Jun 28, 2024 |
Improving OpenSSF Scorecard Scores: StepSecurity Automation for Four Key Checks
Implementing security best practices is essential for open source maintainers to ensure their projects are secure and free from vulnerabilities. However, many maintainers find this task complex and time-consuming when done manually. The OpenSSF Scorecard offers an automated heuristic of how well key security processes are implemented in a project,… Read more.
Jun 26, 2024 |
In Blog
A Deep Dive into SBOMit and Attestations
December 2023 saw the launch of SBOMit, a project that helps enhance the reliability and integrity of SBOMs (Software Bills of Materials). It does so by including, along with SBOMs, a series of in-toto attestations that are produced while the software is being created. SBOMit is hosted under the OpenSSF… Read more.
Jun 21, 2024 |
An Open Source Approach to Threat Mitigation in AWS
The security of cloud environments is a top priority for organisations worldwide. According to research by Omdia, supporting cloud and digital transformation projects is one of the top three priorities for cyber security teams, alongside skills development and protecting against ransomware. From a security perspective, getting the right skills around… Read more.
Jun 18, 2024 |
In Blog
Know Your Regular Expressions: Securing Input Validation Across Languages
The Open Source Security Foundation (OpenSSF) Best Practices Working Group (WG) has just released a short guide, Correctly Using Regular Expressions for Secure Input Validation! Hereâs why itâs important. Read more.
Jun 18, 2024 |
Open Source Security Foundation Launches âWhatâs in the SOSS?â Podcast
The Open Source Security Foundation (OpenSSF) has launched a new podcast titled âWhatâs in the SOSS?â With biweekly episodes, the series explores the world of secure open source software, delivering insights from industry leaders and innovators. Read more.
Jun 17, 2024 |
In Blog
July in NYC: Join Us at the United Nationsâ (UNâs) OSPOs for Good 2024 Conference & the âWhatâs Next for Open Source?â Event
OpenSSF is excited to participate in two major events happening in July in New York City (NYC) that are dedicated to promoting open source as a tool for global cooperation and sustainable development. These events will bring together a diverse group of global open source leaders, policymakers, and innovators. Read more.
Jun 14, 2024 |
In Blog
OpenSSF GUAC Tech Talk Highlights
Last week, the community convened for the OpenSSF Tech Talk, spotlighting GUAC (Graph for Understanding Artifact Composition). Read more.
Jun 11, 2024 |
Ubuntu Security Notices Now Available in OSV
In today's rapidly evolving open source ecosystem, managing vulnerabilities efficiently is crucial. That's why we're excited to share that Canonical is now issuing Ubuntu Security Notices (USNs) in the open source OSV format. This collaboration aims to simplify vulnerability management and enhance security for our users. Read more.
Jun 4, 2024 |
OpenSSF Case Study: Enhancing Open Source Security with Sigstore at Stacklok
Stacklok was founded in 2023 by Craig McLuckie (co-creator of Kubernetes) and Luke Hinds (creator of the OpenSSF project Sigstore), with the goal of helping developers produce and consume open source software more safely. Read more.
Jun 3, 2024 |
In Blog
Final Call: Submit your Technical Initiatives (TI) Funding Request by June 7th, 2024
We are excited to announce that another round of Technical Initiative (TI) funding is coming to a close with the mid-June window mentioned in the blog: How OpenSSF Technical Initiatives Can Receive Strategic Funding. Read more.