Blog

Apr 14

Assessing Product Risk Using SBOMs and OpenSSF Scorecard

By OpenSSF Blog, Guest Blog

The use of SBOMs is becoming increasingly essential in managing software supply chains. The main consumption use case is for evaluating dependencies known-vulnerabilities risk, by mapping the dependencies listed in…

Apr 12

Love0

OpenSSF Board Member Spotlight - Brian Fox, Sonatype

Spotlight on OpenSSF Board Member: Brian Fox, Co-Founder and CTO, Sonatype

By jbly Blog

Join us for a conversation with OpenSSF Board Member, Brian Fox. In this series, we are shining the spotlight on individuals who play a pivotal leadership role in setting the…

Apr 06

Love0

SBOMs, So Far, So Good, So What?

By OpenSSF Blog, Guest Blog

We’ve been discussing the creation of SBOMs for over ten years, but has it gotten us any closer to hardening our software development practices? SBOMs provide critical supply chain data,…

Apr 05

Love0

OpenSSF Best Practices Working Group Provides Security Guidance and Tools for Open Source Developers

By OpenSSF Blog

The goal of the Best Practices Working Group is to provide open source developers with recommendations on best practices around development and security. This working group focuses on providing developers…

Apr 04

Love0

Taking the Pulse of Leading Software Repositories’ Security

By OpenSSF Blog

Each software repository faces a challenging task to protect producers and consumers of open-source software. They must defend against a variety of threats, juggling a complex menu of options to…

Mar 30

Love0

Clarifying Sigstore Terms of Use

By OpenSSF Blog, Sigstore

The primary activity for The Linux Foundation projects is open collaboration on technical challenges that deliver tangible improvements for developers, companies, industries, and society at large. The focus we’ve always…

Mar 29

Love0

OpenSSF Day North America Agenda Now Live

By jbly Blog

The OpenSSF Day North America agenda is now live! We will be hosting a full day of interesting session presentations, panels, and lightning talks on May 10th during Open Source…

Mar 28

Love0

The Role of Foundations in Securing OSS

By OpenSSF Blog, Guest Blog

Security used to be something of an afterthought in software development. Security was clunky or inconvenient, often because it was a ‘bolt-on’. That has rapidly changed over the last two…

Mar 27

Love0

OpenSSF SBOM Everywhere Python SPDX-Tools

SBOM Everywhere Update and Python SPDX-Tools

By OpenSSF Blog

SBOM Everywhere is a Special Interest Group (SIG) within the Security Tooling Working Group of the OpenSSF. In September we funded work on the SPDX Python library and are now…

Mar 22

Love0

Improving Open Source Security through Collaboration: March 2023 OpenSSF Town Hall Highlights

By jbly Blog

Thanks to everyone who attended our recent Town Hall on March 16th where we gave an update on initiatives at the OpenSSF, shared presentations about various initiatives at the OpenSSF,…

Assessing Product Risk Using SBOMs and OpenSSF Scorecard

Spotlight on OpenSSF Board Member: Brian Fox, Co-Founder and CTO, Sonatype

SBOMs, So Far, So Good, So What?

OpenSSF Best Practices Working Group Provides Security Guidance and Tools for Open Source Developers

Taking the Pulse of Leading Software Repositories’ Security

Clarifying Sigstore Terms of Use

OpenSSF Day North America Agenda Now Live

The Role of Foundations in Securing OSS

SBOM Everywhere Update and Python SPDX-Tools

Improving Open Source Security through Collaboration: March 2023 OpenSSF Town Hall Highlights

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

Blog

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox