Global web infrastructure is in a precarious position based on new research by theĀ OpenJS FoundationĀ thanks to an OpenSSF grant. The OpenJS Foundation is announcing the results of an end-user audit based on an IDC survey that shows three-quarters of a billion websites are running out of date software, with most capturing personal and financial information.…
This month's spotlight is on the OpenSSF Identifying Security Threats Working Group, which recently released the first version of the Security Insights Specification. This Working Group is dedicated to equipping the community with tools and documents for assessing the health of open source projects using metrics and other supporting evidence.
In our increasingly digitized world, data reigns supreme. Alongside traditional valuable information like customer records and bank details, data on interactions and activity has become more valuable to companies. As data has become critical, it is also more at risk from theft or attacks like ransomware. According to IBM, the average data breach cost worldwide…
Security is the key theme throughout the three new free Express Learning courses launched by Linux Foundation Training & Certification for cloud professionals. The courses include: Security Self-Assessments for Open Source Projects (LFEL1005), Securing Projects with OpenSSF Scorecard (LFEL1006), Automating Supply Chain Security: SBOMs and Signatures (LFEL1007).
We are excited to announce the launch of the OpenSSF Security Job Board. This job board is meant to serve the community in two ways: allowing developers to view top-notch jobs in the security space and helping companies hire great people. By making the best security jobs easily accessible in one place, we aim to…
In April 2023 the US Cybersecurity and Infrastructure Agency (CISA), along with other government agencies inside and outside the US, released a paper emphasizing software secure-by-design principles and approaches. In October 2023 a significant update was released, now titled Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software. Here weāll…
Earlier this month we held a Tech Talk on Securing the Software Supply Chain: An In-Depth Exploration of SLSA. SLSA, or Supply-chain Levels for Software Artifacts, is an OpenSSF project that provides a security framework to improve the integrity and security of packages and infrastructure. You can watch the Tech Talk on demand on our…
The OpenSSF Day Japan agenda is now live! We have a great day of session presentations, panels, and lightning talks lined up on December 4th, colocated with Open Source Summit Japan in Tokyo, Japan. Plan to join us to discuss the latest and greatest in ongoing efforts to secure the Open Source Software (OSS) ecosystem!
The OpenSSF is pleased to welcome new Governing Board Chair, Arun Gupta who was elected by the OpenSSF Governing Board and will serve from October 2023 to October 2024. Join us for a conversation with new OpenSSF Board Chair, Arun Gupta.
Like the open source ecosystem itself, the OpenSSF has grown and evolved during a very busy 2023. Itās no longer debatable, everyone depends upon open source software today. Two-Term OpenSSF Board Chair, Jamie Thomas, reflects on 2023 milestones.
