Skip to main content

Aug 2, 2022 | jbly

In Blog

Get Up to Speed with OpenSSF at Next Virtual Town Hall

At the next virtual OpenSSF Town Hall you will get an in-depth tour of several key initiatives and find out how to get involved yourself in the exciting work of the OpenSSF. Read more.
Software Supply Chain Security Survey Header

Jul 26, 2022 | OpenSSF

In Blog

Take Survey to Help Improve Software Supply Chain Integrity Practices

A new survey by Chainguard in collaboration with the Eclipse Foundation, the Rust Foundation and OpenSSF aims to understand the software supply chain integrity practices of a broad range of software professionals. The goal of this survey is to learn more about how software professionals use and view key software… Read more.
OpenSSF Meetup in India July 28

Jul 22, 2022 | OpenSSF

In Blog

Join Us at the First OpenSSF Open Source Security Meetup in India

I’m very excited to present at the first ever Open Source Security Foundation (OpenSSF) meetup in India, next Thursday, July 28 in Bangalore, hosted by OpenSSF Premier Member, Wipro. Companies and governments are increasingly recognizing the need to prioritize their software supply chains and the role open source software (OSS) plays… Read more.
OpenSSF Logo Banner

Jul 20, 2022 | OpenSSF

In Blog

OpenSSF Supports Movements toward Multi-Factor Authentication

By: The OpenSSF Technical Advisory Council  On July 8th, 2022, the Python Package Index (PyPI) announced a security key giveaway for maintainers of critical projects, where “critical” is a label given to the top 1% of packages on PyPI by download count during the prior six months. The giveaway included… Read more.
Photo Collage from OpenSSF Day at Open Source Summit NA

Jul 19, 2022 | jbly

In Blog

OpenSSF Day Videos Now Available from Open Source Summit North America

The first ever OpenSSF Day at the Open Source Summit North America (OSS NA) was a big success. On June 20th, we gathered in Austin, Texas and online to understand how to solve some of the biggest security challenges in the open source industry, steps being taken, and what’s next.  Read more.
Security Audit Results for sigstore and slf4j

Jul 18, 2022 | OpenSSF

Results of Sigstore and slf4j Security Audits Including 1 High Risk Vulnerability Found and Fixed

We’re excited to report the results of two security audits, one for Sigstore and one for slf4j. The goal of security audits is to find vulnerabilities so they can be fixed before attackers exploit them, as well as to identify opportunities to harden a project’s implementation and processes to counter… Read more.
Securing Your Software Supply Chain with Sigstore Course

Jun 22, 2022 | David Wheeler

Free Training Course Teaches How to Secure a Software Supply Chain with Sigstore

To make it easier to use Sigstore’s toolkit to its full potential, OpenSSF and Linux Foundation Training & Certification released a free online training course, Securing Your Software Supply Chain with Sigstore (LFS182x), designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers,… Read more.
State of Open Source Report

Jun 21, 2022 | OpenSSF

In Blog

State of Open Source Security 2022 from Snyk & the Linux Foundation

Snyk has teamed up with the Linux Foundation to research and report on security concerns in the open source ecosystem. The 2022 State of Open Source Security report shows that many organizations still don’t have good policies and governance around open source security in spite of the popularity of open… Read more.
brian behlendorf episode untold stories of open source podcast

Jun 20, 2022 | jbly

In Blog

New Untold Stories of Open Source Podcast Features OpenSSF’s Brian Behlendorf on his Journey to Securing the FOSS Software Supply Chain

The Linux Foundation released a new podcast series, “The Untold Stories of Open Source.” Join us each week as we meet the people behind the code, discover their often unconventional journey to the world of open source, and learn the challenges they faced along the way. Read more.

Jun 20, 2022 | David Wheeler

In Blog

OpenSSF Makes Secure Software Development Training Available on Organizations’ Learning Management Systems

The free "Developing Secure Software" (LFD121) online training course is now available through SCORM Connect, so that organizations with their own SCORM-compliant Learning Management Systems (LMSs) can integrate the course into their own LMSs. Making this training that is available for free through Linux Foundation Training & Certification also accessible… Read more.