Aug 5, 2024 |
New Guide for Package Repositories to Adopt Trusted Publishers
By Seth Michael Larson The Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group (WG) has just released a new guide for maintainers of open source software repositories. The guide details a new security capability named āTrusted Publishersā which utilizes the OpenID Connect standard (OIDC) to authenticate with a… Read more.
Jul 31, 2024 |
Neo Malware: Malicious Open Source Packages
Malware is at the top of the list among things that keep security and development organizations on edge.Ā Read more.
Jul 31, 2024 |
How to Make Programming Language Package Repositories More Secure
Open source package repositories (like npm, PyPI, RubyGems, and others) serve out billions of packages per day. Most of the software we all use includes packages from these repositories, making them a critical part of securing software. Read more.
Jul 30, 2024 |
Datadog Joins Open Source Security Foundation (OpenSSF)
OpenSSF Welcomes Datadog as Premier Member Read more.
Jul 24, 2024 |
In Blog
SOSS Community Day EU Agenda Now Live!
We're thrilled to announce that the agenda for Secure Open Source Software (SOSS) Community Day EU on September 19, 2024, is now live! Join us for a day filled with insightful technical talks, engaging panels, and a hands-on Table Top Exercise (TTX). SOSS Community Day EU will be co-located with… Read more.
Jul 24, 2024 |
In Blog
SOSS Fusion 2024 CFP Results: A Look at Our Diverse and Engaging Program
As the Call for Proposals (CFP) for the Secure Open Source Software (SOSS) Fusion Conference wrapped up, we wanted to share some insights about the submissions that highlight how Fusion will be a premier event in open source security. SOSS Fusion brings together the brightest minds in software development and… Read more.
Jul 23, 2024 |
In Blog
Celebrating Excellence: An Interview with Golden Egg Award Winner Christopher āCRobā Robinson
As we unveiled the Golden Egg Award winners in April during the SOSS Community Day North America, we recognized those who go above and beyond in enriching our community. Today, we spotlight Christopher āCRobā Robinson, the winner of the Golden Egg Award for OpenSSF Community Engagement. CRob has made continuous… Read more.
Jul 19, 2024 |
In Blog
Recognizing Excellence in OSS Community: Golden Egg Award Nominations Are Now Open!
Submitting a nomination is easy! Fill out the nomination form, providing details about the nomineeās contributions and why you believe they deserve the Golden Egg Award. Read more.
Jul 17, 2024 |
In Blog
AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 2
In part 1 we discussed the Artificial Intelligence Cyber Challenge (AIxCC), a two-year competition to create AI systems that find software vulnerabilities and develop fixes to them. We also discussed a specific vulnerability in the Linux kernel, called needle, as an example of the kind of vulnerability weād like such… Read more.
Jul 17, 2024 |
The Linux Foundation and OpenSSF Release Report on the State of Education in Secure Software Development
Findings show nearly one-third of industry professionals are not familiar with secure software development practices Read more.