Oct 24, 2022 |
OpenSSF Project Alpha-Omega Invests in the OpenJS Foundation and jQuery to Help Secure the Consumer Web
Today, we’re excited to share that the Open Source Security Foundation (OpenSSF) Project Alpha-Omega is committing $350,000 to reduce potential security incidents for jQuery by helping modernize its consumers and its code. Read more.
Oct 20, 2022 |
In Blog
Report Finds OpenSSF Scorecards Are Highly Effective Measures to Assess Project Security
Projects adopting the practices set out by the OpenSSF in its Security Score, including adopting a dependency update tool that ensures rapid updating of vulnerable dependencies, will improve their project's security and the security of the open source projects that depend on them. Dependency management is critical, because Sonatype’s research… Read more.
Oct 19, 2022 |
In Blog
Contributor Q&A with Melba Lopez, STSM – Supply Chain Security, IBM
Meet Melba Lopez, STSM - Supply Chain Security, IBM. Contributors play an important role in the OpenSSF and the Linux Foundation, so we want to give you a chance to meet some of the amazing individuals in the open source software (OSS) security community. Over the next few weeks we’ll… Read more.
Oct 12, 2022 |
In Blog
Meet a Maintainer: Q&A with Priya Wadhwa, Software Engineer, Chainguard
Meet Priya Wadhwa, Software Engineer, Chainguard. Maintainers play a vital role in the OpenSSF and the Linux Foundation and we think you should get a chance to meet some of the amazing individuals powering open source software (OSS) security initiatives. Over the next few weeks we'll be featuring maintainers and… Read more.
Oct 11, 2022 |
In Blog
Securing Open Source Software is Securing Critical Infrastructure
Securing critical OSS components and infrastructure is an important part of securing critical infrastructure. When we consider open source critical infrastructure we must keep in mind that not all OSS is equally important, but some OSS (& its supporting infrastructure) are very critical. Several initiatives are underway at the OpenSSF… Read more.
Oct 10, 2022 |
OpenUK and OpenSSF Announce Open Source Security and Community Curation Event Schedule
Thought Leadership Day on open source, infrastructure, security and community curation on the 17th of October will bring together leading figures from international Open Source communities around security, and provide opportunities to discuss the challenges that exist around security and open source over time. Read more.
Oct 5, 2022 |
In Blog
New Meet a Maintainer Series: Q&A with Azeem Shaikh, Senior Software Engineer, Google
Meet Azeem Shaikh, Senior Software Engineer, Google. Maintainers play a vital role in the OpenSSF and the Linux Foundation and we think you should get a chance to meet some of the amazing individuals powering open source software (OSS) security initiatives. Over the next few weeks we’ll be featuring maintainers… Read more.
Sep 29, 2022 |
In Blog
How OSPOs Can Be a Key Lever for Open Source Sustainability and Security
A well-designed Open Source Program Office (OSPO), when present, is the center of competency for an organization’s open source operations and structure. Here are a dozen ways OSPOs can be a key lever for open source sustainability & security in your organizations. Read more.
Sep 28, 2022 |
In Blog
OpenSSF Day at Open Source Summit Europe Highlights
Along the River Liffey in Dublin, Ireland we hosted OpenSSF Day EU at the Open Source Summit Europe earlier this month where community members gathered together to discuss the challenges, big-picture solutions, ongoing work and successes in securing the open source software (OSS) supply chain. Read more.
Sep 27, 2022 |
In Blog
The United States Securing Open Source Software Act: What You Need to Know
The Securing Open Source Software Act is in response to the Log4Shell vulnerability discovered in late November 2021. What is the Securing Open Source Software Act about? On 21st September 2022, U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Senate Homeland Security and… Read more.