Blog

Nov 16

OpenSSF Expands Supply Chain Integrity Efforts with S2C2F

By OpenSSF Blog

A robust strategy around securing how developers consume and manage open source software (OSS) dependencies when building software is essential. The Secure Supply Chain Consumption Framework (S2C2F) is a consumption-focused/consumer-focused…

Nov 15

Love0

SigstoreCon Highlights

By OpenSSF Blog

In the motor city, the community hosted the first-ever Sigstore event, SigstoreCon, in co-location with KubeCon + CloudNativeCon North America. Event highlights included the announcement of Sigstore general availability, an…

Nov 09

Love0

Meet a Maintainer: Naveen Srinivasan, Software Engineer, Endor Labs

By jbly Blog

Meet Naveen Srinivasan, Software Engineer, Endor Labs. Maintainers play a vital role in the OpenSSF. Naveen is a software engineer at Endor Labs. He was awarded the Google Open Source…

Nov 01

Love0

Luke Hinds Security Engineering Lead OCTO Red Hat Meet a Maintainer

Meet a Maintainer: Luke Hinds, Security Engineering Lead, OCTO, Red Hat

By jbly Blog

Meet Luke Hinds, Security Engineering Lead, OCTO, Red Hat. Maintainers play a vital role in the OpenSSF and the Linux Foundation and we think you should get a chance to…

Oct 25

Love0

Sigstore Announces General Availability at SigstoreCon

By OpenSSF Blog, Press Release, Sigstore

Today at SigstoreCon, the Sigstore community announced the general availability of its free software signing service giving open source communities access to production-grade stable services for artifact signing and verification.…

Oct 24

Love0

OpenSSF Project Alpha-Omega Invests in the OpenJS Foundation and jQuery to Help Secure the Consumer Web

By Brian Behlendorf Alpha-Omega, Blog

Today, we’re excited to share that the Open Source Security Foundation (OpenSSF) Project Alpha-Omega is committing $350,000 to reduce potential security incidents for jQuery by helping modernize its consumers and…

Oct 20

Love0

state of the software supply chain sonatype

Report Finds OpenSSF Scorecards Are Highly Effective Measures to Assess Project Security

By OpenSSF Blog

Projects adopting the practices set out by the OpenSSF in its Security Score, including adopting a dependency update tool that ensures rapid updating of vulnerable dependencies, will improve their project's…

Oct 19

Love0

Contributor Q&A with Melba Lopez, STSM – Supply Chain Security, IBM

By jbly Blog

Meet Melba Lopez, STSM - Supply Chain Security, IBM. Contributors play an important role in the OpenSSF and the Linux Foundation, so we want to give you a chance to…

Oct 12

Love0

MEET A MAINTAINER Priya Wadhwa Chainguard

Meet a Maintainer: Q&A with Priya Wadhwa, Software Engineer, Chainguard

By jbly Blog

Meet Priya Wadhwa, Software Engineer, Chainguard. Maintainers play a vital role in the OpenSSF and the Linux Foundation and we think you should get a chance to meet some of…

Oct 11

Love0

Critical Infrastructure Security Summit OpenSSF

Securing Open Source Software is Securing Critical Infrastructure

By David Wheeler Blog

Securing critical OSS components and infrastructure is an important part of securing critical infrastructure. When we consider open source critical infrastructure we must keep in mind that not all OSS…

OpenSSF Expands Supply Chain Integrity Efforts with S2C2F

SigstoreCon Highlights

Meet a Maintainer: Naveen Srinivasan, Software Engineer, Endor Labs

Meet a Maintainer: Luke Hinds, Security Engineering Lead, OCTO, Red Hat

Sigstore Announces General Availability at SigstoreCon

OpenSSF Project Alpha-Omega Invests in the OpenJS Foundation and jQuery to Help Secure the Consumer Web

Report Finds OpenSSF Scorecards Are Highly Effective Measures to Assess Project Security

Contributor Q&A with Melba Lopez, STSM – Supply Chain Security, IBM

Meet a Maintainer: Q&A with Priya Wadhwa, Software Engineer, Chainguard

Securing Open Source Software is Securing Critical Infrastructure

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox