Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Jul 23, 2024 |
In Blog
Celebrating Excellence: An Interview with Golden Egg Award Winner Christopher āCRobā Robinson
As we unveiled the Golden Egg Award winners in April during the SOSS Community Day North America, we recognized those who go above and beyond in enriching our community. Today, we spotlight Christopher āCRobā Robinson, the winner of the Golden Egg Award for OpenSSF Community Engagement. CRob has made continuous… Read more.
Jul 19, 2024 |
In Blog
Recognizing Excellence in OSS Community: Golden Egg Award Nominations Are Now Open!
Submitting a nomination is easy! Fill out the nomination form, providing details about the nomineeās contributions and why you believe they deserve the Golden Egg Award. Read more.
Jul 17, 2024 |
In Blog
AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 2
In part 1 we discussed the Artificial Intelligence Cyber Challenge (AIxCC), a two-year competition to create AI systems that find software vulnerabilities and develop fixes to them. We also discussed a specific vulnerability in the Linux kernel, called needle, as an example of the kind of vulnerability weād like such… Read more.
Jul 17, 2024 |
The Linux Foundation and OpenSSF Release Report on the State of Education in Secure Software Development
Findings show nearly one-third of industry professionals are not familiar with secure software development practices Read more.
Jul 10, 2024 |
In Blog
AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 1
Could artificial intelligence (AI) practically help find and fix vulnerabilities in a scalable way? We donāt know for certain, but thereās hope that it could. In this article, weāll look at a competition to encourage the development of AI-enabled tools that will automatically find and fix vulnerabilities. By itself, this… Read more.
Jul 8, 2024 |
In Blog
Learn How To Develop Secure Software!
The Open Source Security Foundation (OpenSSF), in partnership with Linux Foundation Training & Certification, offers a free online training course, Developing Secure Software (LFD121). Those who complete the course and pass the final exam will earn a free certificate of completion valid for two years. Read more.
Jul 5, 2024 |
In Blog
Why are Organizations Struggling to Implement Secure Software Development?
TheĀ Secure Software Development Education 2024 Survey, conducted through a partnership between the Open Source Security Foundation (OpenSSF) and Linux Foundation (LF) Research, examines the secure software development education needs of professionals in this field. Our results indicate that the need for security awareness and training is one of the top… Read more.
Jul 3, 2024 |
Chainguard Enhances Security With OSV Advisory Feed
In today's rapidly evolving open source ecosystem, managing vulnerabilities efficiently is crucial. To address this,Chainguard is now publishing its security advisory feed in the Open Source Vulnerabilities (OSV) format. This integration aims to simplify vulnerability management and enhance security for users of open source software. Read more.
Jun 28, 2024 |
Improving OpenSSF Scorecard Scores: StepSecurity Automation for Four Key Checks
Implementing security best practices is essential for open source maintainers to ensure their projects are secure and free from vulnerabilities. However, many maintainers find this task complex and time-consuming when done manually. The OpenSSF Scorecard offers an automated heuristic of how well key security processes are implemented in a project,… Read more.
Jun 26, 2024 |
In Blog
A Deep Dive into SBOMit and Attestations
December 2023 saw the launch of SBOMit, a project that helps enhance the reliability and integrity of SBOMs (Software Bills of Materials). It does so by including, along with SBOMs, a series of in-toto attestations that are produced while the software is being created. SBOMit is hosted under the OpenSSF… Read more.