Blog

In April 2023 the US Cybersecurity and Infrastructure Agency (CISA), along with other government agencies inside and outside the US, released a paper emphasizing software secure-by-design principles and approaches. In…

Earlier this month we held a Tech Talk on Securing the Software Supply Chain: An In-Depth Exploration of SLSA. SLSA, or Supply-chain Levels for Software Artifacts, is an OpenSSF project…

The OpenSSF Day Japan agenda is now live! We have a great day of session presentations, panels, and lightning talks lined up on December 4th, colocated with Open Source Summit…

This week, CISA, FBI, NSA, and the US Department of the Treasury released guidance on Improving Security of Open Source Software (OSS) in Operational Technology (OT) and Industrial Control Systems…

Today, the OpenSSF Package Analysis team is excited to announce the launch of our Malicious Packages repository, the first open source system for collecting and publishing cross-ecosystem reports of malicious…

The OpenSSF is thrilled to announce the release of version 1.0 for the Security Insights Specification. Security Insights provides a mechanism for maintainers to provide information about their projects' security…

Open Source Software is used in critical infrastructure worldwide. As vulnerabilities like Looney Tunables, Rapid Reset, and the forthcoming cURL vulnerabilities are discovered, organizations must have a well-practiced incident response…

On September 18, 2023, we hosted OpenSSF Day Europe at the Open Source Summit Europe in Bilbao, Spain. Throughout the day, we hosted a number of sessions around the state…