Open Source

What’s in the SOSS? Podcast #33 – S2E10 Bridging DevOps and Security: Tracy Ragan on the Future of Open Source

Podcast Developer Relations DevOps DevRel. Developers Open Source OSS Podcast Security

GUAC 1.0 is Now Available

The GUAC project is proud to announce the release of GUAC 1.0. GUAC — which stands for “Graph for Understanding Artifact Composition” is an OpenSSF incubating project that brings understanding and insights to the software supply chain. Started by Kusari, Google, and Purdue University, GUAC has contributions from over 400 people representing more than 90…

Blog Guest Blog Community GUAC Open Source OpenSSF

From Sandbox to Incubating: gittuf’s Next Step in Open Source Security

We’re pleased to share that gittuf, a platform-agnostic Git security framework, has officially progressed to the Incubating Project stage under the Open Source Security Foundation (OpenSSF). This marks a major milestone in gittuf’s development and recognizes the project’s technical progress, community growth, and alignment with the broader mission of strengthening the open source software supply…

Blog Guest Blog Community gittuf Linux Foundation Open Source OpenSSF project

What’s in the SOSS? Podcast #31 – S2E08 Cybersecurity Framework Launch

Podcast Cybersecurity education Framework IT Open Source Podcast Skills

OpenSSF Tech Talk Recap: Using the OSPS Baseline to Navigate Standards and Regulations

On April 24, the Open Source Security Foundation (OpenSSF) hosted a Tech Talk to help open source maintainers, contributors, and organizations better navigate the growing landscape of security standards and regulations.

Blog Linux Foundation Open Source OpenSSF OSPS Baseline OSS Security Security Baseline Tech Talk

What’s in the SOSS? Podcast #29 – S2E06 Showing Up Fully: Meet OpenSSF’s new Community Manager, Stacey Potter

Podcast bear Community Management Cybersecurity Open Source OpenSSF Podcast

Vulnerability Enumeration Conundrum – an Open Source Perspective on CVE and CWE

In recent days, the vulnerability management ecosystem has experienced shocking news that the de facto standard used throughout industry and upstream, the CVE & CWE Programs, were unexpectedly being defunded and at risk of shuttering its doors. This caused 24 hours of panic up and downstream, but that decision was quickly reversed as CISA stepped…

Blog Guest Blog CVE CWE Open Source Open Source Community OpenSSF

FOSDEM 2025: OpenSSF Community Wrap Up

The Free and Open source Software Developers’ European Meeting (FOSDEM) is a non-commercial, volunteer-organized European event centered on free and open source software development. It is aimed at developers and anyone interested in the open source software movement.

Blog Cyber Resilience Act FOSDEM Linux Foundation Open Source OpenSSF Public Policy Public Sector

Does the EU CRA affect my business?

The European Union’s Cyber Resilience Act (CRA) is a piece of legislation that covers all countries within the EU and the EEA and entered into force on 10th December 2024. It covers many types of devices and applications that are either sold or otherwise made commercially available on the European market and the intention behind…

Blog EU Cyber Resilience Act Global Cyber Policy CRA Cyber Resilience Act Cybersecurity Open Source OpenSSF Public Policy Public Sector Software Security Supply Chain Security

OpenSSF Newsletter – January 2025

Welcome to the January 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community. Submit to...

Newsletter Newsletter Open Source OpenSSF