Skip to main content

OpenSSF Newsletter – April 2024

By April 23, 2024

Welcome to the April 2024 edition of the OpenSSF Newsletter, with our latest information on what’s been happening lately and what’s on our radar.

Join Us at SOSS Policy Summit EU 2024

SOSS Policy Summit

We’re headed back to Europe on May 14 to host the Secure Open Source Software (SOSS) Policy Summit EU in Brussels, Belgium with our co-hosts, the Centre for European Policy Studies (CEPS). Governments around the world are interested in open source security supply chains, since open source makes up over 90% of code in software applications used in goods and services. Risks in this supply chain of open source digital public goods can disrupt global economies or cripple critical infrastructure. In order to support policy makers, OpenSSF hosts Policy Summits in both North America and in Europe. On May 14, we will feature speakers from the European Commission, EU Parliament, ENISA, BSI, Meta, Samsung, Ericsson, Microsoft, and SAP among others.

OpenSSF Announces New Members & Initiatives at SOSS Community Day North America

Welcome New Members

The OpenSSF welcomes new general members Ada Logics, The Boeing Company, Chainloop, Defense Unicorns, Ensignia, Hedera, and StepSecurity. With support from these new organizations, the OpenSSF heads into 2024 with 120 members that together recognize the importance of backing, maintaining, and promoting strong, vibrant, and secure open source software ecosystems.

“It brings us great pleasure to welcome our newest members to the OpenSSF,” said Omkhar Arasaratnam, the general manager of OpenSSF. “The challenge of safeguarding open source software is significant, and we eagerly anticipate collaborating with them.”

Read More

Press Release: CISA, DHS S&T and OpenSSF Announce Global Launch of Software Supply Chain Open Source Project

The Open Source Security Foundation (OpenSSF), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), today announced the launch and availability of Protobom, a new and innovative open source software supply chain tool. Protobom enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs) and file data, as well as translate this data across standard industry SBOM formats. The OpenSSF has further committed to facilitating the open source and collaborative development of Protobom while encouraging the growth of an open source contributor community.

Read More

Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security

Golden Egg Award Winners

The Golden Egg Awards spotlight outstanding contributions within the OpenSSF community. This year, the awards were announced at SOSS Community Day North America 2024. Christopher “CRob” Robinson won the Golden Egg Award for Community Engagement for his leadership in the Vulnerability Disclosure Working Group and the Technical Advisory Council. Additionally, Andres Freund received special recognition for promptly detecting and reporting a critical vulnerability, thereby preventing a significant security breach. The event also acknowledged several nominees from various organizations, celebrating their dedication to enhancing open source projects.

Read More

“What’s in the SOSS?” Podcast is Now Live


OpenSSF officially launched the “What’s in the SOSS?” Podcast

Get a taste of all the ingredients that make up secure open source software (SOSS) by listening to the podcast. Explore the latest trends at the intersection of AI and security, vulnerability management, and threat assessments. Each episode is packed with valuable insight designed to foster collaboration and promote stronger security practices for the open source software on which we all depend.

Join us and check out the first podcast here. Stay tuned for future episodes of “What’s in the SOSS?” as we continue to explore the world of secure open source software, bringing you insights from industry leaders and innovators.

Subscribe to “What’s in the SOSS?” on your favorite platform: Spotify, Apple Podcasts, Amazon Music.

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects

Social Engineering Takeover Blog

XZ Utils cyberattack likely not an isolated incident.

The recent attempted XZ Utils backdoor (CVE-2024-3094) may not be an isolated incident as evidenced by a similar credible takeover attempt intercepted by the OpenJS Foundation, home to JavaScript projects used by billions of websites worldwide. The Open Source Security (OpenSSF) and OpenJS Foundations are calling all open source maintainers to be alert for social engineering takeover attempts, to recognize the early threat patterns emerging, and to take steps to protect their open source projects.

Read More

Join Us at SOSS Fusion 2024 in Atlanta

SOSS Fusion 24

Don’t miss SOSS Fusion 2024, taking place October 22-23. This event brings together nearly 500 professionals from diverse sectors—ranging from software development to cybersecurity. Here’s what you can expect:

Expert-led Sessions: Engage with industry leaders through Lightning Talks, presentations, and keynotes, covering key tech trends in AI, Containers, Microservices, and IoT.

Unmatched Networking: Connect with top technical minds during our renowned “hallway track,” fostering collaborations to solve current and future challenges.

All-Inclusive Access: Register by August 9 for just $399, which includes access to all sessions, breakfast, breaks, and exclusive evening events.

Experience the future of technology and security at SOSS Fusion 2024!

Submit to Speak       Register      Sponsor

Leverage the OpenSSF Newsletter Within Your Organization

Share the News!

As a valued OpenSSF subscriber, you’re well-equipped with the latest in open source security. We encourage you to share this crucial knowledge internally by selecting and distributing relevant content from our newsletter in your organization’s internal communications.

We encourage you to share the newsletter, or snippets from it, with your co-workers through word-of-mouth and your organization’s internal newsletters. We want you to help your organization stay informed.

Share the News!

In the News

Meet OpenSSF at These Upcoming Events!

Get Involved in OpenSSF

You’re invited to…

See You Next Month

We want to get you the information you most want to see in your inbox. Have suggestions for next month’s newsletter about the OpenSSF? Let us know at and see you next month! 


The OpenSSF Team