Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Deprecated: Invalid characters passed for attempted conversion, these have been ignored in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 455
Warning: Undefined variable $tag_slugs in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 547
Warning: Undefined variable $author_id in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 805
Dec 20, 2023 |
OpenVEX and Open Source Vulnerability Scanners: How the Dynamic Duo Improves Vulnerability Management
Open source vulnerability scanners now increasingly support OpenVEX, helping open source users reduce the pain of managing vulnerabilities and the burden of false positives. These new integrations with OpenVEX can provide rich context on vulnerabilities in a piece of software, ensuring better scanner results such as a reduced false positive… Read more.
Dec 19, 2023 |
In Blog
Deconstructing the AI Cyber Challenge (AIxCC)
The AI Cyber Challenge (AIxCC) is structured around two tracks and multiple competitions and events. For a brief overview of AIxCC, watch the video: AI Cyber Challenge Streaming Event. Check out the announcements and challenge information here. Read more.
Dec 19, 2023 |
In Blog
What’s Next in Open Source Security?
As we step into the year 2024, the OpenSSF envisions a year marked by transformative growth, heightened resilience, and new opportunities for individuals and organizations contributing to the flourishing ecosystem of open source software. While our recently released 2023 Annual Report highlighted some accomplishments of the OpenSSF, for a touch… Read more.
Dec 18, 2023 |
In Blog
2023 Year in Review: OpenSSF Publishes Annual Report
We are a thriving, diverse, nonstop community. We’re pleased to share with you our annual report for this year, which highlights our many accomplishments throughout 2023 and our plans for the future. Read more.
Dec 16, 2023 |
OpenSSF Expands Support for AI Cyber Challenge (AIxCC)
In August 2023, OpenSSF announced our partnership with DARPA, to support the AI Cyber Challenge (AIxCC). We set up a generative AI and autonomy for cybersecurity (GaiaCS) project to support our partnership activities and today, we are excited to announce that OpenSSF has brought on board Will Pearce and Nick… Read more.
Dec 15, 2023 |
In Blog
Strengthening Cybersecurity: NSA and ESF Partners Advocate Open Source Software Security with SBOM Emphasis
In a collective effort to fortify cybersecurity practices and safeguard the software supply chain, the US National Security Agency (NSA), in collaboration with the Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners, has released a comprehensive cybersecurity technical report (CTR).… Read more.
Dec 13, 2023 |
In Blog
Introducing SBOMit: Adding Verification to SBOMs
We’re happy to announce the launch of SBOMit – a tool to add in-toto attestations to SBOMs (Software Bills of Material). The SBOMit specification is a SBOM-format independent method for attesting components with additional verification information. Read more.
Dec 12, 2023 |
In Blog
OpenSSF End Users Working Group: Representing the Interests of Open Source Software Consumers
This month’s spotlight focuses on the OpenSSF End Users Working Group, which aims to ensure that the distinct and impactful voice of end users is heard in the development and delivery of the technical vision of The Open Source Security Foundation (OpenSSF). It represents the interests of public and private… Read more.
Dec 11, 2023 |
In Blog
OpenSSF Responds to the CISA RFC on Software Identification Ecosystem Analysis
The OpenSSF has submitted a response to the Software Identification Ecosystem Option Analysis by the US Cybersecurity and Infrastructure Security Agency (CISA). This comes in light of CISA's announcement regarding the publication of the "Software Identification Ecosystem Option Analysis," a white paper delving into options for software identification. Read more.
Dec 5, 2023 |
Finding And Fixing Bugs in Open Source Software at Scale with a Grant from Alpha-Omega
OpenRefactory is working alongside Alpha-Omega's principals to report security vulnerabilities at scale in open source projects. It works with the maintainers to get the vulnerabilities fixed. Read more.