OpenSSF Guides

Concise Guide Developing Secure Software

Concise Guide for Developing More Secure Software

Concise guide for all software developers for software development, building, and distribution.

Concise Guide for Evaluating Open Source Software

As a software developer, before using open source software (OSS) dependencies or tools, identify candidates and evaluate the leading ones against your needs.

Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects

Intended to help security researchers (aka “Finders”) engage with open source software (OSS) project maintainers to kick off and participate in the coordinated vulnerability response process.

npm Best Practices Guide

Aims to be an all-inclusive document explaining the security supply-chain best practices when using npm’s package manager.

Guide to implementing a CVD process for open source projects

Guide to Implementing a Coordinated Vulnerability Disclosure Process for Open Source Projects

Intended to help open source project maintainers create and maintain a coordinated vulnerability response process.

Copyright © 2023 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.