Skip to main content

šŸ“£ Submit your proposal: OpenSSF Community Day Korea | Open Source SecurityCon

OpenSSF Blog

Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.

GoldenEggAwardCRob

Jul 23, 2024 | OpenSSF

In Blog

Celebrating Excellence: An Interview with Golden Egg Award Winner Christopher ā€œCRobā€ Robinson

As we unveiled the Golden Egg Award winners in April during the SOSS Community Day North America, we recognized those who go above and beyond in enriching our community. Today, we spotlight Christopher ā€œCRobā€ Robinson, the winner of the Golden Egg Award for OpenSSF Community Engagement. CRob has made continuous… Read more.
GoldenEggAwardEU

Jul 19, 2024 | OpenSSF

In Blog

Recognizing Excellence in OSS Community: Golden Egg Award Nominations Are Now Open!

Submitting a nomination is easy! Fill out the nomination form, providing details about the nominee’s contributions and why you believe they deserve the Golden Egg Award. Read more.
AIxCCChallenge_Part2

Jul 17, 2024 | OpenSSF

In Blog

AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 2

In part 1 we discussed the Artificial Intelligence Cyber Challenge (AIxCC), a two-year competition to create AI systems that find software vulnerabilities and develop fixes to them. We also discussed a specific vulnerability in the Linux kernel, called needle, as an example of the kind of vulnerability we’d like such… Read more.
StateofEducationReport

Jul 17, 2024 | OpenSSF

The Linux Foundation and OpenSSF Release Report on the State of Education in Secure Software Development

Findings show nearly one-third of industry professionals are not familiar with secure software development practices Read more.
AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability1

Jul 10, 2024 | OpenSSF

In Blog

AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 1

Could artificial intelligence (AI) practically help find and fix vulnerabilities in a scalable way? We don’t know for certain, but there’s hope that it could. In this article, we’ll look at a competition to encourage the development of AI-enabled tools that will automatically find and fix vulnerabilities. By itself, this… Read more.
Developing_Secure_Software

Jul 8, 2024 | OpenSSF

In Blog

Learn How To Develop Secure Software!

The Open Source Security Foundation (OpenSSF), in partnership with Linux Foundation Training & Certification, offers a free online training course, Developing Secure Software (LFD121). Those who complete the course and pass the final exam will earn a free certificate of completion valid for two years. Read more.
Cover_Secure_Software_Development_Education_2024_Survey

Jul 5, 2024 | OpenSSF

In Blog

Why are Organizations Struggling to Implement Secure Software Development?

TheĀ Secure Software Development Education 2024 Survey, conducted through a partnership between the Open Source Security Foundation (OpenSSF) and Linux Foundation (LF) Research, examines the secure software development education needs of professionals in this field. Our results indicate that the need for security awareness and training is one of the top… Read more.
OSV

Jul 3, 2024 | OpenSSF

Chainguard Enhances Security With OSV Advisory Feed

In today's rapidly evolving open source ecosystem, managing vulnerabilities efficiently is crucial. To address this,Chainguard is now publishing its security advisory feed in the Open Source Vulnerabilities (OSV) format. This integration aims to simplify vulnerability management and enhance security for users of open source software. Read more.
ImprovingOpenSSFScorecardScores

Jun 28, 2024 | OpenSSF

Improving OpenSSF Scorecard Scores: StepSecurity Automation for Four Key Checks

Implementing security best practices is essential for open source maintainers to ensure their projects are secure and free from vulnerabilities. However, many maintainers find this task complex and time-consuming when done manually. The OpenSSF Scorecard offers an automated heuristic of how well key security processes are implemented in a project,… Read more.
SBOMit and Attestations

Jun 26, 2024 | OpenSSF

In Blog

A Deep Dive into SBOMit and Attestations

December 2023 saw the launch of SBOMit, a project that helps enhance the reliability and integrity of SBOMs (Software Bills of Materials). It does so by including, along with SBOMs, a series of in-toto attestations that are produced while the software is being created. SBOMit is hosted under the OpenSSF… Read more.