Skip to main content
Open Source Software Security

Dec 28, 2022 | OpenSSF

In Blog

Engaging Policy Makers and the Ecosystem on Open Source Software Globally

Throughout 2022, the Linux Foundation and OpenSSF in particular have been at the heart of a number of important conversations concerning the open source software (OSS) community and sustainability of the ecosystem. A large part of our global engagement efforts have been focused on collaborating with leaders in the public… Read more.
OpenSSF Day Japan December 5

Dec 22, 2022 | OpenSSF

In Blog

Takeaways from OpenSSF Day Japan

On December 5th during Open Source Summit Japan, the Open Source Security Foundation (OpenSSF) hosted OpenSSF Day Japan 2022, a half-day event dedicated to exploring ongoing efforts to improve the security of open source software (OSS). Throughout the day, contributors and thought leaders shared their ideas and experiences with OSS… Read more.
Log4Shell Retrospective

Dec 15, 2022 | amartin

In Blog

Avoiding the Next Log4Shell: Learning from the Log4j Event, One Year Later

Log4Shell, a vulnerability in the widely-used open source Java logging library Log4j, was disclosed in December 2021, roughly two months after I took the helm of the Open Source Security Foundation (OpenSSF). As I said back then, open source software (OSS) foundations must work together to prevent the next Log4Shell… Read more.
Alpha-Omega First Year in Review

Dec 14, 2022 | OpenSSF

Alpha-Omega Project First Year In Review, Plus New Funding Pledge

Alpha-Omega is an OpenSSF project, established in February 2022, with a mission to protect society by improving the security of open source software through direct maintainer engagement and expert analysis, trying to build a world where critical open source projects are secure and that security vulnerabilities are found and fixed… Read more.
Comparing Approaches to Measuring Criticality and Risk at the OpenSSF

Dec 8, 2022 | OpenSSF

In Blog

Apples and apples? Comparing Approaches to Measuring Criticality and Risk at the OpenSSF

Presenting a comparative study of the different approaches used to measure criticality and risk by a set of OpenSSF projects. Criticality is the measure of how important a package is across the global software ecosystem based on how many packages depend upon it. By combining criticality with the measure of… Read more.
OpenSSF - Welcome New Members - Q4 2022

Dec 4, 2022 | OpenSSF

OpenSSF Membership Exceeds 100 with Many New Members Dedicated to Securing Open Source Software

The Open Source Security Foundation (OpenSSF) announced many new members from leading technology firms in sectors that span software development, cybersecurity, data science, platform as a service, semiconductors, finance, think tanks, academics, and more, bringing the total number of OpenSSF members over one hundred. Read more.
Developing Secure Software Training Course Japanese Enroll Today

Dec 4, 2022 | OpenSSF

In Blog

Free OpenSSF Developing Secure Software Training Course Now Available in Japanese

The Linux Foundation Training & Certification team, in partnership with the Open Source Software Foundation (OpenSSF), are pleased to announce the launch of one of our post popular training courses translated into Japanese - Developing Secure Software (LFD121). Read more.
OpenSSF Day Japan

Dec 1, 2022 | jbly

In Blog

Join Us For OpenSSF Day at Open Source Summit Japan

After two successful OpenSSF Days this year at Open Source Summit North America and Europe, we’re excited for our third and final OpenSSF Day of 2022 at Open Source Summit Japan on Monday, December 5th in Yokohama and online. Read more.
Contributor Q&A with Christopher "CRob" Robinson, Director of Security Communications, Intel Corporation

Nov 22, 2022 | jbly

In Blog

Contributor Q&A with Christopher “CRob” Robinson, Director of Security Communications, Intel Corporation

Meet Christopher "CRob" Robinson, Director of Security Communications, Intel Corporation. Working Group (WG) & Special Interest Group (SIG) facilitator, Technical Advisory Council (TAC) member, Committee member (Governance, Public Policy), Project(s) individual contributor, and Goose-hat wearer Read more.
OpenSSF S2C2F

Nov 16, 2022 | OpenSSF

In Blog

OpenSSF Expands Supply Chain Integrity Efforts with S2C2F

A robust strategy around securing how developers consume and manage open source software (OSS) dependencies when building software is essential. The Secure Supply Chain Consumption Framework (S2C2F) is a consumption-focused/consumer-focused framework that uses a threat-based, risk-reduction approach to mitigate real world threats in Open Source Software (OSS). Today, we are… Read more.