DruBOM: An SBOM for Drupal
DruBOM is a Software Bill of Materials (SBOM) for Drupal. It is a list of all the dependencies of a Drupal project, including the Drupal core, modules, themes, and libraries.
Blog
Recap of SOSS Community Day North America 2024
On April 15, 2024, Secure Open Source Software (SOSS) Community Day North America (NA) brought together the open source community in Seattle to delve into discussions surrounding the challenges, overarching solutions, ongoing initiatives, and triumphs in fortifying the open source software (OSS) supply chain. Alongside dedicated SOSS contributors and thought leaders, we embarked on an…
OpenSSF Taps Bruce Schneier to Discuss AI and OSS Security During Keynote at SOSS Fusion Conference 2024
OpenSSF Taps Bruce Schneier to Discuss AI and OSS Security During Keynote at SOSS Fusion Conference 2024 Register by Aug. 9 for special early bird giveaways! Get access to interactive workshops, in-depth discussions and valuable sessions about securing open source software
Spotlight on the OpenSSF AI/ML Working Group
By Mihai Maruseac and Jay White What do open source software, security and AI/ML have in common? The intersection of these topics is what the OpenSSF AI/ML Working Group tackles....
Join Us at the OSS Security Meetup in Tokyo, Japan With General Manager Omkhar + SOSS Community Day North America Event Report
We are excited to announce that the members of the Open Source Security Foundation (OpenSSF), A cross-industry initiative that brings together the industry’s most important open source security initiatives and the individuals and companies that support them, will hold the Meetup on Monday, May 13th at Cybertrust Japan having OpenSSF General Manager Omkhar Arasaratnam for…
Beyond Scores with OpenSSF Scorecard: Granular Structured Results for Custom Policy Enforcement
OpenSSF Scorecard is a tool to help open source projects reduce software supply-chain risks. Scorecard analyzes projects against a series of heuristics and generates scores from 0–10 for the project — 0 meaning that the project employs high-risk practices and 10 meaning that the project follows security best practices.
CISA, DHS S&T and OpenSSF Announce Global Launch of Software Supply Chain Open Source Project
The Open Source Security Foundation (OpenSSF), in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), today announced the launch and availability of Protobom, a new and innovative open source software supply chain tool.
OpenSSF Announces New Members & Initiatives at SOSS Community Day North America
The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), is excited to announce new members from leading technology, aerospace, and security firms at Secure Open Source Software (SOSS) Community Day North America.
Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects
The recent attempted XZ Utils backdoor (CVE-2024-3094) may not be an isolated incident as evidenced by a similar credible takeover attempt intercepted by the OpenJS Foundation, home to JavaScript projects used by billions of websites worldwide. The Open Source Security (OpenSSF) and OpenJS Foundations are calling all open source maintainers to be alert for social…
Unveiling the Golden Egg Award Winners: Celebrating Excellence in Open Source Security
We’re excited to announce the winners of the Golden Egg Awards. These awards shine a light on those who go above and beyond in enriching our community. The Golden Egg Award symbolizes the community’s gratitude for selfless dedication to securing open source projects through community engagement, engineering, innovation, and thoughtful leadership.Â