Blog

Aug 18

The Rising Threat of Software Supply Chain Attacks: Managing Dependencies of Open Source Projects

By OpenSSF Blog, Guest Blog

If you're not using automation to monitor the security risks from your dependency tree, chances are your project is vulnerable. Although these vulnerabilities may not be malicious, they can still…

Aug 09

Love1

OpenSSF to Support DARPA on New AI Cyber Challenge (AIxCC)

By OpenSSF AI, Blog, Press Release

The Open Source Security Foundation (OpenSSF) announced today at Black Hat 2023 its collaboration with the Defense Advanced Research Projects Agency (DARPA) on the AI Cyber Challenge (AIxCC) – a…

Jul 28

Love0

Understanding and Applying the OpenSSF Criticality Score in Open Source Projects

By OpenSSF Blog, Guest Blog

At Open Source Summit North America earlier this year as a 10th grader, Nathan Naveen, gave a talk about OpenSSF Criticality Score. Nathan takes a look at why understanding tools…

Jul 27

Love0

OpenSSF Vulnerability Disclosures Working Group Helps Guide and Automate Handling Risk

By OpenSSF Blog

The OpenSSF Vulnerability Disclosures Working Group aims to improve open source security by developing and advocating well-managed vulnerability reporting and communication. We do so by documenting and supporting best vulnerability…

Jul 21

Love0

Manage how you protect your assets at scale with SBOMs

By OpenSSF Blog, Guest Blog

While many in the industry realize the value of having a software bill of materials, creators still need to generate high-fidelity SBOMs, and software consumers must ingest and enforce actions…

Jul 20

Love0

Fuzz Introspector: optimizing fuzzing workflows

By OpenSSF Blog, Guest Blog

Fuzz Introspector is an open source tool that at its core provides insights and suggestions for improvements on how a given project is being fuzzed. In this blog post we…

Jul 19

Love0

OpenSSF Day Europe Agenda Now Live

By jbly Blog

The OpenSSF Day Europe agenda is now live! We will be hosting a full day of interesting session presentations, panels, and lightning talks on September 18th, colocated with Open Source…

Jun 30

Love0

SBOM Everywhere and the Security Tooling Working Group: Providing the Best Security Tools for Open Source Developers

By OpenSSF Blog

This month, we present a spotlight on the SBOM Everywhere initiative, housed under the OpenSSF Security Tooling Working Group. The mission of the Security Tooling Working Group is to identify,…

Jun 22

Love0

Python Software Foundation Alpha Omega Welcome New PSF Security Developer in Residence

PSF Welcomes New Security Developer in Residence with Support from Alpha-Omega

By OpenSSF Alpha-Omega, Blog

Through funding by the OpenSSF’s Alpha-Omega Project, the Python Software Foundation (PSF) has hired a new security developer in residence as part of a year-long security enhancement initiative. PSF announced…

Jun 20

Love0

Why SBOM Generators Need to Accurately Represent Open Source Licenses

By OpenSSF Blog, Guest Blog

SBOMs enable organizations to identify vulnerabilities, track open-source usage, and ensure compliance with numerous licensing obligations. Having a “single source of truth” for security and licensing information helps everyone. Let’s…

The Rising Threat of Software Supply Chain Attacks: Managing Dependencies of Open Source Projects

OpenSSF to Support DARPA on New AI Cyber Challenge (AIxCC)

Understanding and Applying the OpenSSF Criticality Score in Open Source Projects

OpenSSF Vulnerability Disclosures Working Group Helps Guide and Automate Handling Risk

Manage how you protect your assets at scale with SBOMs

Fuzz Introspector: optimizing fuzzing workflows

OpenSSF Day Europe Agenda Now Live

SBOM Everywhere and the Security Tooling Working Group: Providing the Best Security Tools for Open Source Developers

PSF Welcomes New Security Developer in Residence with Support from Alpha-Omega

Why SBOM Generators Need to Accurately Represent Open Source Licenses

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

Blog

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox