Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Sep 16, 2024 |
In Blog
Join Us at the OSS Security Meetup in Tokyo, Japan
We are excited to announce that the Open Source Security Foundation (OpenSSF), a cross-industry initiative uniting the most important open source security efforts and their supporters, will host a meetup on Thursday, October 3rd, at Renesas Electronics. Read more.
Sep 13, 2024 |
In Blog
Must-Attend Sessions at SOSS Community Day EU and Open Source Summit Europe 2024
Secure Open Source Software (SOSS) Community Day EU and Open Source Summit Europe 2024 are just around the corner in Vienna, Austria! Join fellow open source enthusiasts from September 16 - 19, 2024, as they come together to connect, share knowledge, and push the boundaries of innovation in the open… Read more.
Sep 5, 2024 |
Simplify SBOM Management for Developers: Introducing Bomctl
Software security is a top priority, and understanding the components that make up your software is crucial. Software Bill of Materials (SBOMs) play a vital role in achieving this by providing a detailed list of these components and their relationships. Read more.
Sep 4, 2024 |
In Blog
Prioritizing Security: Key Findings from the OpenSSF Survey for Financial Institutions
The Linux Foundation's Open Source Security Foundation (OpenSSF) Secure Software Development Education 2024 Survey offers crucial insights that are particularly relevant to the financial services industry, including FINOS members such as sell-side banks, buy-side firms, and wealth managers. As these organizations increasingly rely on software to drive operations, the emphasis on secure… Read more.
Aug 28, 2024 |
In Blog
AIxCC Semifinals at DEF CON Showcase AI’s Potential in Securing Critical OSS Projects
Competitors’ Cyber Reasoning Systems proved up to the AIxCC Challenge at DEF CON 32 this month, with seven teams advancing to the finals of the two-year competition aimed at finding and fixing vulnerabilities in critical software projects. Read more.
Aug 27, 2024 |
Innovative Supply Chain Security for Enterprise Cloud Platform Service
This blog explores how Guidewire Cloud Platform is using and collaborating with GUAC. Read more.
Aug 19, 2024 |
In Blog
A Bird’s-Eye View of LFD 121 (Developing Secure Software) — and Why Every Developer Should Take It
Software security has continued to grow in importance. The Linux Foundation has undertaken various initiatives around open source software security, such as the Open Source Security Foundation (OpenSSF)—–a full list of initiatives is available on LF Security. Read more.
Aug 15, 2024 |
In Blog
GUAC v0.8.0 Released
GUAC v0.8.0 is now available. This release brings support for license information, node deletion, and many other improvements. Read more.
Aug 14, 2024 |
In Blog
Announcing SigstoreCon: Supply Chain Day!
Join us for SigstoreCon: Supply Chain Day! Co-located with Kubecon NA 2024 in Salt Lake City, attendees will learn about simplifying signing and verification for digital artifacts using Sigstore, as well as related software supply chain efforts such as SLSA, The Update Framework, binary transparency, and more! CFP deadline is September 13. Read more.
Aug 12, 2024 |
In Blog
Mitigating Attack Vectors in GitHub Workflows
GitHub Actions are commonly used to automate processes in repositories, by running CI (continuous integration) tests on pull requests for example. It can also be used to make a package release process more secure just by making it automated. But, it is important to be careful to ensure that they… Read more.