Skip to main content

šŸ“© Stay Updated! Follow us on LinkedIn and join our mailing list for the latest news!

OpenSSF Software Security Awareness Survey

May 17, 2023 | OpenSSF

In Blog

We Want to Hear from You: Take the OpenSSF Software Security Awareness Survey

OpenSSF, in collaboration with Linux Foundation Research, recently launched a new survey to better understand OpenSSF Software Security Awareness. Please take the survey today to share your feedback about our initiatives and how we can improve. We want to hear from you! Read more.

May 10, 2023 | OpenSSF

OpenSSF Welcomes New Members, Veteran Cybersecurity Expert as General Manager, and New Funding

The Open Source Security Foundation (OpenSSF) welcomes four new members from leading technology firms: Hitachi, Lockheed Martin, Salesforce, and SAP. The OpenSSF also welcomes new General Manager, Omkhar Arasaratnam, veteran cybersecurity and technical risk management executive. Plus Microsoft and Google commit $5 million in continued funding for Alpha-Omega. Read more.
Open Source Summit North America 2023

May 4, 2023 | jbly

In Blog

Sessions You Wonā€™t Want to Miss at Open Source Summit and OpenSSF Day NA

Open Source Summit North America in Vancouver, Canada is only one week away! Open Source Summit is the premier event for open source developers, technologists, and community leaders to collaborate and further open source innovation, ensuring a sustainable open source ecosystem. During Open Source Summit, we will also be hosting… Read more.

May 3, 2023 | OpenSSF

How I Got Involved with the OpenSSF

Letā€™s get it out of the way early: itā€™s not always clear how you can best plug into organizations like OpenSSF. Thatā€™s why Iā€™m writing this guest blog post as an ā€œoutsider.ā€ Iā€™m just your average tech employee who has become progressively more involved since my company, Sonatype, became members… Read more.
OpenSSF OSV Schema

May 2, 2023 | jbly

In Blog

Getting to know the Open Source Vulnerability (OSV) format

To keep the modern technological world of open source software safe, it is critical to efficiently and accurately communicate information about open source vulnerabilities. The OSV Schema, created through the collaboration between OpenSSF members and housed within the Vulnerability Disclosures Working Group, provides a minimal, easy-to-use first class JSON format… Read more.
OSS Meetup Tokyo Japan

Apr 26, 2023 | OpenSSF

In Blog

Join Us at the OSS Security Meetup in Tokyo, Japan

We are very excited to announce that our second OSS Security Meetup in Japan will be held at Cybozu Tokyo Office on June 2nd in Tokyo, hosted by Open Source Security Foundation (OpenSSF) Members. Read more.
OpenSSF TAC and SCIR 2023

Apr 26, 2023 | jbly

In Blog

OpenSSF Seats New Technical Advisory Council and Security Community Individual Representative

We are excited to announce the composition of 2023 Technical Advisory Council (TAC) and Security Community Individual Representative (SCIR) on the Governing Board of the OpenSSF. The 2023 TAC includes elected members: Aeva Black from Microsoft, Bob Callaway from Google, Dan Lorenc from Chainguard, Dustin Ingram from Google and appointed… Read more.
OpenSSF SLSA 1.0 Release

Apr 19, 2023 | OpenSSF

OpenSSF Announces SLSA Version 1.0 Release

The Open Source Security Foundation (OpenSSF) is proud to announce the release of version 1.0 of Supply-chain Levels for Software Artifacts (SLSA). SLSA is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. The stable release of the SLSA 1.0 Build Track lowers… Read more.
Distinguish between source and vendor

Apr 17, 2023 | David Wheeler

Distinguish between source and vendor

Itā€™s important to distinguish the term ā€œsourceā€ (any source of a good or service) from the term ā€œvendorā€ (a source who is paid and has a contractual relationship), especially when discussing software. Hereā€™s why. Read more.
Assessing Product Risk Using SBOMs and OpenSSF Scorecard

Apr 14, 2023 | OpenSSF

Assessing Product Risk Using SBOMs and OpenSSF ScorecardĀ 

The use of SBOMs is becoming increasingly essential in managing software supply chains. The main consumption use case is for evaluating dependencies known-vulnerabilities risk, by mapping the dependencies listed in the SBOM to CVEs. In this blog post, we propose using SBOMs alongside OpenSSF Scorecard to evaluate a product's risk. Read more.