Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Deprecated: Invalid characters passed for attempted conversion, these have been ignored in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 455
Warning: Undefined variable $tag_slugs in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 547
Warning: Undefined variable $author_id in /code/wp-content/themes/salient-child/vc-addons/recent-posts-linux.php on line 805
Sep 14, 2023 |
In Blog
What You Need to Know About the Linux Foundation’s New Vulnerability Reporting Policy
The Linux Foundation introduces our new vulnerability disclosure policy, which clarifies how vulnerability reporters should connect with the Linux Foundation project maintainers who are able to resolve issues. Read more.
Sep 14, 2023 |
In Blog
OpenSSF Releases Source Code Management Best Practices Guide
We are excited to announce the release of the Source Code Management (SCM) Best Practices Guide by the Open Source Security Foundation (OpenSSF) Best Practices Working Group. This guide is a comprehensive resource dedicated to raising awareness and education for securing and implementing best practices for SCM platforms, including GitHub… Read more.
Sep 13, 2023 |
OpenSSF Gathers US Government and Industry Leaders at Secure Open Source Software Summit 2023
The OpenSSF brought together US Government (USG) officials from the National Security Council (NSC), Office of the National Cyber Director (ONCD), and the Cybersecurity and Infrastructure Security Agency (CISA) among others with industry leaders at the Secure Open Source Software (SOSS) Summit 2023. Participants at the Summit discussed the security… Read more.
Sep 12, 2023 |
In Blog
CISA’s Open Source Software Security Roadmap
We’re excited about the announcement of the US Cybersecurity and Infrastructure Security Agency (CISA)’s Open Source Software Security Roadmap. The Roadmap, released today, clearly articulates a risk assessment and implementation plan to help secure open source software (OSS) usage in the US Federal Government and private sector. Read more.
Sep 11, 2023 |
In Blog
Sessions Not to Miss at Open Source Summit and OpenSSF Day Europe
Open Source Summit Europe in Bilbao, Spain is only one week away! Join us as in-person or virtual attendee for both OpenSSF Day Europe and Open Source Summit Europe. Here are some sessions you won’t want to miss from both events. Read more.
Sep 8, 2023 |
In Blog
Behind the Scenes of the Alpha-Omega Summer Mentorship Program
The Alpha Omega Summer Mentorship Program recently wrapped up and was a resounding success. The program connected senior software security engineers with newcomers to open source, software development, and security research. Entry-level contributors had the opportunity to help accelerate Omega's mission under the guidance of experienced mentors. Get a behind-the-scenes… Read more.
Sep 7, 2023 |
VDR, VEX, OpenVEX and CSAF
Early adopters of SBOM have proposed new standards as well as updates to existing standards to specify the status of each vulnerability alongside the SBOM itself. In this context, existing practices such as VDR, CSAF, and emerging standards VEX and OpenVEX are playing a key role. Read more.
Sep 6, 2023 |
Strengthening Open Source Software: Best Practices for Enhanced Security
Securing the open source ecosystem isn't a passive act. It calls for proactive participation through regular code reviews, vulnerability assessments, or simply staying updated with the latest security protocols. Every user, every developer, and every enthusiast has a role to play. Read more.
Aug 31, 2023 |
In Blog
Introducing RSTUF, Repository Service for TUF
We’re thrilled to announce that RSTUF, Repository Service for TUF, has joined the OpenSSF as an OpenSSF Sandbox Project. This is a major step forward in ensuring we can improve secure content distribution. RSTUF helps address a major challenge: securing software repositories, particularly ensuring the integrity of software updates, is… Read more.
Aug 30, 2023 |
In Blog
OpenSSF Securing Software Repositories Working Group: Repositories, Registries, and Tools
The OpenSSF Securing Software Repositories Working Group focuses on the maintainers of software repositories, software registries, and the tools that rely on them. By repositories, we include all platforms where software is developed, including GitHub and other platforms. By registries, we include platforms such as package registries and other ways… Read more.