In part 1 we discussed the Artificial Intelligence Cyber Challenge (AIxCC), a two-year competition to create AI systems that find software vulnerabilities and develop fixes to them. We also discussed a specific vulnerability in the Linux kernel, called needle, as an example of the kind of vulnerability we’d like such tools to find and fix. …
Findings show nearly one-third of industry professionals are not familiar with secure software development practices
Could artificial intelligence (AI) practically help find and fix vulnerabilities in a scalable way? We don’t know for certain, but there’s hope that it could. In this article, we’ll look at a competition to encourage the development of AI-enabled tools that will automatically find and fix vulnerabilities. By itself, this would be a little abstract.…
The Open Source Security Foundation (OpenSSF), in partnership with Linux Foundation Training & Certification, offers a free online training course, Developing Secure Software (LFD121). Those who complete the course and pass the final exam will earn a free certificate of completion valid for two years.
The Secure Software Development Education 2024 Survey, conducted through a partnership between the Open Source Security Foundation (OpenSSF) and Linux Foundation (LF) Research, examines the secure software development education needs of professionals in this field. Our results indicate that the need for security awareness and training is one of the top challenges for organizations.Â
In today's rapidly evolving open source ecosystem, managing vulnerabilities efficiently is crucial. To address this,Chainguard is now publishing its security advisory feed in the Open Source Vulnerabilities (OSV) format. This integration aims to simplify vulnerability management and enhance security for users of open source software.
Implementing security best practices is essential for open source maintainers to ensure their projects are secure and free from vulnerabilities. However, many maintainers find this task complex and time-consuming when done manually. The OpenSSF Scorecard offers an automated heuristic of how well key security processes are implemented in a project, providing a clear assessment of…
December 2023 saw the launch of SBOMit, a project that helps enhance the reliability and integrity of SBOMs (Software Bills of Materials). It does so by including, along with SBOMs, a series of in-toto attestations that are produced while the software is being created. SBOMit is hosted under the OpenSSF Security Tooling Working Group.
The security of cloud environments is a top priority for organisations worldwide. According to research by Omdia, supporting cloud and digital transformation projects is one of the top three priorities for cyber security teams, alongside skills development and protecting against ransomware. From a security perspective, getting the right skills around cloud environments so they can…
The Open Source Security Foundation (OpenSSF) Best Practices Working Group (WG) has just released a short guide, Correctly Using Regular Expressions for Secure Input Validation! Here’s why it’s important.
