In recent days, the vulnerability management ecosystem has experienced shocking news that the de facto standard used throughout industry and upstream, the CVE & CWE Programs, were unexpectedly being defunded and at risk of shuttering its doors. This caused 24 hours of panic up and downstream, but that decision was quickly reversed as CISA stepped…
Open source is the backbone of today’s digital infrastructure—but with great power comes great responsibility. As cybersecurity threats grow in complexity and regulatory landscapes shift globally, open source projects are under increasing pressure to meet stringent security expectations.
We’re excited to share that the agenda for OpenSSF Community Day North America 2025 is now live! Join us on June 26 in Denver, Colorado, for a day filled with collaboration, technical insights, and future-focused conversations on securing the open source ecosystem.
We are pleased to announce the launch of version 1.0 of the model-signing project, an OpenSSF project developed in the past year as part of the OpenSSF AI/ML working group. The aim of the project is to provide a library and CLI for signing and verification of ML models, supporting any type of model format…
Datadog is a proud Open Source Security Foundation (OpenSSF) member, and we believe that being a part of this security community will lead us all to a safer place. Attackers are increasingly turning to supply chain attacks to distribute their malicious code, and the Open Source Vulnerabilities (OSV) database, to which OpenSSF is a leading…
On March 5th, the SBOMit community hosted the Beyond the SBOM: Ensuring Integrity with Attestations event at The National Press Club in Washington, D.C. This event, co-located with OpenSSF Policy Summit DC, brought together industry leaders to address the limitations of single SBOMs and even signed SBOMs in ensuring software supply chain security. Attendees explored…
The European Union’s Cyber Resilience Act (CRA) is a piece of legislation that covers all countries within the EU and the EAA and entered into force on 10th December 2024. It covers many types of devices and applications that are either sold or otherwise made commercially available in Europe and the intention behind it is…
SAN FRANCISCO – March 18, 2024 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the publication of two groundbreaking research reports, both in partnership with the Open Source Security Foundation (OpenSSF) and Linux Foundation Europe (LF Europe), that explore community-driven strategies to address open source security and the European Union’s Cyber Resilience Act (CRA). Authored by…
