Apr 19, 2022 |
In Blog
Your Favorite Software Repositories, Now Working Together
Authors: Dustin Ingram (Google), Jacques Chester (Shopify) A software repository is a critical component of any open source ecosystem: it provides a trusted central channel to publish, store and distribute open-source third-party software to all consumers. Package indexes and package managers exist for almost every software ecosystem, and share many… Read more.
Apr 18, 2022 |
OpenSSF Selects Node.js as Initial Project to Improve Supply Chain Security
Authors: Brian Behlendorf, OpenSSF, and Robin Bender Ginn, OpenJS Foundation Today, we’re excited to announce that Node.js is the first open source community to be supported by OpenSSF's Alpha-Omega Project. Alpha-Omega is committing $300k to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022, with… Read more.
Mar 30, 2022 |
In Blog
Free Developing Secure Software Training Course From OpenSSF Now Available
Log4Shell, SolarWinds Compromise, Heartbleed – cybersecurity breaches have become household names in recent years. These issues are costing organizations billions of dollars in prevention and remediation costs, yet at the same time they are becoming ever more common. Reacting to breaches after the fact is useful, but not enough; such… Read more.
Mar 17, 2022 |
In Blog
Open Source is Global, So OpenSSF Must Be Too
There was once a time when we marveled at the global nature of the open source user and contributor community, when it was a thrill to get a question or patch from an address ending in .nz or .jp or .cl., or to hear about your software running at the… Read more.
Feb 2, 2022 |
OpenSSF Webinar: Introduction to Project Alpha-Omega
We've scheduled a webinar on February 16, 2022 at 10:00 AM US/Pacific time for anyone who wants to learn more about Project Alpha-Omega and registration is now open! Hear from Brian Behlendorf (OpenSSF GM), David A. Wheeler (OpenSSF Director of Security), and Alpha-Omega project leaders Michael Scovetta (Microsoft) and Michael… Read more.
Jan 19, 2022 |
In Blog
Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4
Authors: Best Practices Working Group, Laurent Simon (Google), Azeem Shaikh (Google), and Jose Palafox (GitHub) Today, two members of the Open Source Security Foundation, Google and GitHub, are partnering to release Scorecards V4, featuring a new GitHub Action, an added security check, and scaled up scans of the open source… Read more.
Jan 13, 2022 |
In Blog
The OpenSSF and the Linux Foundation Address Software Supply Chain Security Challenges at White House Summit
Today marks an important moment in the Linux Foundation’s history of engagement with public sector organizations. The White House convened an important cross-section of the Open Source developer and commercial ecosystem along with leaders and experts of many U.S. federal agencies to identify the challenges present in the open source… Read more.
Dec 16, 2021 |
In Blog
Open Source Foundations Must Work Together to Prevent the Next Log4Shell Scramble
As someone who has spent their entire career in open source software (OSS), the Log4Shell scramble (an industry-wide four-alarm-fire to address a serious vulnerability in the Apache Log4j package) is a humbling reminder of just how far we still have to go. OSS is now central to the functioning of… Read more.
Dec 10, 2021 |
In Blog
Securing Critical Open Source Projects with Multifactor Authentication
The Open Source Security Foundation (OpenSSF) Developer Best Practices Working Group has undertaken a project to improve the overall security and integrity of critical open source software projects and their supply chains. Dubbed “The Great MFA Distribution Project”, the group is putting hardware multi-factor authentication (MFA) tokens into the hands… Read more.
Nov 15, 2021 |
In Blog
November Town Hall Recording
On behalf of the OpenSSF community and staff, thank you to everyone who joined our quarterly town hall meeting today. If you weren't able to attend the live presentation, check out the recording below and let us know if you have any questions or want to get more involved with… Read more.