Vulnerability Disclosures

We are improving the overall security of the OSS ecosystem by helping advance vulnerability reporting and communication with tools to enable OSS maintainers to easily issue VEX documents.

The Vulnerability Disclosures Working Group serves open source maintainers and developers, assists security researchers, and helps downstream open source software consumers.

Projects

Criticality Score

Assigning a score to create a list of critical open source projects.

Learn More

OpenVEX

A simplified Vulnerability Exploitability eXchange implementation.

Learn More

OSV Schema

Better vulnerability triage for open source.

Learn More

The Securing Critical Projects working group also supports some of the projects in this category.

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

We are improving the overall security of the OSS ecosystem by helping advance vulnerability reporting and communication with tools to enable OSS maintainers to easily issue VEX documents.

Projects

Criticality Score

OpenVEX

OSV Schema

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

Vulnerability Disclosures

We are improving the overall security of the OSS ecosystem by helping advance vulnerability reporting and communication with tools to enable OSS maintainers to easily issue VEX documents.

Projects

Criticality Score

OpenVEX

OSV Schema

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox