The Open Source Security Foundation (OpenSSF) is proud to share that the Repository Service for The Update Framework (RSTUF) has completed a successful third-party security audit—marking a key milestone on its path to a stable 1.0.0 release.
In recent days, the vulnerability management ecosystem has experienced shocking news that the de facto standard used throughout industry and upstream, the CVE & CWE Programs, were unexpectedly being defunded and at risk of shuttering its doors. This caused 24 hours of panic up and downstream, but that decision was quickly reversed as CISA stepped…
We are pleased to announce the launch of version 1.0 of the model-signing project, an OpenSSF project developed in the past year as part of the OpenSSF AI/ML working group. The aim of the project is to provide a library and CLI for signing and verification of ML models, supporting any type of model format…
Datadog is a proud Open Source Security Foundation (OpenSSF) member, and we believe that being a part of this security community will lead us all to a safer place. Attackers are increasingly turning to supply chain attacks to distribute their malicious code, and the Open Source Vulnerabilities (OSV) database, to which OpenSSF is a leading…
Open source software is everywhere—used in almost every modern application—but the security challenges it faces continue to grow more serious. Relying on the backbone of volunteers, vulnerabilities now make it a prime target for cyberattacks by both malicious hackers and state actors. The close call with the xz Utils backdoor attack highlights just how fragile…
Open source components are consumed by over 90% of modern applications. Their omnipresence stems from their cost-effectiveness, flexibility, and collaborative nature, making them a cornerstone of contemporary software development. However, this widespread use also makes it a critical weak link in software security. Many open source projects are maintained by small teams or individual contributors…
OSV is an open format for describing software vulnerabilities. It provides security researchers, vendors, and consumers with an easy to understand format for exchanging vulnerability information. OSV.dev is a database that hosts and aggregates OSV data.
Today, I’m excited to announce that Stacklok is contributing our Minder open source project to the Open Source Security Foundation (OpenSSF). Minder makes it simpler for developers and security teams to adopt a policy-based approach to open source software security; it reduces noise, alerts to risk only when necessary, auto-remediates inconsistencies and spans the entire…
Software security is a top priority, and understanding the components that make up your software is crucial. Software Bill of Materials (SBOMs) play a vital role in achieving this by providing a detailed list of these components and their relationships.
