Skip to main content
Category

Blog

OpenSSF Town Hall March 2023

Improving Open Source Security through Collaboration: March 2023 OpenSSF Town Hall Highlights

By Blog

Thanks to everyone who attended our recent Town Hall on March 16th where we gave an update on initiatives at the OpenSSF, shared presentations about various initiatives at the OpenSSF, and participants had an opportunity to ask questions to panelists. If you were unable to attend, here are a few highlights from the meeting and where you can find more information.

Read More
SLSA Survey

New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security

By Blog

Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software professionals view these practices as useful or not? Easy or hard? To help answer these and related questions, Chainguard, the Eclipse Foundation, the Rust Foundation, and the Open Source Security Foundation (OpenSSF) partnered to field a software supply chain security survey.

Read More
OpenSSF SLSA 1.0 Release Candidate

Draft Version 1.0 of SLSA Open for Comments

By Blog

Supply-chain Levels for Software Artifacts (SLSA, pronounced “salsa”) is an OpenSSF project that provides specifications for software supply chain security, established by industry consensus. SLSA’s framework is organized into a series of levels that describe increasing security rigor. Version 0.1 of the SLSA specification has been out for some time. We’ve been steadily working in public on updates to SLSA to have a “version 1.0” ready. Now, we have a draft version 1.0, and we’re seeking your final feedback.

Read More

How to Make High-Quality SBOMs

By Blog

The widespread use of software bill of materials (SBOMs) arguably depends on SBOM quality—that SBOMs contain sufficient and accurate information for the intended user to achieve their goals. But, until recently, it has been difficult to measure SBOM quality. New SBOM quality tools, a new SBOM dataset, and new SBOM quality research changes this state of affairs though. What do these new tools, datasets, and research findings say about the current state of SBOM quality? And how can you make high-quality SBOMs?

Read More
OpenSSF Town Hall

See you at the next OpenSSF Town Hall on March 16th

By Blog

Are you interested in addressing open source software (OSS) security risk? Software Bill of Materials (SBOMs)? Diversity, Equity, and Inclusion (DEI) in OSS security? If so, plan to join us at our next OpenSSF Town Hall on Thursday, March 16th at 10 AM US/Pacific Time. During this virtual town hall, we will give you a tour of the OpenSSF, let you know what some of our projects have recently been working on, and walk you through how to get involved in our various initiatives.

Read More
Open Source Security Meetup, Hong Kong, March 1, 2023

Inaugural OpenSSF Hong Kong Meetup on March 1

By Blog

We’re delighted to announce the first-ever Open Source Security Foundation (OpenSSF) Meetup in Hong Kong! Whether you’re a member of technical staff or a business executive, if you want to hear the latest on the pressing challenges and leading initiatives in OSS security – please join us. All are welcome.

Read More
OpenSSF Board Welcome 2023

Congratulations to Newly Elected OpenSSF Governing Board Members

By Blog

We are excited to welcome newly elected Governing Board members of the OpenSSF: Tracy Miranda from Chainguard, Duane O’Brien from Indeed, and Stephen Chin from JFrog. The OpenSSF Governing Board is responsible for overall management of the OpenSSF, including approving major decisions, managing the budget, and establishing advisory bodies or committees to support the OpenSSF’s mission.

Read More
OpenSSF Day - May 10, 2023 - Vancouver

OpenSSF Day at Open Source Summit North America Call for Proposals

By Blog

We’re pleased to announce we are hosting OpenSSF Day at Open Source Summit North America on Wednesday, May 10th and the call for proposals is now open. The full day program will feature keynotes from Open Source Security Foundation (OpenSSF) contributors and thought leaders. This is your chance to meet fellow open source community members and get involved in securing the open source supply chain. 

Read More