Skip to main content

As part of the Open Source Security Foundation (OpenSSF), many companies have adopted our tools and technology to improve their cybersecurity efforts. We invite you to join our community and contribute to the ongoing efforts in strengthening open source software security.

Aug 27, 2024

Innovative Supply Chain Security for Enterprise Cloud Platform Service

This blog explores how Guidewire Cloud Platform is using and collaborating with GUAC. Read more.
Stacklok Case Study

Jun 4, 2024

OpenSSF Case Study: Enhancing Open Source Security with Sigstore at Stacklok

Stacklok was founded in 2023 by Craig McLuckie (co-creator of Kubernetes) and Luke Hinds (creator of the OpenSSF project Sigstore), with the goal of helping developers produce and consume open source software more safely. Read more.
Introducing_Artifact_Attestations

May 24, 2024

Introducing Artifact Attestations—Now in Public Beta

There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to their source code and build instructions. And with more than 100 million developers building on GitHub, we want to ensure that developers have the tools needed to help… Read more.
Intel OpenSSF Scorecard Secure Sofware Portfolio

Mar 25, 2024

How Intel Uses OpenSSF Scorecard To Better Secure Its Software Portfolio

Scorecard is an automated tool from the OpenSSF that assesses 19 different vectors with heuristics ("checks") associated with important software security aspects and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your… Read more.

Feb 16, 2024

Scaling Up Supply Chain Security: Implementing Sigstore for Seamless Container Image Signing

In this post, we will explore how Yahoo leverages Sigstore, in concert with Athenz, an open source platform for managing X.509 certificates, as an internal Certificate Authority, to sign and verify container images.  Read more.
OpenSSF Scorecard Case Study IBM

Mar 20, 2023

Improving Supply Chain Security: IBM as a user and a contributor to Open Source Security Foundation Scorecard

Scorecard is becoming a key part of IBM’s review and curation of the open-source software in our products and services. IBM is committed to helping address the systemic security issues in modern SW supply chains and believes an important part of this effort is to help the open-source ecosystem improve… Read more.

Microsoft worked with partners to establish the OpenSSF to ensure the open source communities we collectively build, support, and depend upon have the best tools, infrastructure, and experience to be as secure as possible. We are proud to continue investing in that mission’s success.

Mark RussinovichAzure CTO and Technical Fellow at Microsoft

As a longstanding member of the open source community, Intel strongly supports organizations like OpenSSF that inspire and enable the creation of more innovative solutions that secure the open source software we all depend on. Our contributions, along with other members of the open source ecosystem, help OpenSSF continue to break down barriers of security for all.

Arun GuptaVice President and General Manager for Open Ecosystem at Intel Corporation and OpenSSF Governing Board Chair

NYU Tandon is working with OpenSSF to improve open source security. OpenSSF's mission of securing the software supply chain is one of the key security issues of our time. We are proud to help the OpenSSF shape a more secure future, while training the next generation of cybersecurity professionals.

Justin CapposAssociate Professor, Tandon Computer Science and Engineering Department at New York University

Open source software security is a top priority for AWS. That’s why we are deeply invested in multiple initiatives, including OpenSSF, to provide open source communities with the financial support, expertise, and resources they need to enhance the security of the software that we all rely on.

Mark RylandDirector, Amazon Security at Amazon Web Services (AWS)

The OpenSSF plays a vital role in strengthening the security posture of open source software by bringing together open source developers and the industry to jointly create tools and methods for secure open source software development. Ericsson is a proud and committed supporter of the OpenSSF’s mission.

Per BemingHead of Standard and Industry Initiatives, Ericsson

OpenSSF’s support, collaboration, and resources enable us to move forward confidently, ensuring that our innovations not only push boundaries but also uphold strong security standards. As a contributing OpenSSF member, we reinforce Intel’s dedication to advancing open source software security and creating trusted open solutions for the future.

Katherine DruckmanOpen Source Security Evangelist, Intel Corporation