Sep 13, 2022 |
In Blog
Introducing New Concise Guides for Developing More Secure Software and Evaluating Open Source Software
In response to the growing concern around open source software development, OpenSSF’s Best Practices for Open Source Developers Working Group (WG) has been diligently working with concerned members and community groups on a couple of new guides for developers and consumers of open source. Read more.
Sep 13, 2022 |
Alpha-Omega Project Announces Over $1.5M in Grants to Critical Open Source Projects and New Omega Analysis Toolchain
As part of the OpenSSF’s continued investment in critical open-source projects, we are happy to announce new partnerships and tooling from the Alpha-Omega Project. Alpha-Omega will sponsor critical security work with a $460K grant to the Rust Foundation. This work expands on funding previously announced earlier this year, bringing our… Read more.
Sep 13, 2022 |
In Blog
Introducing the New OpenSSF End Users Working Group
OpenSSF is excited to announce its newest WG (Working Group), the End Users WG. This WG will focus on representing and addressing the challenges enterprises face when adopting (and using) different open-source technologies and products. Read more.
Sep 8, 2022 |
In Blog
Show Off Your Security Score: Announcing Scorecards Badges
We are excited to release new features from the Scorecards project, the OpenSSF tool that helps maintainers follow best security practices. The Scorecards GitHub Action now supports a REST API for quickly viewing project scores, and we’ve added one of our favorite new features: badges! We hope these additions will… Read more.
Sep 1, 2022 |
In Blog
npm Best Practices for the Supply-Chain
We are excited to announce the v1 release of the “npm Best Practices,” a new guide focused on dependency management and supply chain security for npm. This release is the result of the OpenSSF Best Practice Working Group. It is a critical step to help JavaScript and TypeScript developers reduce… Read more.
Aug 24, 2022 |
In Blog
Outcomes from Open Source Software Security Summit in Japan
On August 23rd, we at the OpenSSF and Linux Foundation Japan hosted the Open Source Security Summit Japan. We were joined by senior cybersecurity representatives from more than 20 leading Japanese firms. We convened to discuss open source software (OSS) security challenges, modern challenges to the global software supply chain,… Read more.
Aug 24, 2022 |
Capital One Joins Open Source Security Foundation
Capital One joins the Open Source Security Foundation (OpenSSF) as a premier member affirming its commitment to strengthening the open source software supply chain. OpenSSF is a cross-industry organization hosted at the Linux Foundation, designed to inspire and enable the community to secure the open source software we all depend… Read more.
Aug 22, 2022 |
In Blog
Upleveling Everybody to Secure the OSS Supply Chain – OpenSSF August Town Hall Highlights
The August OpenSSF Town Hall brought together the open source community to hear the latest and greatest about the work going on to secure the open source software supply chain. Both the Town Hall slide deck and event recording are available for you to view. Read more.
Aug 15, 2022 |
In Blog
Announcing OpenSSF Day at Open Source Summit Europe
We’re pleased to announce we will be hosting the second ever OpenSSF Day at Open Source Summit Europe on Tuesday, September 13th. This is your chance to find out what the OpenSSF community is doing to secure the open source ecosystem and how you can get involved. Read more.
Aug 11, 2022 |
In Blog
Secure Coding Practice – A Developer’s Learning Experience of Developing Secure Software Course
My learning experience taking the “DEVELOPING SECURE SOFTWARE (LFD121)” course was positive, and I immediately started applying these learnings in my work as a software architect and developer. Read more.