Welcome to the September 2024 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.
- Take: Developing Secure Software (LFD121)
- Attend: SOSS Fusion (Register by Sept. 27 & Save US$150!)
- Get Involved: Participate in OpenSSF
Innovative Supply Chain Security for Enterprise Cloud Platform Service
As software supply chain security becomes a critical concern, Guidewire Cloud Platform is taking proactive steps by collaborating with GUAC to enhance their defenses. This partnership aims to strengthen the resilience of enterprise cloud services against potential vulnerabilities that could disrupt operations. With the integration of GUAC, Guidewire is able to quickly identify, mitigate, and prevent security threats across their supply chain.
AIxCC Semifinals at DEF CON Showcase AI’s Potential in Securing Critical OSS Projects
AI took center stage at DEF CON 32 with the AIxCC Challenge semifinals, showcasing how AI-driven technologies can revolutionize open source security. Seven standout teams advanced to the finals, each utilizing AI to detect and fix vulnerabilities in critical software projects. This competition not only highlights the immense potential of AI in cybersecurity but also serves as a catalyst for future innovations that could safeguard millions of users worldwide.
Prioritizing Security: Key Findings from the OpenSSF Survey for Financial Institutions
As the financial services sector increasingly relies on software to drive its operations, securing these systems has become paramount. The OpenSSF’s 2024 Secure Software Development Education Survey reveals key insights for financial institutions, especially for organizations like FINOS members. The survey underscores the urgent need for better security practices, offering a roadmap for banks, investment firms, and wealth managers to fortify their software environments.
Simplify SBOM Management for Developers: Introducing bomctl
Managing Software Bills of Materials (SBOMs) is crucial for understanding software components and improving security, and bomctl makes it easier than ever. This powerful tool simplifies SBOM management, empowering developers to efficiently track and maintain their software’s components. By automating the process, bomctl not only boosts security and compliance but also saves time, allowing developers to focus on innovation while staying confident in their software’s safety.
Join Us at the OSS Security Meetup in Tokyo, Japan
The OpenSSF is thrilled to host a special OSS Security Meetup in Tokyo on October 3rd at Renesas Electronics, bringing together open source security experts to tackle some of the field’s most pressing challenges. This exclusive event will feature hands-on sessions, networking opportunities, and key discussions about the future of open source security in Japan and beyond. Don’t miss this opportunity to connect with the global security community.
OpenSSF Welcomes New Members and Presents Golden Egg Award at SOSS Community Day Europe
OpenSSF continues to grow its community with new members from leading technology, security, and research firms, further bolstering efforts to secure open source software. At SOSS Community Day EU in Vienna, we proudly presented the Golden Egg Award, recognizing outstanding contributions to OSS security. The new members bring invaluable expertise to the OpenSSF, driving collaboration and innovation for a safer open source ecosystem.
OpenSSF at Grace Hopper Celebration 2024: Advancing Diversity and Security in Open Source
OpenSSF was honored to participate in the Grace Hopper Celebration (GHC) 2024, the world’s largest gathering of women and non-binary technologists, where innovation, inclusion, and diversity are celebrated. Our presence highlighted the critical need for diverse voices in open source security, ensuring that as technology evolves, it remains secure for everyone. OpenSSF used this platform to advocate for greater participation from underrepresented groups in both tech and security.
Empower Your Software Development with OpenSSF’s Free “Developing Secure Software” Course!
Learn secure software fundamentals at your own pace and earn a recognized certificate. Plus, we’ve just added new optional labs in LFD121! These hands-on exercises will help you practice countering attacks with real-world scenarios and helpful hints.
In the News
- The Register: Open source maintainers underpaid, swamped by security, and going gray
- The New Stack: Open Source: Paid Maintainers Keep Code Safer, Survey Says
- Cybersecurity Dive: Open source maintainers, under security pressure, remain largely unpaid after XZ Utils
- CIO Influence: Tidelift Study Reveals Paid Open Source Maintainers Do Significantly More Critical Security and Maintenance Work Than Unpaid Maintainers
- SD Times: The state of open source maintainers
- tl;dr sec newsletter: LinkedIn’s AI Security Posture Platform, PyPI Defaults 😭, IAM Least Privilege
- Security Boulevard: Application Security — The Complete Guide
- I-Programmer: Rust Foundation Report On Recent Initiatives
- HackRead: New Supply Chain Attack “Revival Hijack” Risks Massive PyPI Takeovers
- ComputerWeekly: PyPI loophole puts thousands of packages at risk of compromise
Meet OpenSSF at These Upcoming Events!
- SOSS Fusion Conference: October 22-23, 2024
- Open Source Summit Japan: October 28-29, 2024
- SOSS Community Day Japan: October 30, 2024
Get Involved in OpenSSF
You’re invited to…
- Join a Working Group or Project
- Chat with us on Slack
- Follow us on X, Mastodon, and LinkedIn
See You Next Month
We want to get you the information you most want to see in your inbox. Have ideas or suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org, and see you next month!
Regards,
The OpenSSF Team