Blog – Open Source Security Foundation

📚 FREE Security Course: Learn to Develop Secure Software With LFD121 📚 ENROLL NOW

Nov 11, 2024

The OpenSSF Armored Goose “Honk”: Advancing Open Source Security

Nov 4, 2024

How We Can Learn from Open Source Software to Address the Challenges of AI

Nov 1, 2024

Red Hat’s Collaboration with the OpenSSF and OSV.dev Yields Results: Red Hat Security Data Now Available in the OSV Format

Oct 29, 2024

OpenSSF Welcomes New Members and Introduces New Initiatives at SOSS Community Day Japan

Oct 29, 2024

OpenSSF Expands Secure Development Course with Interactive Labs

Oct 28, 2024

OpenSSF Adds Minder as a Sandbox Project to Simplify the Integration and Use of Open Source Security Tools

Oct 25, 2024

Cybersecurity Awareness Month 2024: Stay Secure, Stay Informed

Oct 24, 2024

Case Study: Kusari’s Implementation of OpenSSF Tools and Services

Oct 22, 2024

OpenSSF SOSS Fusion Conference Kicks off with Talks from Google and Cisco Executives

Oct 17, 2024

Developer Relations: The Human Connection Driving Open Source Security

Oct 16, 2024

OpenSSF Education Tech Talk Highlights & Future Opportunities

Oct 2, 2024

Recap on SOSS Community Day EU

Sep 26, 2024

OpenSSF Announces Key Themes of AI Security, Diversity and Open Source Public Policy at SOSS Fusion Conference

Sep 20, 2024

OpenSSF at Grace Hopper Celebration 2024: Advancing Diversity and Security in Open Source

Sep 19, 2024

OpenSSF Welcomes New Members and Presents Golden Egg Award at SOSS Community Day Europe

Sep 16, 2024

Join Us at the OSS Security Meetup in Tokyo, Japan

Sep 13, 2024

Must-Attend Sessions at SOSS Community Day EU and Open Source Summit Europe 2024

Sep 5, 2024

Simplify SBOM Management for Developers: Introducing Bomctl

Sep 4, 2024

Prioritizing Security: Key Findings from the OpenSSF Survey for Financial Institutions

Aug 28, 2024

AIxCC Semifinals at DEF CON Showcase AI’s Potential in Securing Critical OSS Projects

Aug 27, 2024

Innovative Supply Chain Security for Enterprise Cloud Platform Service

Aug 19, 2024

A Bird’s-Eye View of LFD 121 (Developing Secure Software) — and Why Every Developer Should Take It

Aug 15, 2024

GUAC v0.8.0 Released

Aug 14, 2024

Announcing SigstoreCon: Supply Chain Day!

Aug 12, 2024

Mitigating Attack Vectors in GitHub Workflows

Aug 8, 2024

Call for Proposals: SOSS Community Day Japan 2024

Aug 8, 2024

What’s Next for Open Source? Workshop Highlights and Calls to Action to Inspire Progress for Global Sustainability

Aug 6, 2024

OSS Security Adventure: Recap of Recent Security-Focused Events Featuring OpenSSF

Aug 5, 2024

New Guide for Package Repositories to Adopt Trusted Publishers

Jul 31, 2024

Neo Malware: Malicious Open Source Packages

Jul 31, 2024

How to Make Programming Language Package Repositories More Secure

Jul 30, 2024

Datadog Joins Open Source Security Foundation (OpenSSF)

Jul 24, 2024

SOSS Community Day EU Agenda Now Live!

Jul 24, 2024

SOSS Fusion 2024 CFP Results: A Look at Our Diverse and Engaging Program

Jul 23, 2024

Celebrating Excellence: An Interview with Golden Egg Award Winner Christopher “CRob” Robinson

Jul 19, 2024

Recognizing Excellence in OSS Community: Golden Egg Award Nominations Are Now Open!

Jul 17, 2024

AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 2

Jul 17, 2024

The Linux Foundation and OpenSSF Release Report on the State of Education in Secure Software Development

Jul 10, 2024

AI Cyber Challenge (AIxCC) and the Needle Linux Kernel Vulnerability – Part 1

Jul 8, 2024

Learn How To Develop Secure Software!

Jul 5, 2024

Why are Organizations Struggling to Implement Secure Software Development?

Jul 3, 2024

Chainguard Enhances Security With OSV Advisory Feed

Jun 28, 2024

Improving OpenSSF Scorecard Scores: StepSecurity Automation for Four Key Checks

Jun 26, 2024

A Deep Dive into SBOMit and Attestations

Jun 21, 2024

An Open Source Approach to Threat Mitigation in AWS

Jun 18, 2024

Know Your Regular Expressions: Securing Input Validation Across Languages

Jun 18, 2024

Open Source Security Foundation Launches “What’s in the SOSS?” Podcast

Jun 17, 2024

July in NYC: Join Us at the United Nations’ (UN’s) OSPOs for Good 2024 Conference & the “What’s Next for Open Source?” Event

Jun 14, 2024

OpenSSF GUAC Tech Talk Highlights

Jun 11, 2024

Ubuntu Security Notices Now Available in OSV

Jun 4, 2024

OpenSSF Case Study: Enhancing Open Source Security with Sigstore at Stacklok

Jun 3, 2024

Final Call: Submit your Technical Initiatives (TI) Funding Request by June 7th, 2024

May 31, 2024

The OSS Security Adventure: Exploring the Frontlines of OSS Security through SOSS Policy Summit, RSA Conference, and Japan Meetup

May 30, 2024

Beyond the OpenSSF: An Introduction to Other Security Efforts Across the Linux Foundation

May 29, 2024

The Opportunity for DEI Participation in the Security Industry (And OpenSSF)

May 24, 2024

Introducing Artifact Attestations—Now in Public Beta

May 22, 2024

OpenSSF Joins Open Source Consortium To Define E.U. CRA Security Specifications

May 20, 2024

Enhancing Open Source Security: Introducing Siren by OpenSSF

May 17, 2024

Where Does Your Software (Really) Come From?

May 16, 2024

Join Our Upcoming OpenSSF Tech Talk: Proactive Supply Chain Security with GUAC

May 14, 2024

Call for Proposals: Submit to Speak at SOSS Community Day Europe

May 13, 2024

Unlock the Keys to Improved Software Security

May 8, 2024

DruBOM: An SBOM for Drupal

May 2, 2024

Recap of SOSS Community Day North America 2024

May 1, 2024

OpenSSF Taps Bruce Schneier to Discuss AI and OSS Security During Keynote at SOSS Fusion Conference 2024

Apr 24, 2024

Spotlight on the OpenSSF AI/ML Working Group

Apr 22, 2024

Join Us at the OSS Security Meetup in Tokyo, Japan With General Manager Omkhar + SOSS Community Day North America Event Report

Apr 17, 2024

Beyond Scores with OpenSSF Scorecard: Granular Structured Results for Custom Policy Enforcement

Apr 16, 2024

CISA, DHS S&T and OpenSSF Announce Global Launch of Software Supply Chain Open Source Project

Apr 15, 2024

OpenSSF Announces New Members & Initiatives at SOSS Community Day North America

Apr 15, 2024

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

Apr 15, 2024

Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security

Apr 12, 2024

Sessions You Won’t Want to Miss at SOSS Community Day NA and Open Source Summit North America 2024

Apr 11, 2024

“What’s in the SOSS?” Podcast is Now Live

Apr 10, 2024

Join us for a TTX: Securing OSS & Empowering Maintainers

Apr 4, 2024

Static Binary Analysis: A Final Exam for Software Supply Chain Protection

Mar 30, 2024

xz Backdoor CVE-2024-3094

Mar 29, 2024

VulnCon 2024 Wrap-up: Securing the Ecosystem through Global Cooperation

Mar 25, 2024

How Intel Uses OpenSSF Scorecard To Better Secure Its Software Portfolio

Mar 22, 2024

Empowering Women in Tech: An Interview on Angela Jeffrey’s Journey to Cybersecurity

Mar 21, 2024

OpenSSF Scorecard Tech Talk Highlights

Mar 20, 2024

Driving Change Together: The OpenSSF Takes On VulnCon

Mar 20, 2024

Sigstore Graduates: A Monumental Step Towards Secure Software Supply Chains

Mar 19, 2024

Join OpenSSF for our First Tabletop Exercise (TTX) at SOSS Community Day North America

Mar 19, 2024

How OpenSSF Technical Initiatives Can Receive Strategic Funding

Mar 18, 2024

OpenSSF Releases Plan for Improving Software Developer Security Education

Mar 15, 2024

The India Initiative: An OpenSSF Awareness Program for a Secure Future

Mar 14, 2024

OpenSSF Marketing Advisory Council Aims to Shape the Future of Open Source Security Advocacy

Mar 11, 2024

Participate in Our Survey on Secure Software Development Education!

Mar 7, 2024

OpenSSF and CISA Join Forces to Secure Open Source Software

Mar 7, 2024

Graph for Understanding Artifact Composition (GUAC): Joins OpenSSF as Incubating Project

Mar 5, 2024

OpenSSF Scorecard: Evaluating and Improving the Health of Critical OSS Projects

Mar 4, 2024

Come to First OpenSSF Tech Talk of the Year on Scorecard

Mar 4, 2024

OpenSSF, Linux Foundation Training & Certification, and CNCF Announce Scholarships to Support Women in Jordan Entering the Cybersecurity Field in Collaboration with US White House National Security Council

Feb 27, 2024

Golden Egg Award: Celebrating Exceptional Contributions in the OpenSSF Community

Feb 26, 2024

SOSS Community Day North America (NA) Agenda Live

Feb 26, 2024

OpenSSF Supports White House’s Efforts to Build More Secure and Measurable Software

Feb 21, 2024

Submit to Speak at SOSS Fusion 2024

Feb 20, 2024

OpenSSF Responds to US CISA RFI on Cybersecurity Risk and Secure by Design Software

Feb 16, 2024

Scaling Up Supply Chain Security: Implementing Sigstore for Seamless Container Image Signing

Feb 16, 2024

Alpha-Omega 2023 Annual Report

Feb 14, 2024

Linux Kernel Achieves CVE Numbering Authority Status

Feb 13, 2024

Announcing the First Ever SOSS Fusion Conference: How You Can Get Involved

Feb 12, 2024

OpenSSF Participates in Department of Commerce Consortium Dedicated to AI Safety

Feb 8, 2024

OpenSSF Securing Software Repositories Working Group Releases Principles for Package Repository Security

Feb 6, 2024

Time is of the Essence to Mitigate Vulnerabilities like Leaky Vessels

Feb 6, 2024

Post-Quantum Cryptography Alliance Launch

Feb 5, 2024

CVE-2023-6246 Root Access Vulnerability in glibc

Feb 2, 2024

OpenSSF Champions a More Secure Future in Collaboration with Public Sector

Jan 31, 2024

Maintainer Motivations, Challenges, and Best Practices on Open Source Software Security

Jan 24, 2024

OSS Security Sessions & FOSDEM Survival Guide

Jan 18, 2024

Introducing gittuf: A Security Layer for Git Repositories

Jan 11, 2024

Submit to Speak at SOSS Community Day North America 2024

Jan 4, 2024

OpenSSF Election Results for Technical Advisory Council and Representatives to the Governing Board

Dec 21, 2023

Recap of OpenSSF Day Japan

Dec 20, 2023

OpenVEX and Open Source Vulnerability Scanners: How the Dynamic Duo Improves Vulnerability Management

Dec 19, 2023

Deconstructing the AI Cyber Challenge (AIxCC)

Dec 19, 2023

What’s Next in Open Source Security?

Dec 18, 2023

2023 Year in Review: OpenSSF Publishes Annual Report

Dec 16, 2023

OpenSSF Expands Support for AI Cyber Challenge (AIxCC)

Dec 15, 2023

Strengthening Cybersecurity: NSA and ESF Partners Advocate Open Source Software Security with SBOM Emphasis

Dec 13, 2023

Introducing SBOMit: Adding Verification to SBOMs

Dec 12, 2023

OpenSSF End Users Working Group: Representing the Interests of Open Source Software Consumers

Dec 11, 2023

OpenSSF Responds to the CISA RFC on Software Identification Ecosystem Analysis

Dec 5, 2023

Finding And Fixing Bugs in Open Source Software at Scale with a Grant from Alpha-Omega

Dec 3, 2023

OpenSSF Announces New Members, Guiding Software Security Principles at OpenSSF Day Japan

Dec 3, 2023

OpenSSF Releases Top 10 Secure Software Development Guiding Principles

Nov 29, 2023

Strengthening the Fort 🏰: OpenSSF Releases Compiler Options Hardening Guide for C and C++

Nov 28, 2023

Cybersecurity in Energy Infrastructure: The Value of Open Source Software

Nov 27, 2023

OpenSSF introduces guide to becoming a CVE Numbering Authority as an Open Source project

Nov 21, 2023

Sigstore: Simplifying Code Signing for Open Source Ecosystems

Nov 20, 2023

OpenSSF publishes Mission, Vision, Values, and Strategy

Nov 17, 2023

Securing the Software Supply Chain Report Recommends SBOM Consumption Practices for Critical Infrastructure Providers

Nov 16, 2023

OpenSSF Kicks Off Guest Blog Editorial Review Panel to Amplify Voices in the Security Community

Nov 15, 2023

Alpha-Omega to Continue Support of Rust Foundation Security Initiative in 2024

Nov 14, 2023

OpenSSF Supports oss-security and (linux-)distros Mailing Lists

Nov 9, 2023

How to Use Open Source to Help Comply with SCM Best Practices: A Tutorial on Combining OpenSSF Scorecard and Legitify

Nov 8, 2023

OpenSSF Responds to US Federal Government RFI on Open Source Software Security

Nov 6, 2023

Alpha-Omega Grant To Help Homebrew Reach SLSA Build Level 2

Nov 2, 2023

OpenSSF Co-Signs Industry Joint Statement on Article 45 in the EU’s eIDAS Regulation

Nov 2, 2023

Linux Foundation, ISC2 and OpenSSF Collaborate to Target Secure Code Development

Nov 1, 2023

US White House Executive Order on Safe, Secure, and Trustworthy AI

Nov 1, 2023

OpenJS Foundation Warns Consumer Privacy and Security at Risk in Three-Quarters of a Billion Websites

Oct 31, 2023

OpenSSF Identifying Security Threats Working Group: Evaluating the Health of Open Source Projects

Oct 30, 2023

Safeguarding Your Data – How to Harden Your Systems

Oct 26, 2023

3 New Express Learning Courses on Security for Cloud Pros

Oct 24, 2023

OpenSSF Launches Security Job Board for the Community

Oct 23, 2023

Secure by Design: Guidance from Governments

Oct 20, 2023

SLSA Tech Talk Highlights

Oct 18, 2023

OpenSSF Day Japan Agenda Now Live

Oct 17, 2023

OpenSSF Welcomes New Governing Board Chair, Arun Gupta

Oct 16, 2023

Reflections on 2023 Milestones from Two-Term Board Chair, Jamie Thomas

Oct 13, 2023

US Government Fact Sheet on Improving Security of Open Source Software in Operational Technology and Industrial Control Systems (OT / ICS)

Oct 12, 2023

Introducing OpenSSF’s Malicious Packages Repository

Oct 11, 2023

OpenSSF introduces the Specification Security Insights 1.0

Oct 10, 2023

HTTP/2 Rapid Reset Vulnerability Highlights Need for Rapid Response

Oct 9, 2023

Recap of OpenSSF Day Europe

Oct 3, 2023

Running Sigstore as a Managed Service: A Tour of Sigstore’s Public Good Instance

Oct 2, 2023

OpenSSF Welcomes New Chief Architect, Dana Wang

Sep 29, 2023

Announcing sigstore-python 2.0

Sep 28, 2023

OpenSSF Securing Critical Projects Working Group: Identifying and Helping Improve Top Open Source Projects

Sep 27, 2023

Threat Modeling the Supply Chain for Software Consumers

Sep 18, 2023

Advancing Rustls and Rust for Linux with OpenSSF Support

Sep 18, 2023

OpenSSF Welcomes New Members in Support of Securing Open Source Software

Sep 15, 2023

Join us for an OpenSSF Tech Talk on SLSA

Sep 14, 2023

What You Need to Know About the Linux Foundation’s New Vulnerability Reporting Policy

Sep 14, 2023

OpenSSF Releases Source Code Management Best Practices Guide

Sep 13, 2023

OpenSSF Gathers US Government and Industry Leaders at Secure Open Source Software Summit 2023

Sep 12, 2023

CISA’s Open Source Software Security Roadmap

Sep 11, 2023

Sessions Not to Miss at Open Source Summit and OpenSSF Day Europe

Sep 8, 2023

Behind the Scenes of the Alpha-Omega Summer Mentorship Program

Sep 7, 2023

VDR, VEX, OpenVEX and CSAF

Sep 6, 2023

Strengthening Open Source Software: Best Practices for Enhanced Security

Aug 31, 2023

Introducing RSTUF, Repository Service for TUF

Aug 30, 2023

OpenSSF Securing Software Repositories Working Group: Repositories, Registries, and Tools

Aug 28, 2023

Submit to Speak at OpenSSF Day Japan

Aug 28, 2023

OpenSSF Scorecard Launches v4.12 with Support for GitLab

Aug 25, 2023

What You Need to Know About the US Federal Government’s RFI on Open Source Software Security

Aug 24, 2023

Join Us in Adopting the Open Source Consumption Manifesto

Aug 18, 2023

The Rising Threat of Software Supply Chain Attacks: Managing Dependencies of Open Source Projects

Aug 9, 2023

OpenSSF to Support DARPA on New AI Cyber Challenge (AIxCC)

Jul 28, 2023

Understanding and Applying the OpenSSF Criticality Score in Open Source Projects

Jul 27, 2023

OpenSSF Vulnerability Disclosures Working Group Helps Guide and Automate Handling Risk

Jul 21, 2023

Manage how you protect your assets at scale with SBOMs

Jul 20, 2023

Fuzz Introspector: optimizing fuzzing workflows

Jul 19, 2023

OpenSSF Day Europe Agenda Now Live

Jun 30, 2023

SBOM Everywhere and the Security Tooling Working Group: Providing the Best Security Tools for Open Source Developers

Jun 22, 2023

PSF Welcomes New Security Developer in Residence with Support from Alpha-Omega

Jun 20, 2023

Why SBOM Generators Need to Accurately Represent Open Source Licenses

Jun 7, 2023

OpenSSF Day at Open Source Summit Europe: Call for Proposals Now Open

May 31, 2023

OpenSSF Supply Chain Integrity Working Group Provides Security Guidance, Practical Frameworks, and Tools

May 30, 2023

Inaugural Open Source Security Singapore Meetup

May 30, 2023

Meet New OpenSSF GM Omkhar Arasaratnam

May 26, 2023

Takeaways from OpenSSF Day North America

May 24, 2023

Exploring the Latest Advances in SBOMs from the Devroom

May 17, 2023

We Want to Hear from You: Take the OpenSSF Software Security Awareness Survey

May 10, 2023

OpenSSF Welcomes New Members, Veteran Cybersecurity Expert as General Manager, and New Funding

May 4, 2023

Sessions You Won’t Want to Miss at Open Source Summit and OpenSSF Day NA

May 3, 2023

How I Got Involved with the OpenSSF

May 2, 2023

Getting to know the Open Source Vulnerability (OSV) format

Apr 26, 2023

Join Us at the OSS Security Meetup in Tokyo, Japan

Apr 26, 2023

OpenSSF Seats New Technical Advisory Council and Security Community Individual Representative

Apr 19, 2023

OpenSSF Announces SLSA Version 1.0 Release

Apr 17, 2023

Distinguish between source and vendor

Apr 14, 2023

Assessing Product Risk Using SBOMs and OpenSSF Scorecard

Apr 12, 2023

Spotlight on OpenSSF Board Member: Brian Fox, Co-Founder and CTO, Sonatype

Apr 6, 2023

SBOMs, So Far, So Good, So What?

Apr 5, 2023

OpenSSF Best Practices Working Group Provides Security Guidance and Tools for Open Source Developers

Apr 4, 2023

Taking the Pulse of Leading Software Repositories’ Security

Mar 30, 2023

Clarifying Sigstore Terms of Use

Mar 29, 2023

OpenSSF Day North America Agenda Now Live

Mar 28, 2023

The Role of Foundations in Securing OSS

Mar 27, 2023

SBOM Everywhere Update and Python SPDX-Tools

Mar 22, 2023

Improving Open Source Security through Collaboration: March 2023 OpenSSF Town Hall Highlights

Mar 20, 2023

Improving Supply Chain Security: IBM as a user and a contributor to Open Source Security Foundation Scorecard

Mar 15, 2023

New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security

Mar 9, 2023

Draft Version 1.0 of SLSA Open for Comments

Mar 8, 2023

Why Open Source is Infrastructure, and Why it Matters

Mar 7, 2023

OpenSSF Membership Growth Signals Technical Communities’ Continued Commitment to Investing in Security

Mar 2, 2023

How to Make High-Quality SBOMs

Feb 22, 2023

See you at the next OpenSSF Town Hall on March 16th

Feb 21, 2023

Inaugural OpenSSF Hong Kong Meetup on March 1

Feb 17, 2023

Congratulations to Newly Elected OpenSSF Governing Board Members

Feb 16, 2023

OpenSSF Day at Open Source Summit North America Call for Proposals

Feb 14, 2023

Spotlight on OpenSSF Board Member: Vincent Danen, Vice President of Product Security, Red Hat

Feb 5, 2023

Join Us at the First OSS Security Meetup in Tokyo, Japan

Feb 1, 2023

Independent Security Audit Impact Report

Jan 26, 2023

Talking OSS Security in Europe this February

Jan 25, 2023

10 Sessions Not to Miss at CloudNativeSecurityCon

Jan 18, 2023

Spotlight on OpenSSF Board Member: Tracy Ragan, CEO, DeployHub

Dec 29, 2022

OpenSSF Year in Review

Dec 28, 2022

Engaging Policy Makers and the Ecosystem on Open Source Software Globally

Dec 22, 2022

Takeaways from OpenSSF Day Japan

Dec 15, 2022

Avoiding the Next Log4Shell: Learning from the Log4j Event, One Year Later

Dec 14, 2022

Alpha-Omega Project First Year In Review, Plus New Funding Pledge

Dec 8, 2022

Apples and apples? Comparing Approaches to Measuring Criticality and Risk at the OpenSSF

Dec 4, 2022

OpenSSF Membership Exceeds 100 with Many New Members Dedicated to Securing Open Source Software

Dec 4, 2022

Free OpenSSF Developing Secure Software Training Course Now Available in Japanese

Dec 1, 2022

Join Us For OpenSSF Day at Open Source Summit Japan

Nov 22, 2022

Contributor Q&A with Christopher “CRob” Robinson, Director of Security Communications, Intel Corporation

Nov 16, 2022

OpenSSF Expands Supply Chain Integrity Efforts with S2C2F

Nov 15, 2022

SigstoreCon Highlights

Nov 9, 2022

Meet a Maintainer: Naveen Srinivasan, Software Engineer, Endor Labs

Nov 1, 2022

Meet a Maintainer: Luke Hinds, Security Engineering Lead, OCTO, Red Hat

Oct 25, 2022

Sigstore Announces General Availability at SigstoreCon

Oct 24, 2022

OpenSSF Project Alpha-Omega Invests in the OpenJS Foundation and jQuery to Help Secure the Consumer Web

Oct 20, 2022

Report Finds OpenSSF Scorecards Are Highly Effective Measures to Assess Project Security

Oct 19, 2022

Contributor Q&A with Melba Lopez, STSM – Supply Chain Security, IBM

Oct 12, 2022

Meet a Maintainer: Q&A with Priya Wadhwa, Software Engineer, Chainguard

Oct 11, 2022

Securing Open Source Software is Securing Critical Infrastructure

Oct 10, 2022

OpenUK and OpenSSF Announce Open Source Security and Community Curation Event Schedule

Oct 5, 2022

New Meet a Maintainer Series: Q&A with Azeem Shaikh, Senior Software Engineer, Google

Sep 29, 2022

How OSPOs Can Be a Key Lever for Open Source Sustainability and Security

Sep 28, 2022

OpenSSF Day at Open Source Summit Europe Highlights

Sep 27, 2022

The United States Securing Open Source Software Act: What You Need to Know

Sep 27, 2022

First-Ever SigstoreCon at KubeCon + CloudNativeCon North America 2022

Sep 13, 2022

Funding Python SPDX Development with the OpenSSF and SBOM Everywhere

Sep 13, 2022

Coordination is Key! The OpenSSF’s CVD Guide for Finders

Sep 13, 2022

Introducing New Concise Guides for Developing More Secure Software and Evaluating Open Source Software

Sep 13, 2022

Alpha-Omega Project Announces Over $1.5M in Grants to Critical Open Source Projects and New Omega Analysis Toolchain

Sep 13, 2022

Introducing the New OpenSSF End Users Working Group

Sep 8, 2022

Show Off Your Security Score: Announcing Scorecards Badges

Sep 1, 2022

npm Best Practices for the Supply-Chain

Aug 24, 2022

Outcomes from Open Source Software Security Summit in Japan

Aug 24, 2022

Capital One Joins Open Source Security Foundation

Aug 22, 2022

Upleveling Everybody to Secure the OSS Supply Chain – OpenSSF August Town Hall Highlights

Aug 15, 2022

Announcing OpenSSF Day at Open Source Summit Europe

Aug 11, 2022

Secure Coding Practice – A Developer’s Learning Experience of Developing Secure Software Course

Aug 2, 2022

Get Up to Speed with OpenSSF at Next Virtual Town Hall

Jul 26, 2022

Take Survey to Help Improve Software Supply Chain Integrity Practices

Jul 22, 2022

Join Us at the First OpenSSF Open Source Security Meetup in India

Jul 20, 2022

OpenSSF Supports Movements toward Multi-Factor Authentication

Jul 19, 2022

OpenSSF Day Videos Now Available from Open Source Summit North America

Jul 18, 2022

Results of Sigstore and slf4j Security Audits Including 1 High Risk Vulnerability Found and Fixed

Jun 22, 2022

Free Training Course Teaches How to Secure a Software Supply Chain with Sigstore

Jun 21, 2022

State of Open Source Security 2022 from Snyk & the Linux Foundation

Jun 20, 2022

New Untold Stories of Open Source Podcast Features OpenSSF’s Brian Behlendorf on his Journey to Securing the FOSS Software Supply Chain

Jun 20, 2022

OpenSSF Makes Secure Software Development Training Available on Organizations’ Learning Management Systems

Jun 20, 2022

OpenSSF Funds Python and Eclipse Foundations and Acquires SOS.dev through Alpha-Omega Project

Jun 9, 2022

Introducing Fuzz Introspector, an OpenSSF Tool to Improve Fuzzing Coverage

May 11, 2022

Testimony to the US House Committee on Science and Technology

Apr 28, 2022

Introducing Package Analysis: Scanning open source packages for malicious behavior

Apr 19, 2022

Your Favorite Software Repositories, Now Working Together

Apr 18, 2022

OpenSSF Selects Node.js as Initial Project to Improve Supply Chain Security

Mar 30, 2022

Free Developing Secure Software Training Course From OpenSSF Now Available

Mar 17, 2022

Open Source is Global, So OpenSSF Must Be Too

Feb 2, 2022

OpenSSF Webinar: Introduction to Project Alpha-Omega

Jan 19, 2022

Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4

Jan 13, 2022

The OpenSSF and the Linux Foundation Address Software Supply Chain Security Challenges at White House Summit

Dec 16, 2021

Open Source Foundations Must Work Together to Prevent the Next Log4Shell Scramble

Dec 10, 2021

Securing Critical Open Source Projects with Multifactor Authentication

Nov 15, 2021

November Town Hall Recording

Oct 25, 2021

OpenSSF Quarterly Town Hall Announcement – UPDATED

Oct 13, 2021

The World’s Major Technology Providers Converge to Improve the Security of Software Supply Chains

Sep 27, 2021

Announcing the OpenSSF Vulnerability Disclosure WG guide to disclosure for OSS projects

Aug 11, 2021

Introducing the Allstar GitHub App

Jul 28, 2021

July 2021 Update – New members and new resources for Best Practices and Vulnerability Disclosures underway

May 14, 2021

How LF communities enable security measures required by the US Executive Order on Cybersecurity

May 5, 2021

Introducing the Security Reviews Initiative

May 4, 2021

May 2021 Update: OpenSSF Unveils New Security Initiative

May 3, 2021

Introducing the Security Metrics Initiative

Apr 14, 2021

Upcoming OpenSSF Town Hall on May 3, 2021

Feb 3, 2021

Upcoming OpenSSF Town Hall on February 22

Jan 28, 2021

January 2021 Update: New Technical Vision Informs Working Group Progress

Jan 27, 2021

Digital Identity Attestation Roundup

Dec 9, 2020

Introducing the OpenSSF CVE Benchmark

Nov 23, 2020

OpenSSF Town Hall Recording: Now Available!

Nov 6, 2020

Security Scorecards for Open Source Projects

Oct 29, 2020

Announcing: Secure Software Development EdX course, Sign Up Today!

Oct 21, 2020

OpenSSF Public Town Hall – November 9 2020, 10am Pacific

Oct 7, 2020

OpenSSF seeks Security Community Individual Representative for Governing Board

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.