Skip to main content

📩 Stay Updated! Follow us on LinkedIn and join our mailing list for the latest news!

OpenSSF Newsletter – August 2024

By August 21, 2024

Welcome to the August 2024 edition of the OpenSSF Newsletter, with our latest information on what’s been happening lately and what’s on our radar.

 

Celebrating Excellence: An Interview with Golden Egg Award Winner Christopher “CRob” Robinson

GoldenEggAwardCRob

We sat down with CRob, the recent Golden Egg Award winner for OpenSSF Community Engagement, to discuss his journey in the open source world. As the chair of the Vulnerability Disclosure Working Group and the Technical Advisory Council (TAC), CRob has played a pivotal role in creating essential security guides and fostering a collaborative, engaged community.

Read More

SOSS Fusion 2024 CFP Results: A Look at Our Diverse and Engaging Program

SOSS Fusion 24 CFP Results

As the Call for Proposals (CFP) for the Secure Open Source Software (SOSS) Fusion Conference wrapped up, we wanted to share some insights about the submissions that highlight how Fusion will be a premier event in open source security. SOSS Fusion brings together the brightest minds in software development and cybersecurity to secure the open source software that we all depend on. 

Read More

SOSS Community Day EU Agenda Now Live!

SOSSCDEU_Agenda

We’re thrilled to announce that the agenda for Secure Open Source Software (SOSS) Community Day EU on September 19, 2024, is now live! Join us for a day filled with insightful technical talks, engaging panels, and more. SOSS Community Day EU will be co-located with the Open Source Summit Europe in Vienna, Austria.

Read more

Datadog Joins Open Source Security Foundation (OpenSSF)

DatadogJoinsOpenSSF

Datadog has joined the Open Source Security Foundation (OpenSSF) as a premier member, reinforcing its commitment to enhancing the security of the open source software supply chain. This collaboration aims to advance initiatives that fortify software integrity and foster industry-wide cooperation, with Datadog’s CISO, Emilio Escobar, joining the OpenSSF board to help steer strategic direction.

Read More

How to Make Programming Language Package Repositories More Secure

Open source package repositories (like npm, PyPI, RubyGems, and others) serve out billions of packages per day. Most of the software we all use includes packages from these repositories, making them a critical part of securing software.

So how do we all make these package repositories more secure?

Read More

Neo Malware: Malicious Open Source Packages

This blog highlights the growing threat of malicious open source packages targeting software supply chains and introduces the OpenSSF’s Malicious Packages Repository as a key initiative to combat these risks. It underscores the importance of advanced security measures and community collaboration to safeguard the future of open source software.

Read More

New Guide for Package Repositories to Adopt Trusted Publishers

New Guide for Package Repositories to Adopt Trusted Publishers

The Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group (WG) has just released a new guide for maintainers of open source software repositories. The guide details a new security capability named “Trusted Publishers” which utilizes the OpenID Connect standard (OIDC) to authenticate with a package repository without the use of long-lived secrets thus avoiding many related security and operational challenges.

Read More

OSS Security Adventure: Recap of Recent Security-Focused Events Featuring OpenSSF

RecentSecurityEvents

In July, Open Source Security Foundation (OpenSSF) participated in three key events that highlight its dedication to enhancing open source software security for the global public good: the United Nations OSPOs for Good 2024 Conference and the What’s Next for Open Source? Workshops both in New York City, as well as the OECD Global Forum on Digital Security for Prosperity (GFDSP) in Seoul, South Korea. 

Read More

What’s Next for Open Source? Workshop Highlights and Calls to Action to Inspire Progress for Global Sustainability

What's Next for Open Source? Workshop Highlights and Calls to Action to Inspire Progress for Global Sustainability

In July, a historic moment took place for open source, where it took center stage at the two-day “OSPOs for Good” symposium at the United Nations. Co-hosted by Kenya and Germany, experts from the worlds of open source, government, and NGOs came together to learn and share how open source is being used to address global challenges, including the 17 Sustainable Development Goals (SDGs).

Read More

Call for Proposals: SOSS Community Day Japan 2024

We are excited to announce that the OpenSSF is hosting Security of Open Source Software (SOSS) Community Day Japan 2024, scheduled for Wednesday, October 30, 2024. This one-day event will take place in Tokyo, Japan, and the call for proposals (CFP) is now open.

Read More

Mitigating Attack Vectors in GitHub Workflows

Mitigating attack vectors in GitHub Workflows

The blog discusses the various attack vectors in GitHub workflows and provides strategies to mitigate these risks. It emphasizes the importance of restricting permissions, avoiding running untrusted code on privileged workflows, and using secure practices like hash pinning and dependency updates to enhance security in GitHub projects.

Read More

Announcing SigstoreCon: Supply Chain Day!

SigstoreConJoin us for SigstoreCon: Supply Chain Day! Co-located with Kubecon NA 2024 in Salt Lake City, attendees will learn about simplifying signing and verification for digital artifacts using Sigstore, as well as related software supply chain efforts such as SLSA, The Update Framework, binary transparency, and more! CFP deadline is September 13.

Read More

GUAC v0.8.0 Released

GUACv0.8.0

GUAC v0.8.0 is now available. This release brings support for license information, node deletion, and many other improvements.

Read More

A Bird’s-Eye View of LFD 121 (Developing Secure Software) — and Why Every Developer Should Take It

LFD121Blog

The Linux Foundation and OpenSSF offer LFD 121: Developing Secure Software, a free, self-paced course that equips developers with essential tools for building secure software. This comprehensive course covers secure design, implementation, and verification, ensuring developers stay up-to-date with the latest security practices.

Read More

In the News

Meet OpenSSF at These Upcoming Events!

Get Involved in OpenSSF

You’re invited to…

See You Next Month

We want to get you the information you most want to see in your inbox. Have suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org, and see you next month! 

Regards,

The OpenSSF Team