Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Mar 22, 2023 |
In Blog
Improving Open Source Security through Collaboration: March 2023 OpenSSF Town Hall Highlights
Thanks to everyone who attended our recent Town Hall on March 16th where we gave an update on initiatives at the OpenSSF, shared presentations about various initiatives at the OpenSSF, and participants had an opportunity to ask questions to panelists. If you were unable to attend, here are a few… Read more.
Mar 20, 2023 |
Improving Supply Chain Security: IBM as a user and a contributor to Open Source Security Foundation Scorecard
Scorecard is becoming a key part of IBMâs review and curation of the open-source software in our products and services. IBM is committed to helping address the systemic security issues in modern SW supply chains and believes an important part of this effort is to help the open-source ecosystem improve… Read more.
Mar 15, 2023 |
New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security
Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software professionals view these practices as useful or not? Easy or hard? To help answer these and related questions, Chainguard, the… Read more.
Mar 9, 2023 |
In Blog
Draft Version 1.0 of SLSA Open for Comments
Supply-chain Levels for Software Artifacts (SLSA, pronounced âsalsaâ) is an OpenSSF project that provides specifications for software supply chain security, established by industry consensus. SLSAâs framework is organized into a series of levels that describe increasing security rigor. Version 0.1 of the SLSA specification has been out for some time.… Read more.
Mar 8, 2023 |
Why Open Source is Infrastructure, and Why it Matters
A new report by the Atlantic Councilâs Cyber Statecraft Initiative helps draw light on the question on what "open source as infrastructure" really means, and why it matters: Avoiding the success trap: Toward policy for open-source software as infrastructure. Read more.
Mar 7, 2023 |
OpenSSF Membership Growth Signals Technical Communitiesâ Continued Commitment to Investing in Security
The Open Source Security Foundation (OpenSSF) welcomes eight new members from leading technology firms. The total number of OpenSSF members is currently over 100 and organization membership saw an 88% growth in 2022 from a variety of different sectors. New OpenSSF general member commitments include those from Amesto Fortytwo, Code… Read more.
Mar 2, 2023 |
How to Make High-Quality SBOMs
The widespread use of software bill of materials (SBOMs) arguably depends on SBOM qualityâthat SBOMs contain sufficient and accurate information for the intended user to achieve their goals. But, until recently, it has been difficult to measure SBOM quality. New SBOM quality tools, a new SBOM dataset, and new SBOM… Read more.
Feb 22, 2023 |
In Blog
See you at the next OpenSSF Town Hall on March 16th
Are you interested in addressing open source software (OSS) security risk? Software Bill of Materials (SBOMs)? Diversity, Equity, and Inclusion (DEI) in OSS security? If so, plan to join us at our next OpenSSF Town Hall on Thursday, March 16th at 10 AM US/Pacific Time. During this virtual town hall,… Read more.
Feb 21, 2023 |
In Blog
Inaugural OpenSSF Hong Kong Meetup on March 1
Weâre delighted to announce the first-ever Open Source Security Foundation (OpenSSF) Meetup in Hong Kong! Whether youâre a member of technical staff or a business executive, if you want to hear the latest on the pressing challenges and leading initiatives in OSS security â please join us. All are welcome. Read more.
Feb 17, 2023 |
In Blog
Congratulations to Newly Elected OpenSSF Governing Board Members
We are excited to welcome newly elected Governing Board members of the OpenSSF: Tracy Miranda from Chainguard, Duane O'Brien from Indeed, and Stephen Chin from JFrog. The OpenSSF Governing Board is responsible for overall management of the OpenSSF, including approving major decisions, managing the budget, and establishing advisory bodies or… Read more.