Security used to be something of an afterthought in software development. Security was clunky or inconvenient, often because it was a âbolt-onâ. That has rapidly changed over the last two…
SBOM Everywhere is a Special Interest Group (SIG) within the Security Tooling Working Group of the OpenSSF. In September we funded work on the SPDX Python library and are now…
Thanks to everyone who attended our recent Town Hall on March 16th where we gave an update on initiatives at the OpenSSF, shared presentations about various initiatives at the OpenSSF,…
Scorecard is becoming a key part of IBMâs review and curation of the open-source software in our products and services. IBM is committed to helping address the systemic security issues…
Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software…
Supply-chain Levels for Software Artifacts (SLSA, pronounced âsalsaâ) is an OpenSSF project that provides specifications for software supply chain security, established by industry consensus. SLSAâs framework is organized into a…
A new report by the Atlantic Councilâs Cyber Statecraft Initiative helps draw light on the question on what "open source as infrastructure" really means, and why it matters: Avoiding the…
The Open Source Security Foundation (OpenSSF) welcomes eight new members from leading technology firms. The total number of OpenSSF members is currently over 100 and organization membership saw an 88%…
The widespread use of software bill of materials (SBOMs) arguably depends on SBOM qualityâthat SBOMs contain sufficient and accurate information for the intended user to achieve their goals. But, until…
Are you interested in addressing open source software (OSS) security risk? Software Bill of Materials (SBOMs)? Diversity, Equity, and Inclusion (DEI) in OSS security? If so, plan to join us…