Jul 10, 2024 |
In Blog
AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 1
Could artificial intelligence (AI) practically help find and fix vulnerabilities in a scalable way? We donāt know for certain, but thereās hope that it could. In this article, weāll look at a competition to encourage the development of AI-enabled tools that will automatically find and fix vulnerabilities. By itself, this… Read more.
Jul 8, 2024 |
In Blog
Learn How To Develop Secure Software!
The Open Source Security Foundation (OpenSSF), in partnership with Linux Foundation Training & Certification, offers a free online training course, Developing Secure Software (LFD121). Those who complete the course and pass the final exam will earn a free certificate of completion valid for two years. Read more.
Jul 5, 2024 |
In Blog
Why are Organizations Struggling to Implement Secure Software Development?
TheĀ Secure Software Development Education 2024 Survey, conducted through a partnership between the Open Source Security Foundation (OpenSSF) and Linux Foundation (LF) Research, examines the secure software development education needs of professionals in this field. Our results indicate that the need for security awareness and training is one of the top… Read more.
Jul 3, 2024 |
Chainguard Enhances Security With OSV Advisory Feed
In today's rapidly evolving open source ecosystem, managing vulnerabilities efficiently is crucial. To address this,Chainguard is now publishing its security advisory feed in the Open Source Vulnerabilities (OSV) format. This integration aims to simplify vulnerability management and enhance security for users of open source software. Read more.
Jun 28, 2024 |
Improving OpenSSF Scorecard Scores: StepSecurity Automation for Four Key Checks
Implementing security best practices is essential for open source maintainers to ensure their projects are secure and free from vulnerabilities. However, many maintainers find this task complex and time-consuming when done manually. The OpenSSF Scorecard offers an automated heuristic of how well key security processes are implemented in a project,… Read more.
Jun 26, 2024 |
In Blog
A Deep Dive into SBOMit and Attestations
December 2023 saw the launch of SBOMit, a project that helps enhance the reliability and integrity of SBOMs (Software Bills of Materials). It does so by including, along with SBOMs, a series of in-toto attestations that are produced while the software is being created. SBOMit is hosted under the OpenSSF… Read more.
Jun 21, 2024 |
An Open Source Approach to Threat Mitigation in AWS
The security of cloud environments is a top priority for organisations worldwide. According to research by Omdia, supporting cloud and digital transformation projects is one of the top three priorities for cyber security teams, alongside skills development and protecting against ransomware. From a security perspective, getting the right skills around… Read more.
Jun 18, 2024 |
In Blog
Know Your Regular Expressions: Securing Input Validation Across Languages
The Open Source Security Foundation (OpenSSF) Best Practices Working Group (WG) has just released a short guide, Correctly Using Regular Expressions for Secure Input Validation! Hereās why itās important. Read more.
Jun 18, 2024 |
Open Source Security Foundation Launches āWhatās in the SOSS?ā Podcast
The Open Source Security Foundation (OpenSSF) has launched a new podcast titled āWhatās in the SOSS?ā With biweekly episodes, the series explores the world of secure open source software, delivering insights from industry leaders and innovators.Ā Read more.
Jun 17, 2024 |
In Blog
July in NYC: Join Us at the United Nationsā (UNās) OSPOs for Good 2024 Conference & the āWhatās Next for Open Source?ā Event
OpenSSF is excited to participate in two major events happening in July in New York City (NYC) that are dedicated to promoting open source as a tool for global cooperation and sustainable development. These events will bring together a diverse group of global open source leaders, policymakers, and innovators. Read more.