Join our first Tech Talk of 2024, where organizations will discuss the importance of adopting OpenSSF Scorecard. OpenSSF Scorecard helps open source maintainers improve their security best practices and helps consumers judge whether their dependencies are safe.
AMMAN, JORDAN, March 4, 2024 – Open Source Security Foundation (OpenSSF), Linux Foundation Training and Certification (LF T&C), and Cloud Native Computing Foundation (CNCF) are thrilled to announce an initiative...
In Open Source Security Foundation (OpenSSF), we shine a light on those who go above and beyond in enriching our community. The Golden Egg Awards recognize individuals as the driving force behind innovation. More than just a token of appreciation, the Golden Egg symbolizes gratitude for their selfless dedication to securing open source projects through…
We're excited to announce that the agenda for Secure Open Source Software (SOSS) Community Day NA on April 15, 2024 is now available! Join us for a day of technical talks, panels, and a Table Top Exercise (TTX). SOSS Community Day is co-located with Open Source Summit North America in Seattle, WA.Â
The US Office of the National Cyber Director (ONCD) report Back to the Building Blocks: A Path Toward Secure and Measurable Software, was released today. The report provides valuable insights into strategies to improve software security. This paper emphasizes the importance of proactive measures in mitigating vulnerabilities by examining pivotal principles such as memory safety,…
The Secure Open Source Software (SOSS) Fusion Conference by the OpenSSF is a leading event for open source professionals, uniting diverse experts from software developers to CISOs and tech pioneers. It's not just an event; it's a push toward a more secure digital future.
OpenSSF has submitted a response to the Request For Information (RFI) on Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software issued by the US Cybersecurity and Infrastructure Security Agency (CISA). We have provided insightful feedback on making software secure by design, highlighting the critical need for clarity, precision, and…
In this post, we will explore how Yahoo leverages Sigstore, in concert with Athenz, an open source platform for managing X.509 certificates, as an internal Certificate Authority, to sign and verify container images.Â
In 2023, Alpha-Omega provided ten grants to eight organizations totaling over $2.8 million dollars, with an average grant size of just over $350,000. In partnership with OpenSSF, Alpha-Omega's mission is to catalyze sustainable security improvements within the most critical open source projects and ecosystems. As a Directed Fund with three continuing stakeholders (Google, Amazon Web…
The Linux kernel has achieved a significant milestone in open source software security. It has been authorized as a CVE Numbering Authority (CNA) by the CVE Program. Being a CNA enables the Linux kernel team to manage the vulnerabilities with more accuracy and higher quality in the future. As Linux Foundation Fellow Greg Kroah-Hartman pointed…
