Blog

📣 Submit your proposal: OpenSSF Community Day Korea

Sep 13

Funding Python SPDX Development with the OpenSSF and SBOM Everywhere

By OpenSSF Blog

SBOM Everywhere, as the name suggests, is working towards bringing SBOMs to all of open source in a way that is non disruptive. The first effort of the SBOM Everywhere…

Sep 13

Love0

Coordination is Key! The OpenSSF’s CVD Guide for Finders

By OpenSSF Blog

The Vulnerability Disclosures Working Group is proud to unveil the next evolution in improving open source coordination of vulnerability disclosures by crafting a new guide focused on the Security researcher…

Sep 13

Love0

Concise Guides OpenSSF - Developing More Secure Software Evaluating Open Source Software

Introducing New Concise Guides for Developing More Secure Software and Evaluating Open Source Software

By OpenSSF Blog

In response to the growing concern around open source software development, OpenSSF’s Best Practices for Open Source Developers Working Group (WG) has been diligently working with concerned members and community…

Sep 13

Love0

Alpha-Omega Project Announces Over $1.5M in Grants to Critical Open Source Projects and New Omega Analysis Toolchain

By OpenSSF Alpha-Omega, Blog

As part of the OpenSSF’s continued investment in critical open-source projects, we are happy to announce new partnerships and tooling from the Alpha-Omega Project. Alpha-Omega will sponsor critical security work…

Sep 13

Love0

Introducing the New OpenSSF End Users Working Group

By OpenSSF Blog

OpenSSF is excited to announce its newest WG (Working Group), the End Users WG. This WG will focus on representing and addressing the challenges enterprises face when adopting (and using)…

Sep 08

Love0

Show Off Your Score OpenSSF Security Scorecards

Show Off Your Security Score: Announcing Scorecards Badges

By OpenSSF Blog

We are excited to release new features from the Scorecards project, the OpenSSF tool that helps maintainers follow best security practices. The Scorecards GitHub Action now supports a REST API…

Sep 01

Love0

npm Best Practices for the Supply-Chain

By OpenSSF Blog

We are excited to announce the v1 release of the “npm Best Practices,” a new guide focused on dependency management and supply chain security for npm. This release is the…

Aug 24

Love0

Open Source Software Security Summit Japan

Outcomes from Open Source Software Security Summit in Japan

By Brian Behlendorf Blog

On August 23rd, we at the OpenSSF and Linux Foundation Japan hosted the Open Source Security Summit Japan. We were joined by senior cybersecurity representatives from more than 20 leading…

Aug 24

Love0

Capital One Joins Open Source Security Foundation

By OpenSSF Blog, Press Release

Capital One joins the Open Source Security Foundation (OpenSSF) as a premier member affirming its commitment to strengthening the open source software supply chain. OpenSSF is a cross-industry organization hosted…

Aug 22

Love0

Upleveling Everybody to Secure the OSS Supply Chain – OpenSSF August Town Hall Highlights

By jbly Blog

The August OpenSSF Town Hall brought together the open source community to hear the latest and greatest about the work going on to secure the open source software supply chain.…

Funding Python SPDX Development with the OpenSSF and SBOM Everywhere

Coordination is Key! The OpenSSF’s CVD Guide for Finders

Introducing New Concise Guides for Developing More Secure Software and Evaluating Open Source Software

Alpha-Omega Project Announces Over $1.5M in Grants to Critical Open Source Projects and New Omega Analysis Toolchain

Introducing the New OpenSSF End Users Working Group

Show Off Your Security Score: Announcing Scorecards Badges

npm Best Practices for the Supply-Chain

Outcomes from Open Source Software Security Summit in Japan

Capital One Joins Open Source Security Foundation

Upleveling Everybody to Secure the OSS Supply Chain – OpenSSF August Town Hall Highlights

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox