Are you an OpenSSF contributor with insights on open source security? Write a guest post for our blog and share your expertise with the community!
OpenSSF Blog
Jul 18, 2022 |
Results of Sigstore and slf4j Security Audits Including 1 High Risk Vulnerability Found and Fixed
Weāre excited to report the results of two security audits, one for Sigstore and one for slf4j. The goal of security audits is to find vulnerabilities so they can be fixed before attackers exploit them, as well as to identify opportunities to harden a projectās implementation and processes to counter… Read more.
Jun 22, 2022 |
Free Training Course Teaches How to Secure a Software Supply Chain with Sigstoreļæ¼
To make it easier to use Sigstoreās toolkit to its full potential, OpenSSF and Linux Foundation Training & Certification released a free online training course, Securing Your Software Supply Chain with Sigstore (LFS182x), designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers,… Read more.
Jun 21, 2022 |
In Blog
State of Open Source Security 2022 from Snyk & the Linux Foundation
Snyk has teamed up with the Linux Foundation to research and report on security concerns in the open source ecosystem. The 2022 State of Open Source Security report shows that many organizations still donāt have good policies and governance around open source security in spite of the popularity of open… Read more.
Jun 20, 2022 |
In Blog
New Untold Stories of Open Source Podcast Features OpenSSF’s Brian Behlendorf on his Journey to Securing the FOSS Software Supply Chain
The Linux Foundation released a new podcast series, āThe Untold Stories of Open Source.ā Join us each week as we meet the people behind the code, discover their often unconventional journey to the world of open source, and learn the challenges they faced along the way. Read more.
Jun 20, 2022 |
In Blog
OpenSSF Makes Secure Software Development Training Available on Organizationsā Learning Management Systems
The free "Developing Secure Software" (LFD121) online training course is now available through SCORM Connect, so that organizations with their own SCORM-compliant Learning Management Systems (LMSs) can integrate the course into their own LMSs. Making this training that is available for free through Linux Foundation Training & Certification also accessible… Read more.
Jun 20, 2022 |
OpenSSF Funds Python and Eclipse Foundations and Acquires SOS.dev through Alpha-Omega Project
As part of the OpenSSFās continued investment in critical open-source projects, we are pleased to announce that the OpenSSFās Alpha-Omega Project has committed to $800,000 in funding split equally among the Python Software Foundation (PSF) and the Eclipse Foundation to fund critical security roles. We are also happy to announce… Read more.
Jun 9, 2022 |
In Blog
Introducing Fuzz Introspector, an OpenSSF Tool to Improve Fuzzing Coverage
We are excited to announce an initial release of Fuzz Introspector, a collaborative effort from OpenSSF members, that provides actionable insights for developers to identify fuzzing coverage blockers by analyzing functions, static call graphs, and runtime coverage information. Resolving these blockers will help unlock improved fuzzing coverage, resulting in more… Read more.
May 11, 2022 |
In Blog
Testimony to the US House Committee on Science and Technology
Weāre pleased to share that Brian Behlendorf, OpenSSF General Manager, testified to the United States House of Representatives Committee on Science, Space, and Technology today. Brian's testimony shares the work being done within the Open Source Security Foundation and broader open source software community to improve security and trustworthiness of… Read more.
Apr 28, 2022 |
In Blog
Introducing Package Analysis: Scanning open source packages for malicious behavior
By Caleb Brown and David A. Wheeler, on behalf of Securing Critical Projects Working Group Today we're pleased to announce the initial prototype version of the Package Analysis project, an OpenSSF project addressing the challenge of identifying malicious packages in popular open source repositories. In just one month of analysis,… Read more.
Apr 19, 2022 |
In Blog
Your Favorite Software Repositories, Now Working Together
Authors: Dustin Ingram (Google), Jacques Chester (Shopify) A software repository is a critical component of any open source ecosystem: it provides a trusted central channel to publish, store and distribute open-source third-party software to all consumers. Package indexes and package managers exist for almost every software ecosystem, and share many… Read more.