Skip to main content

📣 Submit your proposal: OpenSSF Community Day Korea | Open Source SecurityCon

OpenSSF Blog

Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.

OpenSSF Board Member Spotlight - Brian Fox, Sonatype

Apr 12, 2023 | jbly

In Blog

Spotlight on OpenSSF Board Member: Brian Fox, Co-Founder and CTO, Sonatype

Join us for a conversation with OpenSSF Board Member, Brian Fox. In this series, we are shining the spotlight on individuals who play a pivotal leadership role in setting the course for how we secure the open source software supply chain. Read more.
SBOMs So Far So Good So What

Apr 6, 2023 | OpenSSF

SBOMs, So Far, So Good, So What?

We’ve been discussing the creation of SBOMs for over ten years, but has it gotten us any closer to hardening our software development practices? SBOMs provide critical supply chain data, but we are simply not using the data to drive our supply chain decisions. Requiring SBOM generation alone is not… Read more.
OpenSSF Best Practices Working Group

Apr 5, 2023 | OpenSSF

In Blog

OpenSSF Best Practices Working Group Provides Security Guidance and Tools for Open Source Developers

The goal of the Best Practices Working Group is to provide open source developers with recommendations on best practices around development and security. This working group focuses on providing developers with guidance and tools in order with an easy way to learn and apply them and has been part of… Read more.
Taking the pulse of leading software repositories’ security

Apr 4, 2023 | OpenSSF

In Blog

Taking the Pulse of Leading Software Repositories’ Security

Each software repository faces a challenging task to protect producers and consumers of open-source software. They must defend against a variety of threats, juggling a complex menu of options to harden their systems and procedures against attackers. The OpenSSF Securing Software Repository Working Group (SSR WG) last year surveyed the… Read more.
Clarifying Sigstore Terms of Use

Mar 30, 2023 | OpenSSF

Clarifying Sigstore Terms of Use

The primary activity for The Linux Foundation projects is open collaboration on technical challenges that deliver tangible improvements for developers, companies, industries, and society at large. The focus we’ve always taken is on open source code as a starting point for truly great outcomes that improve the technologies we -… Read more.
OpenSSF Day NA Agenda Live

Mar 29, 2023 | jbly

In Blog

OpenSSF Day North America Agenda Now Live

The OpenSSF Day North America agenda is now live! We will be hosting a full day of interesting session presentations, panels, and lightning talks on May 10th during Open Source Summit North America in Vancouver, Canada. Plan to join us to discuss the latest and greatest in ongoing efforts to… Read more.
Role of Foundations in Securing OSS

Mar 28, 2023 | OpenSSF

The Role of Foundations in Securing OSS

Security used to be something of an afterthought in software development. Security was clunky or inconvenient, often because it was a ‘bolt-on’. That has rapidly changed over the last two years. Now, the world has finally realised that security needs to be ‘baked-in’, not ‘bolted-on’. Meaningful and impactful improvements can be… Read more.
OpenSSF SBOM Everywhere Python SPDX-Tools

Mar 27, 2023 | OpenSSF

In Blog

SBOM Everywhere Update and Python SPDX-Tools

SBOM Everywhere is a Special Interest Group (SIG) within the Security Tooling Working Group of the OpenSSF. In September we funded work on the SPDX Python library and are now happy to report the recent 0.7.0 release of the Python SPDX-Tools package, which is available to download on GitHub and… Read more.
OpenSSF Town Hall March 2023

Mar 22, 2023 | jbly

In Blog

Improving Open Source Security through Collaboration: March 2023 OpenSSF Town Hall Highlights

Thanks to everyone who attended our recent Town Hall on March 16th where we gave an update on initiatives at the OpenSSF, shared presentations about various initiatives at the OpenSSF, and participants had an opportunity to ask questions to panelists. If you were unable to attend, here are a few… Read more.
OpenSSF Scorecard Case Study IBM

Mar 20, 2023 | OpenSSF

Improving Supply Chain Security: IBM as a user and a contributor to Open Source Security Foundation Scorecard

Scorecard is becoming a key part of IBM’s review and curation of the open-source software in our products and services. IBM is committed to helping address the systemic security issues in modern SW supply chains and believes an important part of this effort is to help the open-source ecosystem improve… Read more.