Blog

Securing the Software Supply Chain Report Recommends SBOM Consumption Practices for Critical Infrastructure Providers

In an era where cyber threats continue to evolve, securing the software supply chain has become paramount for organizations globally. Recognizing the critical need for a robust framework, the US National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have collaborated to…

Blog

OpenSSF Kicks Off Guest Blog Editorial Review Panel to Amplify Voices in the Security Community

Open source software (OSS) has grown exponentially in its adoption and usage in recent years, making its security a top priority. The Open Source Security Foundation (OpenSSF) recognizes the need to foster a community that shares knowledge, insights, and best practices to fortify OSS. With this in mind, we're pleased to introduce the new OpenSSF…

Blog

Alpha-Omega to Continue Support of Rust Foundation Security Initiative in 2024

Today, Alpha-Omega is excited to announce our second year of supporting the Rust Foundation Security Initiative. We believe that this funding will build on the good work and momentum established by the Rust Foundation in 2023. Through this partnership, we are helping relieve maintainer burdens while paving an important path towards a healthier and more…

Alpha-Omega Blog

OpenSSF Supports oss-security and (linux-)distros Mailing Lists

As a part of the OpenSSF's mission to sustainably secure the development, maintenance and consumption of open source software, the OpenSSF earlier this year started to sponsor the operation of a critical piece of the community's infrastructure for communication. The oss-security and (linux)-distros mailing lists, which are operated by Openwall, have been a key part…

Blog

How to Use Open Source to Help Comply with SCM Best Practices: A Tutorial on Combining OpenSSF Scorecard and Legitify

A few weeks ago, the OpenSSF Best Practices Working Group published the Source Code Management (SCM) Best Practices guide. This guide is the result of a collaboration of multiple leading security community members under the OpenSSF umbrella. The SCM Best Practices guide provides a comprehensive set of recommendations for securing SCM platforms like GitHub and GitLab.…

Blog Guest Blog Guest Blog

OpenSSF Responds to US Federal Government RFI on Open Source Software Security

The OpenSSF has submitted a response to the Request For Information (RFI) on open source software (OSS) security and memory safe programming languages from the US White House Office of the National Cyber Director (ONCD) and its partners in the Open-Source Software Security Initiative (OS3I). We have thoroughly reviewed the requirements outlined in the RFI…

Blog

Alpha-Omega Grant To Help Homebrew Reach SLSA Build Level 2

Alpha-Omega is pleased to announce a grant to the Homebrew project to enable Sigstore attestations and verification of Homebrew packages. When complete the project will allow organizations to securely verify the provenance of the toolchains on their workstations and in their build environments. This is a critical part of securing every software supply chain.

Alpha-Omega Blog

Industry Joint Statement on Article 45 in the EU eIDAS Regulation

OpenSSF Co-Signs Industry Joint Statement on Article 45 in the EU’s eIDAS Regulation

The organizations that build and secure the Internet are concerned about proposed EU regulations that aim to mandate that all Web browsers recognize a new form of certificate for the purposes of authenticating websites. To support Mozilla’s position on eIDAS regulation and the organization’s multi-year effort to avert a potential policy disaster for cryptography in…

Blog

Linux Foundation ISC2 OpenSSF Collaboration

Linux Foundation, ISC2 and OpenSSF Collaborate to Target Secure Code Development

Linux Foundation Training & Certification, ISC2, and Open Source Security Foundation (OpenSSF) today announced a new collaboration to empower the open source cybersecurity community through secure software development, knowledge sharing, education, certification and much more. Together, the three organizations will lead the way to secure software development and lifecycle management for open source code.

Blog Press Release

Safe, Secure, & Trustworthy AI Executive Order

US White House Executive Order on Safe, Secure, and Trustworthy AI

The Biden-Harris Administration issued a landmark Executive Order on developing Artificial Intelligence (AI), harnessing the power of AI responsibly, and managing the risks of AI. Executive Order 14110 directs actions for new standards on AI safety, security, privacy protection, equity and civil rights advancement, consumer and worker protection, and more.

AI Blog

Securing the Software Supply Chain Report Recommends SBOM Consumption Practices for Critical Infrastructure Providers

OpenSSF Kicks Off Guest Blog Editorial Review Panel to Amplify Voices in the Security Community

Alpha-Omega to Continue Support of Rust Foundation Security Initiative in 2024

OpenSSF Supports oss-security and (linux-)distros Mailing Lists

How to Use Open Source to Help Comply with SCM Best Practices: A Tutorial on Combining OpenSSF Scorecard and Legitify

OpenSSF Responds to US Federal Government RFI on Open Source Software Security

Alpha-Omega Grant To Help Homebrew Reach SLSA Build Level 2

OpenSSF Co-Signs Industry Joint Statement on Article 45 in the EU’s eIDAS Regulation

Linux Foundation, ISC2 and OpenSSF Collaborate to Target Secure Code Development

US White House Executive Order on Safe, Secure, and Trustworthy AI

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox