Guest Blog

Jun 11

Maintainers’ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks

By OpenSSF Blog, Guest Blog

CI/CD pipelines are increasingly becoming high-value targets for attackers. With access to secrets, source code, and infrastructure, they offer a direct route to supply chain compromise. The recent breaches involving…

Apr 28

Love0

Announcing the Release of “The Memory Safety Continuum”

By OpenSSF Blog, Guest Blog

The OpenSSF's Memory Safety SIG has just released "The Memory Safety Continuum". It was written with software developers, organizations, and security professionals in mind and it provides practical insights and…

Mar 06

Love0

2025 OpenSSF Content Themes: Strengthening Open Source Security Throughout the Year

By OpenSSF Blog

Each year, the Open Source Security Foundation (OpenSSF) is committed to securing the software supply chain through a year-long focus on key themes. Our content calendar aligns with critical security…

Jan 23

Love0

Predictions for Open Source Security in 2025: AI, State Actors, and Supply Chains

By OpenSSF Blog, Guest Blog

Open source software is everywhere—used in almost every modern application—but the security challenges it faces continue to grow more serious. Relying on the backbone of volunteers, vulnerabilities now make it…

Jan 22

Love0

Accelerating OpenSSF Adoption: Unlocking Scorecard Insights with a Centralized Dashboard

By OpenSSF Blog, Guest Blog

Open source components are consumed by over 90% of modern applications. Their omnipresence stems from their cost-effectiveness, flexibility, and collaborative nature, making them a cornerstone of contemporary software development. However,…

Nov 01

Love0

Red Hat’s Collaboration with the OpenSSF and OSV.dev Yields Results: Red Hat Security Data Now Available in the OSV Format

By OpenSSF Blog, Guest Blog

OSV is an open format for describing software vulnerabilities. It provides security researchers, vendors, and consumers with an easy to understand format for exchanging vulnerability information. OSV.dev is a database…

Nov 09

Love0

How to Use Open Source to Help Comply with SCM Best Practices: A Tutorial on Combining OpenSSF Scorecard and Legitify

By OpenSSF Blog, Guest Blog

A few weeks ago, the OpenSSF Best Practices Working Group published the Source Code Management (SCM) Best Practices guide. This guide is the result of a collaboration of multiple leading…

Oct 30

Love0

Safeguarding Your Data – How to Harden Your Systems

By OpenSSF Blog, Guest Blog

In our increasingly digitized world, data reigns supreme. Alongside traditional valuable information like customer records and bank details, data on interactions and activity has become more valuable to companies. As…

Oct 03

Love0

Running Sigstore as a Managed Service: A Tour of Sigstore’s Public Good Instance

By OpenSSF Blog, Guest Blog

While several articles have been published about how to run your own Sigstore instance, it’s useful to understand how the public good instance is administered – both in terms of…

Sep 18

Love0

OpenSSF Alpha-Omega ISRG Prossimo Rustls Rust for Linux

Advancing Rustls and Rust for Linux with OpenSSF Support

By OpenSSF Blog, Guest Blog

Prossimo continues to advance the functionality and scalability of the Rustls TLS library and the Rust for Linux effort thanks to $530,000 in funding from the OpenSSF’s Alpha-Omega project. This…

Maintainers’ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks

Announcing the Release of “The Memory Safety Continuum”

2025 OpenSSF Content Themes: Strengthening Open Source Security Throughout the Year

Predictions for Open Source Security in 2025: AI, State Actors, and Supply Chains

Accelerating OpenSSF Adoption: Unlocking Scorecard Insights with a Centralized Dashboard

Red Hat’s Collaboration with the OpenSSF and OSV.dev Yields Results: Red Hat Security Data Now Available in the OSV Format

How to Use Open Source to Help Comply with SCM Best Practices: A Tutorial on Combining OpenSSF Scorecard and Legitify

Safeguarding Your Data – How to Harden Your Systems

Running Sigstore as a Managed Service: A Tour of Sigstore’s Public Good Instance

Advancing Rustls and Rust for Linux with OpenSSF Support

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox