Skip to main content
Category

Blog

OpenSSF Vulnerability Disclosures Working Group

OpenSSF Vulnerability Disclosures Working Group Helps Guide and Automate Handling Risk

By Blog

The OpenSSF Vulnerability Disclosures Working Group aims to improve open source security by developing and advocating well-managed vulnerability reporting and communication. We do so by documenting and supporting best vulnerability disclosure and coordination practices and help share information on vulnerability information. The group is highly involved with the ecosystem and with the standards and tools that help make vulnerability disclosure work. There are a multitude of ways to get involved in the community and have an impact on the industry!

Read More
Manage how you protect your assets at scale with SBOMs

Manage how you protect your assets at scale with SBOMs

By Blog

While many in the industry realize the value of having a software bill of materials, creators still need to generate high-fidelity SBOMs, and software consumers must ingest and enforce actions based on a given SBOM for it to be a useful endeavor. Otherwise, we’re just adding more to the pile of potentially useful but not entirely actionable data that plagues many cybersecurity programs. As the supply chain for software continues to grow in complexity, and as attacks on those components grow, SBOMs will provide the groundwork to manage how those assets get protected at scale.

Read More
OpenSSF Fuzz Introspector

Fuzz Introspector: optimizing fuzzing workflows

By Blog

Fuzz Introspector is an open source tool that at its core provides insights and suggestions for improvements on how a given project is being fuzzed. In this blog post we present background information and updates on Fuzz Introspector, which is developed in a collaboration between OpenSSF and Google’s OSS-Fuzz.

Read More
OpenSSF Day EU Agenda Live

OpenSSF Day Europe Agenda Now Live

By Blog

The OpenSSF Day Europe agenda is now live! We will be hosting a full day of interesting session presentations, panels, and lightning talks on September 18th, colocated with Open Source Summit Europe in Bilbao, Spain. Plan to join us to discuss the latest and greatest in ongoing efforts to secure the open source software supply chain.

Read More

SBOM Everywhere and the Security Tooling Working Group: Providing the Best Security Tools for Open Source Developers

By Blog

This month, we present a spotlight on the SBOM Everywhere initiative, housed under the OpenSSF Security Tooling Working Group. The mission of the Security Tooling Working Group is to identify, evaluate, improve, develop & ease deployment of universally-accessible, developer focused tooling to help the open source community secure their code.

Read More
OpenSSF Day EU CFP is Open Now

OpenSSF Day at Open Source Summit Europe: Call for Proposals Now Open

By Blog

We’re pleased to announce we are hosting OpenSSF Day at Open Source Summit Europe on Monday, September 18th and the call for proposals is now open. The full day program will feature keynotes from Open Source Security Foundation (OpenSSF) contributors and thought leaders. This is your chance to meet fellow open source community members and get involved in securing the open source supply chain. 

Read More

OpenSSF Supply Chain Integrity Working Group Provides Security Guidance, Practical Frameworks, and Tools

By Blog

Within the OpenSSF Supply Chain Integrity Working Group (SCI WG), we’re hosting a global community of individuals and organizations collaborating on scalable standardized attestable practices for supply chain security. Along the way we’re developing a shared vocabulary for the industry, a common problem model, and uniform frameworks spanning languages and ecosystems.

Read More