Skip to main content
Tag

Guest Blog

Role of Foundations in Securing OSS

The Role of Foundations in Securing OSS

By Blog

Security used to be something of an afterthought in software development. Security was clunky or inconvenient, often because it was a ‘bolt-on’. That has rapidly changed over the last two years. Now, the world has finally realised that security needs to be ‘baked-in’, not ‘bolted-on’. Meaningful and impactful improvements can be achieved in OSS security engineering and development across ecosystems if the work is directed by non-profit foundations and financially supported by a plurality of public and private bodies on an ongoing basis.

Read More
SLSA Survey

New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security

By Blog

Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software professionals view these practices as useful or not? Easy or hard? To help answer these and related questions, Chainguard, the Eclipse Foundation, the Rust Foundation, and the Open Source Security Foundation (OpenSSF) partnered to field a software supply chain security survey.

Read More

How to Make High-Quality SBOMs

By Blog

The widespread use of software bill of materials (SBOMs) arguably depends on SBOM quality—that SBOMs contain sufficient and accurate information for the intended user to achieve their goals. But, until recently, it has been difficult to measure SBOM quality. New SBOM quality tools, a new SBOM dataset, and new SBOM quality research changes this state of affairs though. What do these new tools, datasets, and research findings say about the current state of SBOM quality? And how can you make high-quality SBOMs?

Read More