Welcome to the May 2024 edition of the OpenSSF Newsletter, with our latest information on what’s been happening lately and what’s on our radar.
- DOWNLOAD: What’s in the SOSS? An OpenSSF Podcast!
- REGISTER: Secure Open Source Software (SOSS) Fusion Conference
- JOIN: Attend an upcoming Working Group meeting
Enhancing Open Source Security: Introducing Siren by OpenSSF
In the rapidly changing landscape of cybersecurity threats, collaboration and information sharing are essential. Now, more than ever, the open source community needs a centralized platform to exchange threat intelligence efficiently. Introducing Siren, a threat intelligence sharing platform hosted by Open Source Security Foundation (OpenSSF), a groundbreaking initiative aims to strengthen the defenses of open source projects globally.
Join Our Upcoming OpenSSF Tech Talk: Proactive Supply Chain Security with GUAC
Don’t miss our upcoming Tech Talk, “Proactive Supply Chain Security with GUAC,” on June 6, 2024, at 10 AM PT/1 PM ET. In this Tech Talk, you will meet the GUAC maintainers as they cover the project and its recent release, roadmap plans, and how you can contribute.
Cybersecurity threats are constantly and quickly changing, but GUAC can help you stay ahead.
Call for Proposals: Submit to Speak at SOSS Community Day Europe
Join us in Vienna, Austria, for the Secure Open Source Software (SOSS) Community Day Europe 2024. This enriching event will bring together members from across the security and open source ecosystem to exchange ideas and advancements. Formerly known as OpenSSF Days, SOSS Community Days reflect our broader commitment to fortifying the security of open source software. The Call for Proposals (CFPs) is open until June 16.
Unlock the Keys to Improved Software Security
In today’s digital world, software security is under constant threat. Attackers exploit vulnerabilities, typosquatting, dependency confusion, and even infiltrate developer accounts. To combat these threats, developers must adopt robust security measures.
Read David A. Wheeler’s latest blog, based on his talk at the Open Source Summit North America (OSS NA) 2024, which outlines essential steps for enhancing software security. He highlights the increasing threat of supply chain attacks, both in open and closed source software, and provides practical guidance from the Open Source Security Foundation (OpenSSF).
Recap of SOSS Community Day North America 2024
On April 15, 2024, Secure Open Source Software (SOSS) Community Day North America (NA) brought together the open source community in Seattle to delve into discussions surrounding the challenges, overarching solutions, ongoing initiatives, and triumphs in fortifying the open source software (OSS) supply chain. Alongside dedicated SOSS contributors and thought leaders, we embarked on an in-depth exploration of topics such as security best practices, vulnerability discovery, securing critical projects, and the evolving landscape of OSS security.
Press Release: OpenSSF Taps Bruce Schneier to Discuss AI and OSS Security During Keynote at SOSS Fusion Conference 2024
The Open Source Security Foundation (OpenSSF) announced that internationally renowned technologist Bruce Schneier will serve as the keynote speaker for its inaugural Secure Open Source Software (SOSS) Fusion Conference 2024. Early registration is open for the event, which will take place from Oct. 22 – 23, 2024, in Atlanta, GA.
Register by Aug. 9 for special early bird giveaways! Gain access to interactive workshops, in-depth discussions and valuable sessions about securing open source software
Spotlight on the OpenSSF AI/ML Working Group
What do open source software, security, and AI/ML have in common? In this blog, Mihai Maruseac and Jay White from the OpenSSF AI/ML Working Group delve into this intersection. Almost a year ago, experts at the confluence of security and AI/ML united under the OpenSSF umbrella to form this group. Their mission is to secure AI/ML, addressing the rapid spread of AI technology and the increasing frequency of security incidents in AI-related products.
Discover how this working group is tackling the unique challenges posed by the intersection of these critical fields.
Beyond Scores with OpenSSF Scorecard: Granular Structured Results for Custom Policy Enforcement
In this blog, By Adam Korczynski, David Korczynski, Spencer Schrock, Laurent Simon present the OpenSSF Scorecard, a tool to help open source projects reduce software supply-chain risks. The Scorecard analyzes projects based on a series of heuristics, generating scores from 0 to 10—where 0 indicates high-risk practices and 10 signifies adherence to security best practices. These individual scores are combined into an overall Scorecard score.
The broad scope of Scorecard supports various use cases, from risk management to policy-driven decision making. This blog post focuses on a specific use case that allows Scorecard to be tailored to each consumer’s unique requirements through a novel feature called “structured results.” Learn how structured results can enhance your project’s security assessment and policy enforcement.
Join Us at SOSS Fusion 2024 in Atlanta
Don’t miss SOSS Fusion 2024, taking place October 22-23. This event brings together nearly 500 professionals from diverse sectors—ranging from software development to cybersecurity.
Here’s what you can expect:
- Expert-led Sessions: Engage with industry leaders through Lightning Talks, presentations, and keynotes, covering key tech trends in AI, Containers, Microservices, and IoT.
- Unmatched Networking: Connect with top technical minds during our renowned “hallway track,” fostering collaborations to solve current and future challenges.
- All-Inclusive Access: Register by August 9 for just $399, which includes access to all sessions, breakfast, breaks, and exclusive evening events.
Experience the future of technology and security at SOSS Fusion 2024!
News from CNCF: CloudNativeSecurity Con
Discover the forefront of cybersecurity in cloud-native environments at CloudNativeSecurityCon, the premier conference showcasing cutting-edge trends, best practices, and innovative solutions. Engage with industry experts and professionals as we delve into the dynamic landscape of securing cloud-native infrastructure and applications. Exciting news: schedule is now live! Don’t miss out—secure your spot by registering today!
In the News
- SC Media UK, Node.js 22 is now available
- Dark Reading, Attacker Social-Engineered Backdoor Code Into XZ Utils
- InfoQ, SSH Backdoor from Compromised XZ Utils Library
- SDxCentral, Red Hat builds DevSecOps trust in the software supply chain
- Smarttech, Cybersecurity Week in Review (19/04/24)
- IT Brew, Backdoor attempt on xz Utils likely one of several open-source sabotage attempts, foundations say
- Security Boulevard, Key Areas Where Open-Source Security Needs to Evolve
- Devmio, Women in Tech: “Be curious, be willing to work hard, and be willing to speak up”
- O’Reilly Radar, Radar Trends to Watch: May 2024
- Gizmodo, Open-Source Cybersecurity Is a Ticking Time Bomb
- Infosecurity Magazine, RSAC: Three Strategies to Boost Open-Source Security
- Quartz, Open-source cybersecurity could derail the internet as we know it
Meet OpenSSF at These Upcoming Events!
-
- Tech Talk: Proactive Supply Chain Security with GUAC: June 6, 2024
- CloudNativeSecurityCon: June 26-27, 2024
- OSPOs for Good 2024 Conference: July 9-10, 2024
- Black Hat USA: Aug. 7-8, 2024
- DEF CON: Aug. 8 – 11, 2024
- SOSS Community Day Europe: Sept. 19, 2024
- SOSS Fusion Conference: Oct. 22-23, 2024
Get Involved in OpenSSF
You’re invited to…
- Join a Working Group or Project
- Chat with us on Slack
- Follow us on X, Mastodon, and LinkedIn
See You Next Month
We want to get you the information you most want to see in your inbox. Have suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org and see you next month!
Regards,
The OpenSSF Team