Dec 3, 2023 |
In Blog
OpenSSF Releases Top 10 Secure Software Development Guiding Principles
Today, we are excited to announce version 1.0 of the Secure Software Development Guiding Principles. These 10 principles describe a series of foundational practices that, if followed, can help provide better assurance and security for organizations leveraging them. Though aspirational, they provide a set of core practices that producers and… Read more.
Nov 29, 2023 |
In Blog
Strengthening the Fort 🏰: OpenSSF Releases Compiler Options Hardening Guide for C and C++
In the fast-changing landscape of cybersecurity, OpenSSF has taken a significant step towards enhancing the security of C and C++ software. This effort addresses a persistent class of software defects that have affected software, including open source software (OSS), since the dawn of the Internet. By releasing a comprehensive "Compiler… Read more.
Nov 28, 2023 |
In Blog
Cybersecurity in Energy Infrastructure: The Value of Open Source Software
LF Energy and OpenSSF released a new whitepaper on how open source software is critical to the innovation and transformation of our energy infrastructure. Contrary to common misconceptions, OSS offers not just affordability and adaptability but also a robust shield against cyber threats. Read more.
Nov 27, 2023 |
In Blog
OpenSSF introduces guide to becoming a CVE Numbering Authority as an Open Source project
The Open Source Security Foundation (OpenSSF) is excited to announce a new guide for Open Source projects that are interested in issuing and managing their own CVE IDs through the CVE Numbering Authority (CNA) program. The guide is available on GitHub and will be kept up-to-date with changes to CNA… Read more.
Nov 21, 2023 |
Sigstore: Simplifying Code Signing for Open Source Ecosystems
This month’s spotlight focuses on the Sigstore project. Digital signatures play a critical role in the software supply chain, by providing verifiable attributes of authentication, integrity, and non-repudiation of artifacts as they are distributed between consumers and producers. By ensuring that the origin of the software can be reliably traced… Read more.
Nov 20, 2023 |
In Blog
OpenSSF publishes Mission, Vision, Values, and Strategy
The open source software (OSS) community is ever-changing, and the security of OSS rapidly evolves in parallel. This requires OpenSSF to regularly re-evaluate our focus and approach to intentionally improve OSS security. Today the Open Source Security Foundation (OpenSSF) releases an updated Mission, Vision, Values and Strategy (MVS) for the… Read more.
Nov 17, 2023 |
In Blog
Securing the Software Supply Chain Report Recommends SBOM Consumption Practices for Critical Infrastructure Providers
In an era where cyber threats continue to evolve, securing the software supply chain has become paramount for organizations globally. Recognizing the critical need for a robust framework, the US National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and… Read more.
Nov 16, 2023 |
In Blog
OpenSSF Kicks Off Guest Blog Editorial Review Panel to Amplify Voices in the Security Community
Open source software (OSS) has grown exponentially in its adoption and usage in recent years, making its security a top priority. The Open Source Security Foundation (OpenSSF) recognizes the need to foster a community that shares knowledge, insights, and best practices to fortify OSS. With this in mind, we're pleased… Read more.
Nov 15, 2023 |
Alpha-Omega to Continue Support of Rust Foundation Security Initiative in 2024
Today, Alpha-Omega is excited to announce our second year of supporting the Rust Foundation Security Initiative. We believe that this funding will build on the good work and momentum established by the Rust Foundation in 2023. Through this partnership, we are helping relieve maintainer burdens while paving an important path… Read more.
Nov 14, 2023 |
In Blog
OpenSSF Supports oss-security and (linux-)distros Mailing Lists
As a part of the OpenSSF's mission to sustainably secure the development, maintenance and consumption of open source software, the OpenSSF earlier this year started to sponsor the operation of a critical piece of the community's infrastructure for communication. The oss-security and (linux)-distros mailing lists, which are operated by Openwall,… Read more.