Skip to main content

📣 Submit your proposal: OpenSSF Community Day Korea | Open Source SecurityCon

OpenSSF Blog

Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.

Tokyo_CFP_2023

Aug 28, 2023 | OpenSSF

In Blog

Submit to Speak at OpenSSF Day Japan

We are pleased to announce that OpenSSF Day Japan will be taking place on December 4, 2023 at the Ariake Central Tower Hall & Conference, colocated with Open Source Summit Japan in Tokyo, Japan. Registration is now open, and you are invited to submit your talk to the call for… Read more.

Aug 28, 2023 | OpenSSF

In Blog

OpenSSF Scorecard Launches v4.12 with Support for GitLab

Today, we are excited to announce OpenSSF Scorecard v4.12. This release adds support for GitLab and brings the project closer to its longer-term goal of supporting all types of hosted repositories. Previously, Scorecard has been limited to GitHub-based repositories along with some support for local Git repositories.  Read more.
Security Green Lock Black Background

Aug 25, 2023 | OpenSSF

In Blog

What You Need to Know About the US Federal Government’s RFI on Open Source Software Security

The US Federal Government's recent Request for Information (RFI) on Open Source Software Security (announced by the US White House) is a noteworthy development for open source software (OSS). This RFI originated from the Open-Source Software Security Initiative (OS3I) interagency working group created to improve OSS security. This blog post… Read more.
OpenSSF Open Source Consumption Manifesto

Aug 24, 2023 | OpenSSF

In Blog

Join Us in Adopting the Open Source Consumption Manifesto

By adopting a few common principles, software organizations can achieve real, measurable change in the security and health of their software supply chains. You are invited to adopt the new Open Source Consumption Manifesto (OSCM) developed by the OpenSSF’s End Users Working Group and to sign the Manifesto by adding… Read more.
Rising Threat of Software Supply Chain Attacks

Aug 18, 2023 | OpenSSF

The Rising Threat of Software Supply Chain Attacks: Managing Dependencies of Open Source Projects

If you're not using automation to monitor the security risks from your dependency tree, chances are your project is vulnerable. Although these vulnerabilities may not be malicious, they can still allow malicious actors to target your users or their data. Read more.

Aug 9, 2023 | OpenSSF

OpenSSF to Support DARPA on New AI Cyber Challenge (AIxCC)

The Open Source Security Foundation (OpenSSF) announced today at Black Hat 2023 its collaboration with the Defense Advanced Research Projects Agency (DARPA) on the AI Cyber Challenge (AIxCC) – a two-year competition aimed at driving innovation at the nexus of AI and cybersecurity to create a new generation of cybersecurity… Read more.
OpenSSF Criticality Score

Jul 28, 2023 | OpenSSF

Understanding and Applying the OpenSSF Criticality Score in Open Source Projects

At Open Source Summit North America earlier this year as a 10th grader, Nathan Naveen, gave a talk about OpenSSF Criticality Score. Nathan takes a look at why understanding tools like the Criticality Score is a valuable skill for anyone involved in open source contributions, no matter your age. Read more.
OpenSSF Vulnerability Disclosures Working Group

Jul 27, 2023 | OpenSSF

In Blog

OpenSSF Vulnerability Disclosures Working Group Helps Guide and Automate Handling Risk

The OpenSSF Vulnerability Disclosures Working Group aims to improve open source security by developing and advocating well-managed vulnerability reporting and communication. We do so by documenting and supporting best vulnerability disclosure and coordination practices and help share information on vulnerability information. The group is highly involved with the ecosystem and… Read more.
Manage how you protect your assets at scale with SBOMs

Jul 21, 2023 | OpenSSF

Manage how you protect your assets at scale with SBOMs

While many in the industry realize the value of having a software bill of materials, creators still need to generate high-fidelity SBOMs, and software consumers must ingest and enforce actions based on a given SBOM for it to be a useful endeavor. Otherwise, we’re just adding more to the pile… Read more.
OpenSSF Fuzz Introspector

Jul 20, 2023 | OpenSSF

Fuzz Introspector: optimizing fuzzing workflows

Fuzz Introspector is an open source tool that at its core provides insights and suggestions for improvements on how a given project is being fuzzed. In this blog post we present background information and updates on Fuzz Introspector, which is developed in a collaboration between OpenSSF and Google’s OSS-Fuzz. Read more.