Jan 25, 2023 |
In Blog
10 Sessions Not to Miss at CloudNativeSecurityCon
Next week we’re heading to the first ever standalone CloudNativeSecurityCon North America put on by the Cloud Native Computing Foundation (CNCF) in Seattle, WA that brings together application developers and security experts to propose solutions to security challenges, to explore cutting edge projects, and to discuss advances in modern security… Read more.
Jan 18, 2023 |
In Blog
Spotlight on OpenSSF Board Member: Tracy Ragan, CEO, DeployHub
Join us for a conversation with OpenSSF Board Member, Tracy Ragan. In this new series, we are shining the spotlight on individuals who play a pivotal leadership role in setting the course for how we secure the open source software supply chain. Read more.
Dec 29, 2022 |
In Blog
OpenSSF Year in Review
The OpenSSF is a thriving, diverse, nonstop community. Across more than 30 different active software projects and other technical initiatives, we’ve been able to have the kind of reach and impact we need to put a dent in the global software security challenges we all know are only getting more… Read more.
Dec 28, 2022 |
In Blog
Engaging Policy Makers and the Ecosystem on Open Source Software Globally
Throughout 2022, the Linux Foundation and OpenSSF in particular have been at the heart of a number of important conversations concerning the open source software (OSS) community and sustainability of the ecosystem. A large part of our global engagement efforts have been focused on collaborating with leaders in the public… Read more.
Dec 22, 2022 |
In Blog
Takeaways from OpenSSF Day Japan
On December 5th during Open Source Summit Japan, the Open Source Security Foundation (OpenSSF) hosted OpenSSF Day Japan 2022, a half-day event dedicated to exploring ongoing efforts to improve the security of open source software (OSS). Throughout the day, contributors and thought leaders shared their ideas and experiences with OSS… Read more.
Dec 15, 2022 |
In Blog
Avoiding the Next Log4Shell: Learning from the Log4j Event, One Year Later
Log4Shell, a vulnerability in the widely-used open source Java logging library Log4j, was disclosed in December 2021, roughly two months after I took the helm of the Open Source Security Foundation (OpenSSF). As I said back then, open source software (OSS) foundations must work together to prevent the next Log4Shell… Read more.
Dec 14, 2022 |
Alpha-Omega Project First Year In Review, Plus New Funding Pledge
Alpha-Omega is an OpenSSF project, established in February 2022, with a mission to protect society by improving the security of open source software through direct maintainer engagement and expert analysis, trying to build a world where critical open source projects are secure and that security vulnerabilities are found and fixed… Read more.
Dec 8, 2022 |
In Blog
Apples and apples? Comparing Approaches to Measuring Criticality and Risk at the OpenSSF
Presenting a comparative study of the different approaches used to measure criticality and risk by a set of OpenSSF projects. Criticality is the measure of how important a package is across the global software ecosystem based on how many packages depend upon it. By combining criticality with the measure of… Read more.
Dec 4, 2022 |
OpenSSF Membership Exceeds 100 with Many New Members Dedicated to Securing Open Source Software
The Open Source Security Foundation (OpenSSF) announced many new members from leading technology firms in sectors that span software development, cybersecurity, data science, platform as a service, semiconductors, finance, think tanks, academics, and more, bringing the total number of OpenSSF members over one hundred. Read more.
Dec 4, 2022 |
In Blog
Free OpenSSF Developing Secure Software Training Course Now Available in Japanese
The Linux Foundation Training & Certification team, in partnership with the Open Source Software Foundation (OpenSSF), are pleased to announce the launch of one of our post popular training courses translated into Japanese - Developing Secure Software (LFD121). Read more.