Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Aug 12, 2024 |
In Blog
Mitigating Attack Vectors in GitHub Workflows
GitHub Actions are commonly used to automate processes in repositories, by running CI (continuous integration) tests on pull requests for example. It can also be used to make a package release process more secure just by making it automated. But, it is important to be careful to ensure that they… Read more.
Aug 8, 2024 |
In Blog
Call for Proposals: SOSS Community Day Japan 2024
We are excited to announce that the OpenSSF is hosting Security of Open Source Software (SOSS) Community Day Japan 2024, scheduled for Wednesday, October 30, 2024. This one-day event will take place in Tokyo, Japan, and the call for proposals (CFP) is now open. Read more.
Aug 8, 2024 |
In Blog
What’s Next for Open Source? Workshop Highlights and Calls to Action to Inspire Progress for Global Sustainability
In July, a historic moment took place for open source, where it took center stage at the two-day "OSPOs for Good"Â symposium at the United Nations. Co-hosted by Kenya and Germany, experts from the worlds of open source, government, and NGOs came together to learn and share how open source is… Read more.
Aug 6, 2024 |
In Blog
OSS Security Adventure: Recap of Recent Security-Focused Events Featuring OpenSSF
In July, Open Source Security Foundation (OpenSSF) participated in three key events that highlight its dedication to enhancing open source software security for the global public good: the United Nations OSPOs for Good 2024 Conference and the Whatâs Next for Open Source? Workshops both in New York City, as well… Read more.
Aug 5, 2024 |
New Guide for Package Repositories to Adopt Trusted Publishers
By Seth Michael Larson The Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group (WG) has just released a new guide for maintainers of open source software repositories. The guide details a new security capability named âTrusted Publishersâ which utilizes the OpenID Connect standard (OIDC) to authenticate with a… Read more.
Jul 31, 2024 |
Neo Malware: Malicious Open Source Packages
Malware is at the top of the list among things that keep security and development organizations on edge. Read more.
Jul 31, 2024 |
How to Make Programming Language Package Repositories More Secure
Open source package repositories (like npm, PyPI, RubyGems, and others) serve out billions of packages per day. Most of the software we all use includes packages from these repositories, making them a critical part of securing software. Read more.
Jul 30, 2024 |
Datadog Joins Open Source Security Foundation (OpenSSF)
OpenSSF Welcomes Datadog as Premier Member Read more.
Jul 24, 2024 |
In Blog
SOSS Community Day EU Agenda Now Live!
We're thrilled to announce that the agenda for Secure Open Source Software (SOSS) Community Day EU on September 19, 2024, is now live! Join us for a day filled with insightful technical talks, engaging panels, and a hands-on Table Top Exercise (TTX). SOSS Community Day EU will be co-located with… Read more.
Jul 24, 2024 |
In Blog
SOSS Fusion 2024 CFP Results: A Look at Our Diverse and Engaging Program
As the Call for Proposals (CFP) for the Secure Open Source Software (SOSS) Fusion Conference wrapped up, we wanted to share some insights about the submissions that highlight how Fusion will be a premier event in open source security. SOSS Fusion brings together the brightest minds in software development and… Read more.