Jan 13, 2022 |
In Blog
The OpenSSF and the Linux Foundation Address Software Supply Chain Security Challenges at White House Summit
Today marks an important moment in the Linux Foundationās history of engagement with public sector organizations. The White House convened an important cross-section of the Open Source developer and commercial ecosystem along with leaders and experts of many U.S. federal agencies to identify the challenges present in the open source… Read more.
Dec 16, 2021 |
In Blog
Open Source Foundations Must Work Together to Prevent the Next Log4Shell Scramble
As someone who has spent their entire career in open source software (OSS), the Log4Shell scramble (an industry-wide four-alarm-fire to address a serious vulnerability in the Apache Log4j package) is a humbling reminder of just how far we still have to go. OSS is now central to the functioning of… Read more.
Dec 10, 2021 |
In Blog
Securing Critical Open Source Projects with Multifactor Authentication
The Open Source Security Foundation (OpenSSF) Developer Best Practices Working Group has undertaken a project to improve the overall security and integrity of critical open source software projects and their supply chains.Ā Dubbed āThe Great MFA Distribution Projectā, the group is putting hardware multi-factor authentication (MFA) tokens into the hands… Read more.
Nov 15, 2021 |
In Blog
November Town Hall Recording
On behalf of the OpenSSF community and staff, thank you to everyone who joined our quarterly town hall meeting today. If you weren't able to attend the live presentation, check out the recording below and let us know if you have any questions or want to get more involved with… Read more.
Oct 25, 2021 |
In Blog
OpenSSF Quarterly Town Hall Announcement – UPDATED
The OpenSSF community is excited to chat more in-depth about several exciting project updates and recent announcements! We hope you'll join us for our next community Town Hall, to be held Monday, November 15 at 10 a.m. PT (click here to see it in your local time). This event is… Read more.
Oct 13, 2021 |
In Blog
The Worldās Major Technology Providers Converge to Improve the Security of Software Supply Chains
Imagine you have created an open source project that has become incredibly popular. Thousands, if not millions, of developers worldwide, rely on the lines of code that you wrote. You have become an accidental hero of that community ā people love your code, contribute to improving it, requesting new features,… Read more.
Sep 27, 2021 |
In Blog
Announcing the OpenSSF Vulnerability Disclosure WG guide to disclosure for OSS projects
Authors: Anne Bertucio, Christopher Robinson, David Wheeler, OpenSSF Vulnerability Disclosure WG members https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md Vulnerability disclosure is the process of reporting, remediating, and communicating the details of a discovered vulnerability.Ā This is a critical component of software security both for the software communities that create the code as well as the… Read more.
Aug 11, 2021 |
In Blog
Introducing the Allstar GitHub App
Authors: Mike Maraya, Jeff Mendoza Weāre excited to announce Allstar, a GitHub app that provides automated continuous enforcement of security best practices for GitHub projects. With Allstar, owners can check for security policy adherence, set desired enforcement actions, and continuously enact those enforcements when triggered by a setting or file… Read more.
Jul 28, 2021 |
In Blog
July 2021 Update – New members and new resources for Best Practices and Vulnerability Disclosures underway
The Open Source Security Foundation (OpenSSF) community is working diligently to improve the security of the open source ecosystem. This is no small mission, so we are excited to share all of the work that is happening. In case you missed our recent Town Hall meeting, the resources can be… Read more.
May 14, 2021 |
In Blog
How LF communities enable security measures required by the US Executive Order on Cybersecurity
Our communities take security seriously and have been instrumental in creating the tools and standards that every organization needs to comply with the recent US Executive Order Overview The US White House recently released its Executive Order (EO) on Improving the Nationās Cybersecurity (along with a press call) to counter āpersistent and increasingly… Read more.