We’re excited to announce the release of the OpenSSF 2024 Annual Report, highlighting a year of significant progress, collaboration, and impact within the open source software (OSS) ecosystem. From new member milestones to groundbreaking initiatives, this report captures the collective achievements of our projects, working groups, and vibrant community. Here’s a glimpse of what you’ll…
SAN FRANCISCO, Dec. 4, 2024 -- The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the release of "Census III of Free and Open Source Software – Application Libraries" (Census III) in collaboration with the Laboratory for Innovation Science at Harvard. The study identifies the most widely-used free and open source software (FOSS) as application…
Open Source Security Foundation (OpenSSF), with its focus on securing open source software, plays a pivotal role in establishing best practices for developing secure AI systems. In 2024, the OpenSSF AI/ML Working Group launched a new project focused on model signing. This initiative is developing a proof of concept for model signing with Sigstore, aimed at enhancing…
With publishing as Regulation (EU) 2024/2847 in the Official Journal of the European Union, the Cyber Resilience Act (CRA) enters into force (EIF) on December 10, 2024. The CRA will fully apply three years later, on December 11, 2027. The CRA will obligate all products with digital elements, including their remote data processing, put on…
The Open Source Security Foundation (OpenSSF) logo presents a compelling visual narrative featuring “Honk”, an armored goose holding a shield. This unique and creative mascot perfectly embodies the foundation's mission in open source security. Why the goose?
With the development of new artificial intelligence (AI) models and capabilities, attention has been drawn to their potential harms and misuse: from generating deepfakes and disinformation, algorithmic bias, or being used to perpetuate other harms or biases.
OSV is an open format for describing software vulnerabilities. It provides security researchers, vendors, and consumers with an easy to understand format for exchanging vulnerability information. OSV.dev is a database that hosts and aggregates OSV data.
Growing Member Base and New Initiatives Continue to Advance Open Source Software Security TOKYO, JAPAN – October 30, 2024 – The Open Source Security Foundation (OpenSSF), a global cross-industry initiative...
The Open Source Security Foundation (OpenSSF) today announced an expansion of its free course “Developing Secure Software” (LFD121). The course now features interactive learning scenarios to better equip developers to build software that resists modern cyberattacks.
Today, I’m excited to announce that Stacklok is contributing our Minder open source project to the Open Source Security Foundation (OpenSSF). Minder makes it simpler for developers and security teams to adopt a policy-based approach to open source software security; it reduces noise, alerts to risk only when necessary, auto-remediates inconsistencies and spans the entire…
