Are you an OpenSSF contributor with insights on open source security? Write a guest post for our blog and share your expertise with the community!
OpenSSF Blog
May 4, 2023 |
In Blog
Sessions You Wonāt Want to Miss at Open Source Summit and OpenSSF Day NA
Open Source Summit North America in Vancouver, Canada is only one week away! Open Source Summit is the premier event for open source developers, technologists, and community leaders to collaborate and further open source innovation, ensuring a sustainable open source ecosystem. During Open Source Summit, we will also be hosting… Read more.
May 3, 2023 |
How I Got Involved with the OpenSSF
Letās get it out of the way early: itās not always clear how you can best plug into organizations like OpenSSF. Thatās why Iām writing this guest blog post as an āoutsider.ā Iām just your average tech employee who has become progressively more involved since my company, Sonatype, became members… Read more.
May 2, 2023 |
In Blog
Getting to know the Open Source Vulnerability (OSV) format
To keep the modern technological world of open source software safe, it is critical to efficiently and accurately communicate information about open source vulnerabilities. The OSV Schema, created through the collaboration between OpenSSF members and housed within the Vulnerability Disclosures Working Group, provides a minimal, easy-to-use first class JSON format… Read more.
Apr 26, 2023 |
In Blog
Join Us at the OSS Security Meetup in Tokyo, Japan
We are very excited to announce that our second OSS Security Meetup in Japan will be held at Cybozu Tokyo Office on June 2nd in Tokyo, hosted by Open Source Security Foundation (OpenSSF) Members. Read more.
Apr 26, 2023 |
In Blog
OpenSSF Seats New Technical Advisory Council and Security Community Individual Representative
We are excited to announce the composition of 2023 Technical Advisory Council (TAC) and Security Community Individual Representative (SCIR) on the Governing Board of the OpenSSF. The 2023 TAC includes elected members: Aeva Black from Microsoft, Bob Callaway from Google, Dan Lorenc from Chainguard, Dustin Ingram from Google and appointed… Read more.
Apr 19, 2023 |
OpenSSF Announces SLSA Version 1.0 Release
The Open Source Security Foundation (OpenSSF) is proud to announce the release of version 1.0 of Supply-chain Levels for Software Artifacts (SLSA). SLSA is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. The stable release of the SLSA 1.0 Build Track lowers… Read more.
Apr 17, 2023 |
Distinguish between source and vendor
Itās important to distinguish the term āsourceā (any source of a good or service) from the term āvendorā (a source who is paid and has a contractual relationship), especially when discussing software. Hereās why. Read more.
Apr 14, 2023 |
Assessing Product Risk Using SBOMs and OpenSSF ScorecardĀ
The use of SBOMs is becoming increasingly essential in managing software supply chains. The main consumption use case is for evaluating dependencies known-vulnerabilities risk, by mapping the dependencies listed in the SBOM to CVEs. In this blog post, we propose using SBOMs alongside OpenSSF Scorecard to evaluate a product's risk. Read more.
Apr 12, 2023 |
In Blog
Spotlight on OpenSSF Board Member: Brian Fox, Co-Founder and CTO, Sonatype
Join us for a conversation with OpenSSF Board Member, Brian Fox. In this series, we are shining the spotlight on individuals who play a pivotal leadership role in setting the course for how we secure the open source software supply chain. Read more.
Apr 6, 2023 |
SBOMs, So Far, So Good, So What?
Weāve been discussing the creation of SBOMs for over ten years, but has it gotten us any closer to hardening our software development practices? SBOMs provide critical supply chain data, but we are simply not using the data to drive our supply chain decisions. Requiring SBOM generation alone is not… Read more.