Skip to main content

đŸ“© Stay Updated! Follow us on LinkedIn and join our mailing list for the latest news!

Tag

Honda

OpenSSF Newsletter – December 2024

By Newsletter

Welcome to the December 2024 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.

Thank You for an Amazing 2024!

OpenSSFAnnualReport

As 2024 comes to a close, we want to take a moment to express our deepest gratitude for the dedication, collaboration, and innovation you have brought to the OpenSSF community this year. Together, we achieved remarkable milestones—from expanding our global membership and launching impactful education initiatives to advancing critical security projects and fostering collaborations with public and private sectors. Your contributions have strengthened our shared mission to secure the open source ecosystem and build a safer, more reliable digital future.

As we look forward to 2025, we’re excited to continue fostering a vibrant and inclusive community, deepening collaborations, and driving meaningful change together. We appreciate your role in this journey.

Wishing you a safe and joyful holiday season!

Download report

The Open Source Software Stewards and Manufacturers Workshop and the EU Cyber Resilience Act (CRA)

In December, the Linux Foundation Europe and the OpenSSF hosted the Open Source Software Stewards and Manufacturers Workshop in Amsterdam, focusing on the implications of the EU Cyber Resilience Act (CRA). The event brought together industry leaders, community experts, and government officials to align on CRA obligations and foster collaboration for compliance.

Key outcomes included the formation of the Global Cyber Policy Working Group and three workstreams: CRA Readiness & Awareness, CRA Tooling & Processes, and CRA Standardization.

Details on how to participate and learn more:

Understanding the CRA: OpenSSF’s Role in the Cyber Resilience Act Implementation – Part 1

UnderstandingCRA1

Published as Regulation (EU) 2024/2847 in the Official Journal of the European Union, the Cyber Resilience Act (CRA) entered into force (EIF) on December 10, 2024. The CRA will fully apply three years later, on December 11, 2027. The CRA will obligate all products with digital elements, including their remote data processing, put on the European market to follow this regulation. This new blog series will cover the implementation of the CRA and its relevance to open source software.

In Part 1, we will provide a general overview of the CRA and highlight LF Europe and the OpenSSF’s current activities in relation to the implementation.

Learn more

Understanding the CRA: OpenSSF’s Role in the Cyber Resilience Act Implementation – Part 2

CRABlog2
In Part 1, we provided a general overview of the CRA and highlighted OpenSSF’s current activities related to its implementation. In Part 2, we’ll take a closer look at the three-year implementation timeline and what lies ahead. 

Read more

Shaping the Future of Generative AI: A Focus on Security

GenAIstudy

The Shaping the Future of Generative AI report, sponsored by LF AI & Data and CNCF, highlights how organizations prioritize security, cost, and performance as they adopt GenAI. Security remains a top concern, particularly in sectors like finance and healthcare, where privacy and regulatory compliance are critical.

The Open Source Security Foundation (OpenSSF) AI/ML Working Group plays a vital role in this landscape, focusing on initiatives like model signing with Sigstore to enhance trust and security in AI systems. This blog ties together insights from the report and OpenSSF’s ongoing efforts to address security challenges in GenAI adoption.

Open Source Usage Trends and Security Challenges Revealed in New Study

Census III Report

The Linux Foundation and Harvard released Census III, a groundbreaking study analyzing Free and Open Source Software (FOSS) usage and security challenges. Findings reveal trends like the rise of cloud-specific packages, increased reliance on Rust, and the critical role of a small group of contributors.

Learn more

Download report

 

Honda and Guidewire Join the Open Source Security Foundation (OpenSSF)


At the inaugural SOSS Community Day India, OpenSSF welcomed Honda and Guidewire Software as new members, expanding its growing global network to 126 organizations. The event highlights India’s thriving open source ecosystem and brings together leaders to collaborate on securing the software we all depend on.

Learn more

SigstoreCon 2024: Advancing Software Supply Chain Security

SigstoreCon

On November 12, 2024, the software security community gathered in Salt Lake City for SigstoreCon: Supply Chain Day, co-located with KubeCon North America 2024. The one-day conference brought together developers, maintainers, and security experts to explore how Sigstore is transforming software supply chain security through simplified signing and verification of digital artifacts.

Read more

News from OpenSSF Community Meetings and Projects:

In the News:

Meet OpenSSF at These Upcoming Events!

You’re invited to


See You Next Year! 

We want to get you the information you most want to see in your inbox. Have ideas or suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org, and see you in 2025! 

Regards,

The OpenSSF Team

In the Face of Mounting Regulatory Oversight, Honda and Guidewire Join Industry Leaders Securing Software Development at the Open Source Security Foundation (OpenSSF)

By Blog, Press Release

Growing Member Base and Launch of SOSS Community Day India Continue to Advance Open Source Software Security

Delhi, India – December 10, 2024 – The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation, helps individuals and organizations build secure software by providing guidance, tools, and best practices applicable to all software development. Today, the OpenSSF announced new members from the automotive and insurance technology industries at the first-of-its-kind Secure Open Source Software (SOSS) Community Day India. SOSS Community Day India brings together community members from across the security and open source ecosystem to share ideas and advance solutions for sustainably securing the software we all depend on, building a foundation for a more secure and innovative future.

New general member commitments come from Honda Motor Co., Ltd. and Guidewire Software, Inc. With support from these new organizations, the OpenSSF heads into the last month of 2024 with 126 members that together recognize the importance of backing, maintaining, and promoting secure open source software.

“We are excited to welcome our newest members and celebrate this milestone with the launch of the first SOSS Community Day in India,” said Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair. “India has an incredible open source ecosystem, and this event provides an opportunity to foster collaboration, address shared challenges, and ensure the security of the open source software powering the digital world. Together, we’re building a more secure and innovative future.”

SOSS Community Day India features a packed agenda with sessions led by top experts on topics like education, innovation, tooling, vulnerabilities, and threats. The event not only highlights the OpenSSF community’s ongoing work, but also provides an avenue to expand its reach through new partnerships and memberships, welcoming inquiries from potential collaborators. Participants will see how the OpenSSF community is driving improvements in open source software security and advancing its mission to create a more secure ecosystem for everyone.

General Member Quotes

Honda Motor Co., Ltd.

“Honda is pleased to be able to participate in the OpenSSF project as OSS security becomes increasingly important. In addition to contributing to the OpenSSF community, we look forward to working to strengthen OSS security across the industry in the future.” Yuichi Kusakabe, Chief Architect – IVI software PF/OSPO Tech Lead, Honda Motor Co., Ltd.

Guidewire Software, Inc.

“We’re excited to become a member of OpenSSF,” said Anoop Gopalakrishnan, vice president, Engineering, Guidewire. “This partnership reflects our continued commitment to advancing open source security and collaborating with like-minded innovators to create a more secure and resilient software ecosystem.” 

Additional Resources

  • View the complete list of OpenSSF members.
  • Explore the SOSS Community Day India program schedule to see the lineup of sessions and speakers.
  • To learn more about the OpenSSF community, including information about membership, contribution, project participation, and more, contact us here.

###

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org.

About the Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact
Jennifer Tanner
Look Left Marketing
openssf@lookleftmarketing.com