Skip to main content
OpenSSF Day NA Agenda Live

Mar 29, 2023 | Jennifer Bly

In Blog

OpenSSF Day North America Agenda Now Live

The OpenSSF Day North America agenda is now live! We will be hosting a full day of interesting session presentations, panels, and lightning talks on May 10th during Open Source Summit North America in Vancouver, Canada. Plan to join us to discuss the latest and greatest in ongoing efforts to… Read more.
Role of Foundations in Securing OSS

Mar 28, 2023 | OpenSSF

In Blog

The Role of Foundations in Securing OSS

Security used to be something of an afterthought in software development. Security was clunky or inconvenient, often because it was a ‘bolt-on’. That has rapidly changed over the last two years. Now, the world has finally realised that security needs to be ‘baked-in’, not ‘bolted-on’. Meaningful and impactful improvements can be… Read more.
OpenSSF SBOM Everywhere Python SPDX-Tools

Mar 27, 2023 | OpenSSF

In Blog

SBOM Everywhere Update and Python SPDX-Tools

SBOM Everywhere is a Special Interest Group (SIG) within the Security Tooling Working Group of the OpenSSF. In September we funded work on the SPDX Python library and are now happy to report the recent 0.7.0 release of the Python SPDX-Tools package, which is available to download on GitHub and… Read more.
OpenSSF Town Hall March 2023

Mar 22, 2023 | Jennifer Bly

In Blog

Improving Open Source Security through Collaboration: March 2023 OpenSSF Town Hall Highlights

Thanks to everyone who attended our recent Town Hall on March 16th where we gave an update on initiatives at the OpenSSF, shared presentations about various initiatives at the OpenSSF, and participants had an opportunity to ask questions to panelists. If you were unable to attend, here are a few… Read more.
OpenSSF Scorecard Case Study IBM

Mar 20, 2023 | OpenSSF

In Blog

Improving Supply Chain Security: IBM as a user and a contributor to Open Source Security Foundation Scorecard

Scorecard is becoming a key part of IBM’s review and curation of the open-source software in our products and services. IBM is committed to helping address the systemic security issues in modern SW supply chains and believes an important part of this effort is to help the open-source ecosystem improve… Read more.
SLSA Survey

Mar 15, 2023 | OpenSSF

In Blog

New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security

Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software professionals view these practices as useful or not? Easy or hard? To help answer these and related questions, Chainguard, the… Read more.
OpenSSF SLSA 1.0 Release Candidate

Mar 9, 2023 | OpenSSF

In Blog

Draft Version 1.0 of SLSA Open for Comments

Supply-chain Levels for Software Artifacts (SLSA, pronounced “salsa”) is an OpenSSF project that provides specifications for software supply chain security, established by industry consensus. SLSA’s framework is organized into a series of levels that describe increasing security rigor. Version 0.1 of the SLSA specification has been out for some time.… Read more.
Open Source Policy Network

Mar 8, 2023 | OpenSSF

In Blog

Why Open Source is Infrastructure, and Why it Matters

A new report by the Atlantic Council’s Cyber Statecraft Initiative helps draw light on the question on what "open source as infrastructure" really means, and why it matters: Avoiding the success trap: Toward policy for open-source software as infrastructure. Read more.
OpenSSF Welcomes New Members March 2023

Mar 7, 2023 | OpenSSF

OpenSSF Membership Growth Signals Technical Communities’ Continued Commitment to Investing in Security

The Open Source Security Foundation (OpenSSF) welcomes eight new members from leading technology firms. The total number of OpenSSF members is currently over 100 and organization membership saw an 88% growth in 2022 from a variety of different sectors. New OpenSSF general member commitments include those from Amesto Fortytwo, Code… Read more.

Mar 2, 2023 | John Speed Meyers

In Blog

How to Make High-Quality SBOMs

The widespread use of software bill of materials (SBOMs) arguably depends on SBOM quality—that SBOMs contain sufficient and accurate information for the intended user to achieve their goals. But, until recently, it has been difficult to measure SBOM quality. New SBOM quality tools, a new SBOM dataset, and new SBOM… Read more.