Case Studies

Case Study: Defending the Open Source Supply Chain in a New Regulatory Era

Blog Case Studies EU Cyber Resilience Act Compliance CRA Open Source Security Red Hat Supply Chain Integrity

Case Study: How LFX Insights and OSPS Baseline Validated GUAC’s Security in Under an Hour

Tools: GUAC, OSPS Baseline, LFX Insights Challenge: Demonstrating strong security posture quickly and credibly to stakeholders Solution: Leveraging Linux Foundation Insights (LFX Insights) and the Open Source Security Foundation (OpenSSF) Open Source Project Security Baseline (OSPS Baseline) for instant, standards-aligned validation Result: Saved significant time in verifying security practices, completing an independent standards-based assessment in…

Blog Case Studies case study Community GUAC Guest Blog LFX Linux Foundation OSPS Baseline

Case Study: Google Secures Machine Learning Models with sigstore

As machine learning (ML) evolves at lightning speed, so do the threats. The rise of large models like LLMs has accelerated innovation—but also introduced serious vulnerabilities. Data poisoning, model tampering, and unverifiable origins are not theoretical—they’re real risks that impact the entire ML supply chain.

Blog Case Studies Sigstore machine learning security Model Signing OpenSSF sigstore Supply Chain Security

Case Study: OSTIF Improves Security Posture of Critical Open Source Projects Through OpenSSF Membership

Organization: Open Source Technology Improvement Fund, Inc. (OSTIF) Contributor: Amir Montazery, Managing Director Website: ostif.org Problem Critical open source software (OSS) projects—especially those that are long-standing and widely adopted—often lack...

Blog Case Studies Alpha-Omega Open Source Security OpenSSF OSTIF Project Funding Securing Critical Projects Security Audits

Case Study: Ericsson’s C/C++ Compiler Options Hardening Guide and OpenSSF Collaboration

Ericsson, a global leader in telecommunications and networking, has been deeply engaged in open source and software security for over a decade. Through its Open Source Program Office (OSPO), Ericsson...

Blog Case Studies C/C++ case study Ericsson open source collaboration OpenSSF Software Security

Case Study: Kusari’s Implementation of OpenSSF Tools and Services

Challenge For many years, the software supply chain has suffered from a lack of transparency and inefficient, unsustainable security management methods such as spreadsheets, emails, and word of mouth. The...

Blog Case Studies AllStar and SLSA GUAC Open Source OpenSSF SBOMit Security

Innovative Supply Chain Security for Enterprise Cloud Platform Service

This blog explores how Guidewire Cloud Platform is using and collaborating with GUAC.

Blog Case Studies

OpenSSF Case Study: Enhancing Open Source Security with Sigstore at Stacklok

Stacklok was founded in 2023 by Craig McLuckie (co-creator of Kubernetes) and Luke Hinds (creator of the OpenSSF project Sigstore), with the goal of helping developers produce and consume open source software more safely.

Blog Case Studies Sigstore

Introducing Artifact Attestations—Now in Public Beta

There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to their source code and build instructions. And with more than 100 million developers building on GitHub, we want to ensure that developers have the tools needed to help protect the integrity of their…

Blog Case Studies Guest Blog

Intel OpenSSF Scorecard Secure Sofware Portfolio

How Intel Uses OpenSSF Scorecard To Better Secure Its Software Portfolio

Scorecard is an automated tool from the OpenSSF that assesses 19 different vectors with heuristics ("checks") associated with important software security aspects and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project. Intel currently uses Scorecard to…