Guest Blog

Jun 20

Why SBOM Generators Need to Accurately Represent Open Source Licenses

By OpenSSF Blog, Guest Blog

SBOMs enable organizations to identify vulnerabilities, track open-source usage, and ensure compliance with numerous licensing obligations. Having a “single source of truth” for security and licensing information helps everyone. Let’s…

May 03

Love0

How I Got Involved with the OpenSSF

By OpenSSF Blog, Guest Blog

Let’s get it out of the way early: it’s not always clear how you can best plug into organizations like OpenSSF. That’s why I’m writing this guest blog post as…

Apr 17

Love0

Distinguish between source and vendor

By David Wheeler Blog, Guest Blog

It’s important to distinguish the term “source” (any source of a good or service) from the term “vendor” (a source who is paid and has a contractual relationship), especially when…

Apr 14

Love0

Assessing Product Risk Using SBOMs and OpenSSF Scorecard

By OpenSSF Blog, Guest Blog

The use of SBOMs is becoming increasingly essential in managing software supply chains. The main consumption use case is for evaluating dependencies known-vulnerabilities risk, by mapping the dependencies listed in…

Apr 06

Love0

SBOMs, So Far, So Good, So What?

By OpenSSF Blog, Guest Blog

We’ve been discussing the creation of SBOMs for over ten years, but has it gotten us any closer to hardening our software development practices? SBOMs provide critical supply chain data,…

Mar 28

Love0

The Role of Foundations in Securing OSS

By OpenSSF Blog, Guest Blog

Security used to be something of an afterthought in software development. Security was clunky or inconvenient, often because it was a ‘bolt-on’. That has rapidly changed over the last two…

Mar 20

Love0

Improving Supply Chain Security: IBM as a user and a contributor to Open Source Security Foundation Scorecard

By OpenSSF Blog, Case Studies, Guest Blog

Scorecard is becoming a key part of IBM’s review and curation of the open-source software in our products and services. IBM is committed to helping address the systemic security issues…

Mar 15

Love0

New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security

By OpenSSF Blog, Guest Blog

Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software…

Mar 08

Love0

Why Open Source is Infrastructure, and Why it Matters

By OpenSSF Blog, Guest Blog

A new report by the Atlantic Council’s Cyber Statecraft Initiative helps draw light on the question on what "open source as infrastructure" really means, and why it matters: Avoiding the…

Mar 02

Love0

How to Make High-Quality SBOMs

By John Speed Meyers Blog, Guest Blog

The widespread use of software bill of materials (SBOMs) arguably depends on SBOM quality—that SBOMs contain sufficient and accurate information for the intended user to achieve their goals. But, until…

Why SBOM Generators Need to Accurately Represent Open Source Licenses

How I Got Involved with the OpenSSF

Distinguish between source and vendor

Assessing Product Risk Using SBOMs and OpenSSF Scorecard

SBOMs, So Far, So Good, So What?

The Role of Foundations in Securing OSS

Improving Supply Chain Security: IBM as a user and a contributor to Open Source Security Foundation Scorecard

New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security

Why Open Source is Infrastructure, and Why it Matters

How to Make High-Quality SBOMs

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox