Skip to main content

Jun 20, 2022 | amartin

OpenSSF Funds Python and Eclipse Foundations and Acquires SOS.dev through Alpha-Omega Project

As part of the OpenSSF’s continued investment in critical open-source projects, we are pleased to announce that the OpenSSF’s Alpha-Omega Project has committed to $800,000 in funding split equally among the Python Software Foundation (PSF) and the Eclipse Foundation to fund critical security roles. We are also happy to announce… Read more.

Jun 9, 2022 | OpenSSF

In Blog

Introducing Fuzz Introspector, an OpenSSF Tool to Improve Fuzzing Coverage

We are excited to announce an initial release of Fuzz Introspector, a collaborative effort from OpenSSF members, that provides actionable insights for developers to identify fuzzing coverage blockers by analyzing functions, static call graphs, and runtime coverage information. Resolving these blockers will help unlock improved fuzzing coverage, resulting in more… Read more.

May 11, 2022 | OpenSSF

In Blog

Testimony to the US House Committee on Science and Technology

We’re pleased to share that Brian Behlendorf, OpenSSF General Manager, testified to the United States House of Representatives Committee on Science, Space, and Technology today. Brian's testimony shares the work being done within the Open Source Security Foundation and broader open source software community to improve security and trustworthiness of… Read more.

Apr 28, 2022 | OpenSSF

In Blog

Introducing Package Analysis: Scanning open source packages for malicious behavior

By Caleb Brown and David A. Wheeler, on behalf of Securing Critical Projects Working Group Today we're pleased to announce the initial prototype version of the Package Analysis project, an OpenSSF project addressing the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis,… Read more.

Apr 19, 2022 | OpenSSF

In Blog

Your Favorite Software Repositories, Now Working Together

Authors: Dustin Ingram (Google), Jacques Chester (Shopify) A software repository is a critical component of any open source ecosystem: it provides a trusted central channel to publish, store and distribute open-source third-party software to all consumers. Package indexes and package managers exist for almost every software ecosystem, and share many… Read more.

Apr 18, 2022 | amartin

OpenSSF Selects Node.js as Initial Project to Improve Supply Chain Security

Authors: Brian Behlendorf, OpenSSF, and Robin Bender Ginn, OpenJS Foundation Today, we’re excited to announce that Node.js is the first open source community to be supported by OpenSSF's Alpha-Omega Project. Alpha-Omega is committing $300k to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022, with… Read more.

Mar 30, 2022 | OpenSSF

In Blog

Free Developing Secure Software Training Course From OpenSSF Now Available

Log4Shell, SolarWinds Compromise, Heartbleed – cybersecurity breaches have become household names in recent years. These issues are costing organizations billions of dollars in prevention and remediation costs, yet at the same time they are becoming ever more common. Reacting to breaches after the fact is useful, but not enough; such… Read more.

Mar 17, 2022 | amartin

In Blog

Open Source is Global, So OpenSSF Must Be Too

There was once a time when we marveled at the global nature of the open source user and contributor community, when it was a thrill to get a question or patch from an address ending in .nz or .jp or .cl., or to hear about your software running at the… Read more.

Feb 2, 2022 | OpenSSF

OpenSSF Webinar: Introduction to Project Alpha-Omega

We've scheduled a webinar on February 16, 2022 at 10:00 AM US/Pacific time for anyone who wants to learn more about Project Alpha-Omega and registration is now open! Hear from Brian Behlendorf (OpenSSF GM), David A. Wheeler (OpenSSF Director of Security), and Alpha-Omega project leaders Michael Scovetta (Microsoft) and Michael… Read more.

Jan 19, 2022 | OpenSSF

In Blog

Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4

Authors: Best Practices Working Group, Laurent Simon (Google), Azeem Shaikh (Google), and Jose Palafox (GitHub) Today, two members of the Open Source Security Foundation, Google and GitHub, are partnering to release Scorecards V4, featuring a new GitHub Action, an added security check, and scaled up scans of the open source… Read more.