Skip to main content
Category

Blog

OpenSSF Releases Top 10 Secure Software Development Guiding Principles

OpenSSF Releases Top 10 Secure Software Development Guiding Principles

By Blog

Today, we are excited to announce version 1.0 of the Secure Software Development Guiding Principles. These 10 principles describe a series of foundational practices that, if followed, can help provide better assurance and security for organizations leveraging them. Though aspirational, they provide a set of core practices that producers and suppliers of software can pledge to align with and follow throughout their development lifecycles helping create more secure software. 

Read More
Compiler Options Hardening Guide for C and C++

Strengthening the Fort 🏰: OpenSSF Releases Compiler Options Hardening Guide for C and C++

By Blog

In the fast-changing landscape of cybersecurity, OpenSSF has taken a significant step towards enhancing the security of C and C++ software. This effort addresses a persistent class of software defects that have affected software, including open source software (OSS), since the dawn of the Internet. By releasing a comprehensive “Compiler Options Hardening Guide for C and C++” the OpenSSF Best Practices Working Group aims to empower developers with the expertise and resources to build more secure C and C++ applications.

Read More
OpenSSF Sigstore Simplifying Code Signing for Open Source Ecosystems

Sigstore: Simplifying Code Signing for Open Source Ecosystems

By Blog, Sigstore

This month’s spotlight focuses on the Sigstore project. Digital signatures play a critical role in the software supply chain, by providing verifiable attributes of authentication, integrity, and non-repudiation of artifacts as they are distributed between consumers and producers. By ensuring that the origin of the software can be reliably traced back to its source, digital signatures also help establish a chain of trust, confirming that the software is from the claimed source. This is particularly crucial for build provenance, as it allows users to verify not just the integrity of the final artifact, but also the integrity of the entire build process, ensuring that the software was compiled and packaged within a specific environment.

Read More
OpenSSF Mission Vision Values Strategy

OpenSSF publishes Mission, Vision, Values, and Strategy

By Blog

The open source software (OSS) community is ever-changing, and the security of OSS rapidly evolves in parallel. This requires OpenSSF to regularly re-evaluate our focus and approach to intentionally improve OSS security.  Today the Open Source Security Foundation (OpenSSF) releases an updated Mission, Vision, Values and Strategy (MVS) for the foundation as approved by the Governing Board.

Read More
SBOM Consumption

Securing the Software Supply Chain Report Recommends SBOM Consumption Practices for Critical Infrastructure Providers

By Blog

In an era where cyber threats continue to evolve, securing the software supply chain has become paramount for organizations globally. Recognizing the critical need for a robust framework, the US National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have collaborated to release a cybersecurity technical report titled “Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption.”

Read More
OpenSSF Guest Blog Editorial Review Panel

OpenSSF Kicks Off Guest Blog Editorial Review Panel to Amplify Voices in the Security Community

By Blog

Open source software (OSS) has grown exponentially in its adoption and usage in recent years, making its security a top priority. The Open Source Security Foundation (OpenSSF) recognizes the need to foster a community that shares knowledge, insights, and best practices to fortify OSS. With this in mind, we’re pleased to introduce the new OpenSSF Guest Blog Editorial Review Panel that will be focused on facilitating our guest blog initiative.

Read More