Blog

📣 Submit your proposal: OpenSSF Community Days: Japan | India | Europe

Apr 17

Beyond Scores with OpenSSF Scorecard: Granular Structured Results for Custom Policy Enforcement

By OpenSSF Blog, Guest Blog

OpenSSF Scorecard is a tool to help open source projects reduce software supply-chain risks. Scorecard analyzes projects against a series of heuristics and generates scores from 0–10 for the project…

Apr 16

Love0

CISA, DHS S&T and OpenSSF Announce Global Launch of Software Supply Chain Open Source Project

By OpenSSF Blog, Press Release

The Open Source Security Foundation (OpenSSF), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), today announced…

Apr 15

Love0

OpenSSF Announces New Members & Initiatives at SOSS Community Day North America

By OpenSSF Blog, Press Release

The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), is excited to announce new members from…

Apr 15

Love0

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

By OpenSSF Blog

The recent attempted XZ Utils backdoor (CVE-2024-3094) may not be an isolated incident as evidenced by a similar credible takeover attempt intercepted by the OpenJS Foundation, home to JavaScript projects…

Apr 15

Love0

Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security

By OpenSSF Blog

We’re excited to announce the winners of the Golden Egg Awards. These awards shine a light on those who go above and beyond in enriching our community. The Golden Egg…

Apr 12

Love0

Sessions You Won’t Want to Miss at SOSS Community Day NA and Open Source Summit North America 2024

By OpenSSF Blog

Get ready for the Secure Open Source Software (SOSS) Community Day NA and Open Source Summit North America 2024, next week in Seattle, Washington! These events are where open source…

Apr 11

Love0

“What’s in the SOSS?” Podcast is Now Live

By OpenSSF Blog

In our first podcast – Vincent Danen and the Art of Vulnerability Management, Omkhar Arasaratnam, General Manager of OpenSSF, talks to Vincent Danen, Vice President of Product Security at Red Hat,…

Apr 10

Love0

TTX_Securing_OSS_and_Empowering_Maintainers

Join us for a TTX: Securing OSS & Empowering Maintainers

By OpenSSF Blog

At SOSS Community Day NA on April 15, 2024 the OpenSSF Community will conduct a Tabletop Exercise (TTX). Periodically walking through various scenarios of a supply chain attack in a…

Apr 04

Love0

Static Binary Analysis: A Final Exam for Software Supply Chain Protection

By OpenSSF Blog, Guest Blog

The compromise of VoIP provider 3CX is just one of the latest incidents to highlight gaps in software supply chain security - and the need for a new approach to…

Mar 30

Love0

xz Backdoor CVE-2024-3094

By OpenSSF Blog

CVE-2024-3094 documents a backdoor in the xz package. While the motivation behind this backdoor remains unknown, the intent was to compromise specific distributions, as the backdoors were only applied to…

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

Beyond Scores with OpenSSF Scorecard: Granular Structured Results for Custom Policy Enforcement

CISA, DHS S&T and OpenSSF Announce Global Launch of Software Supply Chain Open Source Project

OpenSSF Announces New Members & Initiatives at SOSS Community Day North America

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security

Sessions You Won’t Want to Miss at SOSS Community Day NA and Open Source Summit North America 2024

“What’s in the SOSS?” Podcast is Now Live

Join us for a TTX: Securing OSS & Empowering Maintainers

Static Binary Analysis: A Final Exam for Software Supply Chain Protection

xz Backdoor CVE-2024-3094

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

Blog

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox