Skip to main content

📣 Submit your proposal: OpenSSF Community Day Korea | Open Source SecurityCon

OpenSSF Blog

Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.

Mitigating attack vectors in GitHub Workflows

Aug 12, 2024 | OpenSSF

In Blog

Mitigating Attack Vectors in GitHub Workflows

GitHub Actions are commonly used to automate processes in repositories, by running CI (continuous integration) tests on pull requests for example. It can also be used to make a package release process more secure just by making it automated. But, it is important to be careful to ensure that they… Read more.
CFP_SOSSJP

Aug 8, 2024 | OpenSSF

In Blog

Call for Proposals: SOSS Community Day Japan 2024

We are excited to announce that the OpenSSF is hosting Security of Open Source Software (SOSS) Community Day Japan 2024, scheduled for Wednesday, October 30, 2024. This one-day event will take place in Tokyo, Japan, and the call for proposals (CFP) is now open. Read more.
What's Next for Open Source? Workshop Highlights and Calls to Action to Inspire Progress for Global Sustainability

Aug 8, 2024 | OpenSSF

In Blog

What’s Next for Open Source? Workshop Highlights and Calls to Action to Inspire Progress for Global Sustainability

In July, a historic moment took place for open source, where it took center stage at the two-day "OSPOs for Good" symposium at the United Nations. Co-hosted by Kenya and Germany, experts from the worlds of open source, government, and NGOs came together to learn and share how open source is… Read more.
RecentSecurityEvents

Aug 6, 2024 | OpenSSF

In Blog

OSS Security Adventure: Recap of Recent Security-Focused Events Featuring OpenSSF

In July, Open Source Security Foundation (OpenSSF) participated in three key events that highlight its dedication to enhancing open source software security for the global public good: the United Nations OSPOs for Good 2024 Conference and the What’s Next for Open Source? Workshops both in New York City, as well… Read more.
New Guide for Package Repositories to Adopt Trusted Publishers

Aug 5, 2024 | OpenSSF

New Guide for Package Repositories to Adopt Trusted Publishers

By Seth Michael Larson The Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group (WG) has just released a new guide for maintainers of open source software repositories. The guide details a new security capability named “Trusted Publishers” which utilizes the OpenID Connect standard (OIDC) to authenticate with a… Read more.

Jul 31, 2024 | OpenSSF

Neo Malware: Malicious Open Source Packages

Malware is at the top of the list among things that keep security and development organizations on edge.  Read more.
How to Make Programming Language Package Repositories More Secure

Jul 31, 2024 | OpenSSF

How to Make Programming Language Package Repositories More Secure

Open source package repositories (like npm, PyPI, RubyGems, and others) serve out billions of packages per day. Most of the software we all use includes packages from these repositories, making them a critical part of securing software. Read more.
DatadogJoinsOpenSSF

Jul 30, 2024 | OpenSSF

Datadog Joins Open Source Security Foundation (OpenSSF)

OpenSSF Welcomes Datadog as Premier Member Read more.
SOSSCDEU_Agenda

Jul 24, 2024 | OpenSSF

In Blog

SOSS Community Day EU Agenda Now Live!

We're thrilled to announce that the agenda for Secure Open Source Software (SOSS) Community Day EU on September 19, 2024, is now live! Join us for a day filled with insightful technical talks, engaging panels, and a hands-on Table Top Exercise (TTX). SOSS Community Day EU will be co-located with… Read more.
SOSS Fusion 24 CFP Results

Jul 24, 2024 | OpenSSF

In Blog

SOSS Fusion 2024 CFP Results: A Look at Our Diverse and Engaging Program

As the Call for Proposals (CFP) for the Secure Open Source Software (SOSS) Fusion Conference wrapped up, we wanted to share some insights about the submissions that highlight how Fusion will be a premier event in open source security. SOSS Fusion brings together the brightest minds in software development and… Read more.