Skip to main content

Dec 19, 2023 | OpenSSF

In Blog

What’s Next in Open Source Security? 

As we step into the year 2024, the OpenSSF envisions a year marked by transformative growth, heightened resilience, and new opportunities for individuals and organizations contributing to the flourishing ecosystem of open source software. While our recently released 2023 Annual Report highlighted some accomplishments of the OpenSSF, for a touch… Read more.
2023year in review

Dec 18, 2023 | OpenSSF

In Blog

2023 Year in Review: OpenSSF Publishes Annual Report

We are a thriving, diverse, nonstop community. We’re pleased to share with you our annual report for this year, which highlights our many accomplishments throughout 2023 and our plans for the future. Read more.

Dec 16, 2023 | OpenSSF

In AI, Blog

OpenSSF Expands Support for AI Cyber Challenge (AIxCC)

In August 2023, OpenSSF announced our partnership with DARPA, to support the AI Cyber Challenge (AIxCC). We set up a generative AI and autonomy for cybersecurity (GaiaCS) project to support our partnership activities and today, we are excited to announce that OpenSSF has brought on board Will Pearce and Nick… Read more.
Strengthening Cybersecurity

Dec 15, 2023 | OpenSSF

In Blog

Strengthening Cybersecurity: NSA and ESF Partners Advocate Open Source Software Security with SBOM Emphasis

In a collective effort to fortify cybersecurity practices and safeguard the software supply chain, the US National Security Agency (NSA), in collaboration with the Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners, has released a comprehensive cybersecurity technical report (CTR).… Read more.

Dec 13, 2023 | OpenSSF

In Blog

Introducing SBOMit: Adding Verification to SBOMs

We’re happy to announce the launch of SBOMit – a tool to add in-toto attestations to SBOMs (Software Bills of Material). The SBOMit specification is a SBOM-format independent method for attesting components with additional verification information. Read more.
end users working group

Dec 12, 2023 | OpenSSF

In Blog

OpenSSF End Users Working Group: Representing the Interests of Open Source Software Consumers

This month’s spotlight focuses on the OpenSSF End Users Working Group, which aims to ensure that the distinct and impactful voice of end users is heard in the development and delivery of the technical vision of The Open Source Security Foundation (OpenSSF). It represents the interests of public and private… Read more.
Responds to the CISA RFC on Software Identification Ecosystem Analysis

Dec 11, 2023 | OpenSSF

In Blog

OpenSSF Responds to the CISA RFC on Software Identification Ecosystem Analysis

The OpenSSF has submitted a response to the Software Identification Ecosystem Option Analysis by the US Cybersecurity and Infrastructure Security Agency (CISA). This comes in light of CISA's announcement regarding the publication of the "Software Identification Ecosystem Option Analysis," a white paper delving into options for software identification. Read more.

Dec 5, 2023 | OpenSSF

Finding And Fixing Bugs in Open Source Software at Scale with a Grant from Alpha-Omega

OpenRefactory is working alongside Alpha-Omega's principals to report security vulnerabilities at scale in open source projects. It works with the maintainers to get the vulnerabilities fixed. Read more.

Dec 3, 2023 | OpenSSF

OpenSSF Announces New Members, Guiding Software Security Principles at OpenSSF Day Japan

The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), announced new members from leading technology firms and a new set of Secure Software Development Guiding Principles at OpenSSF Day Japan. Read more.
OpenSSF Releases Top 10 Secure Software Development Guiding Principles

Dec 3, 2023 | OpenSSF

In Blog

OpenSSF Releases Top 10 Secure Software Development Guiding Principles

Today, we are excited to announce version 1.0 of the Secure Software Development Guiding Principles. These 10 principles describe a series of foundational practices that, if followed, can help provide better assurance and security for organizations leveraging them. Though aspirational, they provide a set of core practices that producers and… Read more.