Skip to main content
OSS Meetup Tokyo Japan

Apr 26, 2023 | OpenSSF

In Blog

Join Us at the OSS Security Meetup in Tokyo, Japan

We are very excited to announce that our second OSS Security Meetup in Japan will be held at Cybozu Tokyo Office on June 2nd in Tokyo, hosted by Open Source Security Foundation (OpenSSF) Members. Read more.
OpenSSF TAC and SCIR 2023

Apr 26, 2023 | Jennifer Bly

In Blog

OpenSSF Seats New Technical Advisory Council and Security Community Individual Representative

We are excited to announce the composition of 2023 Technical Advisory Council (TAC) and Security Community Individual Representative (SCIR) on the Governing Board of the OpenSSF. The 2023 TAC includes elected members: Aeva Black from Microsoft, Bob Callaway from Google, Dan Lorenc from Chainguard, Dustin Ingram from Google and appointed… Read more.
OpenSSF SLSA 1.0 Release

Apr 19, 2023 | OpenSSF

OpenSSF Announces SLSA Version 1.0 Release

The Open Source Security Foundation (OpenSSF) is proud to announce the release of version 1.0 of Supply-chain Levels for Software Artifacts (SLSA). SLSA is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. The stable release of the SLSA 1.0 Build Track lowers… Read more.
Distinguish between source and vendor

Apr 17, 2023 | David Wheeler

In Blog

Distinguish between source and vendor

It’s important to distinguish the term “source” (any source of a good or service) from the term “vendor” (a source who is paid and has a contractual relationship), especially when discussing software. Here’s why. Read more.
Assessing Product Risk Using SBOMs and OpenSSF Scorecard

Apr 14, 2023 | OpenSSF

In Blog

Assessing Product Risk Using SBOMs and OpenSSF Scorecard 

The use of SBOMs is becoming increasingly essential in managing software supply chains. The main consumption use case is for evaluating dependencies known-vulnerabilities risk, by mapping the dependencies listed in the SBOM to CVEs. In this blog post, we propose using SBOMs alongside OpenSSF Scorecard to evaluate a product's risk. Read more.
OpenSSF Board Member Spotlight - Brian Fox, Sonatype

Apr 12, 2023 | Jennifer Bly

In Blog

Spotlight on OpenSSF Board Member: Brian Fox, Co-Founder and CTO, Sonatype

Join us for a conversation with OpenSSF Board Member, Brian Fox. In this series, we are shining the spotlight on individuals who play a pivotal leadership role in setting the course for how we secure the open source software supply chain. Read more.
SBOMs So Far So Good So What

Apr 6, 2023 | OpenSSF

In Blog

SBOMs, So Far, So Good, So What?

We’ve been discussing the creation of SBOMs for over ten years, but has it gotten us any closer to hardening our software development practices? SBOMs provide critical supply chain data, but we are simply not using the data to drive our supply chain decisions. Requiring SBOM generation alone is not… Read more.
OpenSSF Best Practices Working Group

Apr 5, 2023 | OpenSSF

In Blog

OpenSSF Best Practices Working Group Provides Security Guidance and Tools for Open Source Developers

The goal of the Best Practices Working Group is to provide open source developers with recommendations on best practices around development and security. This working group focuses on providing developers with guidance and tools in order with an easy way to learn and apply them and has been part of… Read more.
Taking the pulse of leading software repositories’ security

Apr 4, 2023 | OpenSSF

In Blog

Taking the Pulse of Leading Software Repositories’ Security

Each software repository faces a challenging task to protect producers and consumers of open-source software. They must defend against a variety of threats, juggling a complex menu of options to harden their systems and procedures against attackers. The OpenSSF Securing Software Repository Working Group (SSR WG) last year surveyed the… Read more.
Clarifying Sigstore Terms of Use

Mar 30, 2023 | OpenSSF

Clarifying Sigstore Terms of Use

The primary activity for The Linux Foundation projects is open collaboration on technical challenges that deliver tangible improvements for developers, companies, industries, and society at large. The focus we’ve always taken is on open source code as a starting point for truly great outcomes that improve the technologies we -… Read more.