Skip to main content
Category

Blog

OpenSSF Alpha-Omega ISRG Prossimo Rustls Rust for Linux

Advancing Rustls and Rust for Linux with OpenSSF Support

By Blog

Prossimo continues to advance the functionality and scalability of the Rustls TLS library and the Rust for Linux effort thanks to $530,000 in funding from the OpenSSF’s Alpha-Omega project. This funding will further Prossimo’s efforts to bring memory safety to critical components of the Internet and further OpenSSF’s Alpha-Omega project’s mission to protect society by improving the security of open source software.

Read More
OpenSSF New Members September 2023

OpenSSF Welcomes New Members in Support of Securing Open Source Software

By Blog, Press Release

We welcome six new members from leading technology firms to the OpenSSF. New general members include Mend.io, RTX, Shopify, SlimAI, and Stacklok. New associate member, the Rust Foundation, also joins. Technical communities continue to prioritize investment in open source security and recognize the role of supporting and sustaining open source communities in maintaining a healthy, vibrant, and secure open source ecosystem.

Read More
SLSA Tech Talk - Oct 5

Join us for an OpenSSF Tech Talk on SLSA

By Blog

Join us for an OpenSSF Tech Talk on SLSA. We’ll delve into the world of SLSA and its transformative impact on software supply chain security. You will get a comprehensive overview of SLSA and dig into SLSA fundamentals, trust and transparency in software artifacts, SLSA framework levels, the industry impact of SLSA, and more. You will have the unique opportunity to view a demo of SLSA and ask questions during the Q&A.

Read More
Secure Code Management Best Practices Guide

OpenSSF Releases Source Code Management Best Practices Guide

By Blog

We are excited to announce the release of the Source Code Management (SCM) Best Practices Guide by the Open Source Security Foundation (OpenSSF) Best Practices Working Group. This guide is a comprehensive resource dedicated to raising awareness and education for securing and implementing best practices for SCM platforms, including GitHub and GitLab.

Read More
OpenSSF_Secure_Open_Source_Software_SOSS_Summit

OpenSSF Gathers US Government and Industry Leaders at Secure Open Source Software Summit 2023

By Blog, Press Release

The OpenSSF brought together US Government (USG) officials from the National Security Council (NSC), Office of the National Cyber Director (ONCD), and the Cybersecurity and Infrastructure Security Agency (CISA) among others with industry leaders at the Secure Open Source Software (SOSS) Summit 2023. Participants at the Summit discussed the security challenges for the consumption of OSS in critical infrastructure sectors and beyond and highlighted the shared responsibility needed to ensure the resilience of OSS in critical infrastructure.

Read More

CISA’s Open Source Software Security Roadmap

By Blog

We’re excited about the announcement of the US Cybersecurity and Infrastructure Security Agency (CISA)’s Open Source Software Security Roadmap. The Roadmap, released today, clearly articulates a risk assessment and implementation plan to help secure open source software (OSS) usage in the US Federal Government and private sector.

Read More
Alpha-Omega Mentorship Program

Behind the Scenes of the Alpha-Omega Summer Mentorship Program

By Blog

The Alpha Omega Summer Mentorship Program recently wrapped up and was a resounding success. The program connected senior software security engineers with newcomers to open source, software development, and security research. Entry-level contributors had the opportunity to help accelerate Omega’s mission under the guidance of experienced mentors. Get a behind-the-scenes look at how the program unfolded from both the mentees and mentors.

Read More
VDR-VEX-OpenVEX-CSAF

VDR, VEX, OpenVEX and CSAF

By Blog

Early adopters of SBOM have proposed new standards as well as updates to existing standards to specify the status of each vulnerability alongside the SBOM itself. In this context, existing practices such as VDR, CSAF, and emerging standards VEX and OpenVEX are playing a key role.

Read More