Blog

Join Us at the OSS Security Meetup in Tokyo, Japan With General Manager Omkhar + SOSS Community Day North America Event Report

We are excited to announce that the members of the Open Source Security Foundation (OpenSSF), A cross-industry initiative that brings together the industry’s most important open source security initiatives and the individuals and companies that support them, will hold the Meetup on Monday, May 13th at Cybertrust Japan having OpenSSF General Manager Omkhar Arasaratnam for…

Blog

Beyond Scores with OpenSSF Scorecard: Granular Structured Results for Custom Policy Enforcement

OpenSSF Scorecard is a tool to help open source projects reduce software supply-chain risks. Scorecard analyzes projects against a series of heuristics and generates scores from 0–10 for the project — 0 meaning that the project employs high-risk practices and 10 meaning that the project follows security best practices.

Blog Guest Blog

CISA, DHS S&T and OpenSSF Announce Global Launch of Software Supply Chain Open Source Project

The Open Source Security Foundation (OpenSSF), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), today announced the launch and availability of Protobom, a new and innovative open source software supply chain tool.

Blog Press Release

OpenSSF Announces New Members & Initiatives at SOSS Community Day North America

The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), is excited to announce new members from leading technology, aerospace, and security firms at Secure Open Source Software (SOSS) Community Day North America.

Blog Press Release

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

The recent attempted XZ Utils backdoor (CVE-2024-3094) may not be an isolated incident as evidenced by a similar credible takeover attempt intercepted by the OpenJS Foundation, home to JavaScript projects used by billions of websites worldwide. The Open Source Security (OpenSSF) and OpenJS Foundations are calling all open source maintainers to be alert for social…

Blog

Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security

We’re excited to announce the winners of the Golden Egg Awards. These awards shine a light on those who go above and beyond in enriching our community. The Golden Egg Award symbolizes the community’s gratitude for selfless dedication to securing open source projects through community engagement, engineering, innovation, and thoughtful leadership.

Blog

Sessions You Won’t Want to Miss at SOSS Community Day NA and Open Source Summit North America 2024

Get ready for the Secure Open Source Software (SOSS) Community Day NA and Open Source Summit North America 2024, next week in Seattle, Washington! These events are where open source communities converge to collaborate, drive innovation, and foster a vibrant open source ecosystem.

Blog

“What’s in the SOSS?” Podcast is Now Live

In our first podcast – Vincent Danen and the Art of Vulnerability Management, Omkhar Arasaratnam, General Manager of OpenSSF, talks to Vincent Danen, Vice President of Product Security at Red Hat, who is responsible for security and compliance activities across Red Hat's products and services. He’s also on the Governing Board of the OpenSSF. Vincent has…

Blog

TTX_Securing_OSS_and_Empowering_Maintainers

Join us for a TTX: Securing OSS & Empowering Maintainers

At SOSS Community Day NA on April 15, 2024 the OpenSSF Community will conduct a Tabletop Exercise (TTX). Periodically walking through various scenarios of a supply chain attack in a time of calm helps identify action items that are important to prepare in advance for when real attacks occur. A TTX is an important planning…

Blog

Static Binary Analysis: A Final Exam for Software Supply Chain Protection

The compromise of VoIP provider 3CX is just one of the latest incidents to highlight gaps in software supply chain security - and the need for a new approach to supply chain risk management, writes Charlie Jones of ReversingLabs.

Blog Guest Blog

Join Us at the OSS Security Meetup in Tokyo, Japan With General Manager Omkhar + SOSS Community Day North America Event Report

Beyond Scores with OpenSSF Scorecard: Granular Structured Results for Custom Policy Enforcement

CISA, DHS S&T and OpenSSF Announce Global Launch of Software Supply Chain Open Source Project

OpenSSF Announces New Members & Initiatives at SOSS Community Day North America

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security

Sessions You Won’t Want to Miss at SOSS Community Day NA and Open Source Summit North America 2024

“What’s in the SOSS?” Podcast is Now Live

Join us for a TTX: Securing OSS & Empowering Maintainers

Static Binary Analysis: A Final Exam for Software Supply Chain Protection

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox