Skip to main content
Category

Blog

OpenSSF ONCD RFI OSS Security Response

OpenSSF Responds to US Federal Government RFI on Open Source Software Security

By Blog

The OpenSSF has submitted a response to the Request For Information (RFI) on open source software (OSS) security and memory safe programming languages from the US White House Office of the National Cyber Director (ONCD) and its partners in the Open-Source Software Security Initiative (OS3I). We have thoroughly reviewed the requirements outlined in the RFI and have crafted our proposal to effectively address the needs and challenges specified. We believe that our unique skill set and deep understanding of the domain make us an ideal partner for this endeavor. 

Read More
Industry Joint Statement on Article 45 in the EU eIDAS Regulation

OpenSSF Co-Signs Industry Joint Statement on Article 45 in the EU’s eIDAS Regulation

By Blog

The organizations that build and secure the Internet are concerned about proposed EU regulations that aim to mandate that all Web browsers recognize a new form of certificate for the purposes of authenticating websites. To support Mozilla’s position on eIDAS regulation and the organization’s multi-year effort to avert a potential policy disaster for cryptography in Articles 45 and 45a of the proposed eIDAS provisions, OpenSSF has co-signed the Industry Joint Statement on Article 45 in the EU’s eIDAS Regulation  Those provisions are likely to weaken the security of the Internet as a whole.

Read More
Linux Foundation ISC2 OpenSSF Collaboration

Linux Foundation, ISC2 and OpenSSF Collaborate to Target Secure Code Development 

By Blog, Press Release

Linux Foundation Training & Certification, ISC2, and Open Source Security Foundation (OpenSSF) today announced a new collaboration to empower the open source cybersecurity community through secure software development, knowledge sharing, education, certification and much more. Together, the three organizations will lead the way to secure software development and lifecycle management for open source code.

Read More
Safe, Secure, & Trustworthy AI Executive Order

US White House Executive Order on Safe, Secure, and Trustworthy AI

By Blog

The Biden-Harris Administration issued a landmark Executive Order on developing Artificial Intelligence (AI), harnessing the power of AI responsibly, and managing the risks of AI. Executive Order 14110 directs actions for new standards on AI safety, security, privacy protection, equity and civil rights advancement, consumer and worker protection, and more.

Read More
750 million websites out of date

OpenJS Foundation Warns Consumer Privacy and Security at Risk in Three-Quarters of a Billion Websites

By Blog, Press Release

Global web infrastructure is in a precarious position based on new research by the OpenJS Foundation thanks to an OpenSSF grant. The OpenJS Foundation is announcing the results of an end-user audit based on an IDC survey that shows three-quarters of a billion websites are running out of date software, with most capturing personal and financial information. Over one-third of respondents confirm having experienced a security incident in the last 24 months.

Read More
Safeguarding Your Data

Safeguarding Your Data – How to Harden Your Systems

By Blog, Guest Blog

In our increasingly digitized world, data reigns supreme. Alongside traditional valuable information like customer records and bank details, data on interactions and activity has become more valuable to companies. As data has become critical, it is also more at risk from theft or attacks like ransomware. According to IBM, the average data breach cost worldwide is now more than US $4.4M.

Read More
Express Learning Courses Linux Foundation Training Certification

3 New Express Learning Courses on Security for Cloud Pros

By Blog

Security is the key theme throughout the three new free Express Learning courses launched by Linux Foundation Training & Certification for cloud professionals. The courses include: Security Self-Assessments for Open Source Projects (LFEL1005), Securing Projects with OpenSSF Scorecard (LFEL1006), Automating Supply Chain Security: SBOMs and Signatures (LFEL1007).

Read More
OpenSSF Security Job Board Launch

OpenSSF Launches Security Job Board for the Community

By Blog

We are excited to announce the launch of the OpenSSF Security Job Board. This job board is meant to serve the community in two ways: allowing developers to view top-notch jobs in the security space and helping companies hire great people. By making the best security jobs easily accessible in one place, we aim to improve Diversity, Equity, and Inclusion (DEI) in the open source software (OSS) security community. 

Read More