Skip to main content

OpenSSF Blog

Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.

Deprecated: Invalid characters passed for attempted conversion, these have been ignored in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 455 Warning: Undefined variable $tag_slugs in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 547 Warning: Undefined variable $author_id in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 805
OpenSSF supports oss-security and linux-distros mailing lists

Nov 14, 2023 | OpenSSF

In Blog

OpenSSF Supports oss-security and (linux-)distros Mailing Lists

As a part of the OpenSSF's mission to sustainably secure the development, maintenance and consumption of open source software, the OpenSSF earlier this year started to sponsor the operation of a critical piece of the community's infrastructure for communication.Ā  The oss-security and (linux)-distros mailing lists, which are operated by Openwall,… Read more.
How to Use Open Source to Help Comply with SCM Best Practices

Nov 9, 2023 | OpenSSF

How to Use Open Source to Help Comply with SCM Best Practices: A Tutorial on Combining OpenSSF Scorecard and Legitify

A few weeks ago, the OpenSSF Best Practices Working Group published the Source Code Management (SCM) Best Practices guide. This guide is the result of a collaboration of multiple leading security community members under the OpenSSF umbrella.Ā The SCM Best Practices guide provides a comprehensive set of recommendations for securing SCM… Read more.
OpenSSF ONCD RFI OSS Security Response

Nov 8, 2023 | OpenSSF

In Blog

OpenSSF Responds to US Federal Government RFI on Open Source Software Security

The OpenSSF has submitted a response to the Request For Information (RFI) on open source software (OSS) security and memory safe programming languages from the US White House Office of the National Cyber Director (ONCD) and its partners in the Open-Source Software Security Initiative (OS3I). We have thoroughly reviewed the… Read more.

Nov 6, 2023 | OpenSSF

Alpha-Omega Grant To Help Homebrew Reach SLSA Build Level 2

Alpha-Omega is pleased to announce a grant to the Homebrew project to enable Sigstore attestations and verification of Homebrew packages. When complete the project will allow organizations to securely verify the provenance of the toolchains on their workstations and in their build environments. This is a critical part of securing… Read more.
Industry Joint Statement on Article 45 in the EU eIDAS Regulation

Nov 2, 2023 | OpenSSF

In Blog

OpenSSF Co-Signs Industry Joint Statement on Article 45 in the EU’s eIDAS Regulation

The organizations that build and secure the Internet are concerned about proposed EU regulations that aim to mandate that all Web browsers recognize a new form of certificate for the purposes of authenticating websites. To support Mozilla’s position on eIDAS regulation and the organization’s multi-year effort to avert a potential… Read more.
Linux Foundation ISC2 OpenSSF Collaboration

Nov 2, 2023 | OpenSSF

Linux Foundation, ISC2 and OpenSSF Collaborate to Target Secure Code DevelopmentĀ 

Linux Foundation Training & Certification, ISC2, and Open Source Security Foundation (OpenSSF) today announced a new collaboration to empower the open source cybersecurity community through secure software development, knowledge sharing, education, certification and much more. Together, the three organizations will lead the way to secure software development and lifecycle management… Read more.
Safe, Secure, & Trustworthy AI Executive Order

Nov 1, 2023 | OpenSSF

In AI, Blog

US White House Executive Order on Safe, Secure, and Trustworthy AI

The Biden-Harris Administration issued a landmark Executive Order on developing Artificial Intelligence (AI), harnessing the power of AI responsibly, and managing the risks of AI. Executive Order 14110 directs actions for new standards on AI safety, security, privacy protection, equity and civil rights advancement, consumer and worker protection, and more. Read more.
750 million websites out of date

Nov 1, 2023 | OpenSSF

OpenJS Foundation Warns Consumer Privacy and Security at Risk in Three-Quarters of a Billion Websites

Global web infrastructure is in a precarious position based on new research by theĀ OpenJS FoundationĀ thanks to an OpenSSF grant. The OpenJS Foundation is announcing the results of an end-user audit based on an IDC survey that shows three-quarters of a billion websites are running out of date software, with most… Read more.
OpenSSF Identifying Security Threats WG

Oct 31, 2023 | OpenSSF

In Blog

OpenSSF Identifying Security Threats Working Group: Evaluating the Health of Open Source Projects

This month's spotlight is on the OpenSSF Identifying Security Threats Working Group, which recently released the first version of the Security Insights Specification. This Working Group is dedicated to equipping the community with tools and documents for assessing the health of open source projects using metrics and other supporting evidence. Read more.
Safeguarding Your Data

Oct 30, 2023 | OpenSSF

Safeguarding Your Data – How to Harden Your Systems

In our increasingly digitized world, data reigns supreme. Alongside traditional valuable information like customer records and bank details, data on interactions and activity has become more valuable to companies. As data has become critical, it is also more at risk from theft or attacks like ransomware. According to IBM, the… Read more.