Guest Blog

Jan 23

Predictions for Open Source Security in 2025: AI, State Actors, and Supply Chains

By OpenSSF Blog, Guest Blog

Open source software is everywhere—used in almost every modern application—but the security challenges it faces continue to grow more serious. Relying on the backbone of volunteers, vulnerabilities now make it…

Jan 22

Accelerating OpenSSF Adoption: Unlocking Scorecard Insights with a Centralized Dashboard

By OpenSSF Blog, Guest Blog

Open source components are consumed by over 90% of modern applications. Their omnipresence stems from their cost-effectiveness, flexibility, and collaborative nature, making them a cornerstone of contemporary software development. However,…

Nov 01

Red Hat’s Collaboration with the OpenSSF and OSV.dev Yields Results: Red Hat Security Data Now Available in the OSV Format

By OpenSSF Blog, Guest Blog

OSV is an open format for describing software vulnerabilities. It provides security researchers, vendors, and consumers with an easy to understand format for exchanging vulnerability information. OSV.dev is a database…

Nov 09

How to Use Open Source to Help Comply with SCM Best Practices: A Tutorial on Combining OpenSSF Scorecard and Legitify

By OpenSSF Blog, Guest Blog

A few weeks ago, the OpenSSF Best Practices Working Group published the Source Code Management (SCM) Best Practices guide. This guide is the result of a collaboration of multiple leading…

Oct 30

Safeguarding Your Data – How to Harden Your Systems

By OpenSSF Blog, Guest Blog

In our increasingly digitized world, data reigns supreme. Alongside traditional valuable information like customer records and bank details, data on interactions and activity has become more valuable to companies. As…

Oct 03

Running Sigstore as a Managed Service: A Tour of Sigstore’s Public Good Instance

By OpenSSF Blog, Guest Blog

While several articles have been published about how to run your own Sigstore instance, it’s useful to understand how the public good instance is administered – both in terms of…

Sep 18

OpenSSF Alpha-Omega ISRG Prossimo Rustls Rust for Linux

Advancing Rustls and Rust for Linux with OpenSSF Support

By OpenSSF Blog, Guest Blog

Prossimo continues to advance the functionality and scalability of the Rustls TLS library and the Rust for Linux effort thanks to $530,000 in funding from the OpenSSF’s Alpha-Omega project. This…

Sep 07

VDR, VEX, OpenVEX and CSAF

By OpenSSF Blog, Guest Blog

Early adopters of SBOM have proposed new standards as well as updates to existing standards to specify the status of each vulnerability alongside the SBOM itself. In this context, existing…

Sep 06

OpenSSF Strengthening Open Source Software

Strengthening Open Source Software: Best Practices for Enhanced Security

By OpenSSF Blog, Guest Blog

Securing the open source ecosystem isn't a passive act. It calls for proactive participation through regular code reviews, vulnerability assessments, or simply staying updated with the latest security protocols. Every user,…

Aug 18

The Rising Threat of Software Supply Chain Attacks: Managing Dependencies of Open Source Projects

By OpenSSF Blog, Guest Blog

If you're not using automation to monitor the security risks from your dependency tree, chances are your project is vulnerable. Although these vulnerabilities may not be malicious, they can still…

Predictions for Open Source Security in 2025: AI, State Actors, and Supply Chains

Accelerating OpenSSF Adoption: Unlocking Scorecard Insights with a Centralized Dashboard

Red Hat’s Collaboration with the OpenSSF and OSV.dev Yields Results: Red Hat Security Data Now Available in the OSV Format

How to Use Open Source to Help Comply with SCM Best Practices: A Tutorial on Combining OpenSSF Scorecard and Legitify

Safeguarding Your Data – How to Harden Your Systems

Running Sigstore as a Managed Service: A Tour of Sigstore’s Public Good Instance

Advancing Rustls and Rust for Linux with OpenSSF Support

VDR, VEX, OpenVEX and CSAF

Strengthening Open Source Software: Best Practices for Enhanced Security

The Rising Threat of Software Supply Chain Attacks: Managing Dependencies of Open Source Projects

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

Guest Blog

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox