Dec 1, 2022 |
In Blog
Join Us For OpenSSF Day at Open Source Summit Japan
After two successful OpenSSF Days this year at Open Source Summit North America and Europe, we’re excited for our third and final OpenSSF Day of 2022 at Open Source Summit Japan on Monday, December 5th in Yokohama and online. Read more.
Nov 22, 2022 |
In Blog
Contributor Q&A with Christopher “CRob” Robinson, Director of Security Communications, Intel Corporation
Meet Christopher "CRob" Robinson, Director of Security Communications, Intel Corporation. Working Group (WG) & Special Interest Group (SIG) facilitator, Technical Advisory Council (TAC) member, Committee member (Governance, Public Policy), Project(s) individual contributor, and Goose-hat wearer Read more.
Nov 16, 2022 |
In Blog
OpenSSF Expands Supply Chain Integrity Efforts with S2C2F
A robust strategy around securing how developers consume and manage open source software (OSS) dependencies when building software is essential. The Secure Supply Chain Consumption Framework (S2C2F) is a consumption-focused/consumer-focused framework that uses a threat-based, risk-reduction approach to mitigate real world threats in Open Source Software (OSS). Today, we are… Read more.
Nov 15, 2022 |
In Blog
SigstoreCon Highlights
In the motor city, the community hosted the first-ever Sigstore event, SigstoreCon, in co-location with KubeCon + CloudNativeCon North America. Event highlights included the announcement of Sigstore general availability, an awards ceremony, engaging talks, and introduction of a Sigstore Landscape. If you missed out, the session recordings are now available. Read more.
Nov 9, 2022 |
In Blog
Meet a Maintainer: Naveen Srinivasan, Software Engineer, Endor Labs
Meet Naveen Srinivasan, Software Engineer, Endor Labs. Maintainers play a vital role in the OpenSSF. Naveen is a software engineer at Endor Labs. He was awarded the Google Open Source Peer Bonus Award in 2021 and 2022 for his contributions to Open Source Software (OSS). He maintains a few OSS… Read more.
Nov 1, 2022 |
In Blog
Meet a Maintainer: Luke Hinds, Security Engineering Lead, OCTO, Red Hat
Meet Luke Hinds, Security Engineering Lead, OCTO, Red Hat. Maintainers play a vital role in the OpenSSF and the Linux Foundation and we think you should get a chance to meet some of the amazing individuals powering open source software (OSS) security initiatives. Over the next few weeks we'll be… Read more.
Oct 25, 2022 |
Sigstore Announces General Availability at SigstoreCon
Today at SigstoreCon, the Sigstore community announced the general availability of its free software signing service giving open source communities access to production-grade stable services for artifact signing and verification. Sigstore provides a set of tools designed to improve supply chain security by making it easy to sign, verify and… Read more.
Oct 24, 2022 |
OpenSSF Project Alpha-Omega Invests in the OpenJS Foundation and jQuery to Help Secure the Consumer Web
Today, we’re excited to share that the Open Source Security Foundation (OpenSSF) Project Alpha-Omega is committing $350,000 to reduce potential security incidents for jQuery by helping modernize its consumers and its code. Read more.
Oct 20, 2022 |
In Blog
Report Finds OpenSSF Scorecards Are Highly Effective Measures to Assess Project Security
Projects adopting the practices set out by the OpenSSF in its Security Score, including adopting a dependency update tool that ensures rapid updating of vulnerable dependencies, will improve their project's security and the security of the open source projects that depend on them. Dependency management is critical, because Sonatype’s research… Read more.
Oct 19, 2022 |
In Blog
Contributor Q&A with Melba Lopez, STSM – Supply Chain Security, IBM
Meet Melba Lopez, STSM - Supply Chain Security, IBM. Contributors play an important role in the OpenSSF and the Linux Foundation, so we want to give you a chance to meet some of the amazing individuals in the open source software (OSS) security community. Over the next few weeks we’ll… Read more.