At SOSS Community Day NA on April 15, 2024 the OpenSSF Community will conduct a Tabletop Exercise (TTX). Periodically walking through various scenarios of a supply chain attack in a…
Read More
The compromise of VoIP provider 3CX is just one of the latest incidents to highlight gaps in software supply chain security - and the need for a new approach to…
Read More
CVE-2024-3094 documents a backdoor in the xz package. While the motivation behind this backdoor remains unknown, the intent was to compromise specific distributions, as the backdoors were only applied to…
Read More
The OpenSSF was pleased to be one of the sponsors that helped contribute to the inaugural 2024 VulnCon conference that brought together experts from across industry, government, security researchers, and…
Read More
Scorecard is an automated tool from the OpenSSF that assesses 19 different vectors with heuristics ("checks") associated with important software security aspects and assigns each check a score of 0-10.…
Read More
Empowering Women in Tech: An Interview on Angela Jeffrey’s Journey to Cybersecurity Interviewer: Omkhar Arasaratnam
Read More
Last week the community convened for the first OpenSSF Tech Talk of the year, shining a spotlight on OpenSSF Scorecard. OpenSSF Scorecard aids developers and open source consumers in assessing…
Read More
The CVE and FIRST VulnCon 2024 and Annual CNA Summit is set to take place in Raleigh, North Carolina, next week! The OpenSSF is delighted to support this initiative and…
Read More
Supply chain security took a giant leap forward this month as Sigstore officially became a graduated project within the Open Source Security Foundation (OpenSSF). This milestone is a testament to…
Read More
We're excited to announce the agenda for the Tabletop Exercise (TTX) at Secure Open Source Software (SOSS) Community Day NA in now live which will take place on April 15,…
Read More