Blog

May 03

How I Got Involved with the OpenSSF

By OpenSSF Blog, Guest Blog

Let’s get it out of the way early: it’s not always clear how you can best plug into organizations like OpenSSF. That’s why I’m writing this guest blog post as…

May 02

Love0

Getting to know the Open Source Vulnerability (OSV) format

By jbly Blog

To keep the modern technological world of open source software safe, it is critical to efficiently and accurately communicate information about open source vulnerabilities. The OSV Schema, created through the…

Apr 26

Love0

Join Us at the OSS Security Meetup in Tokyo, Japan

By OpenSSF Blog

We are very excited to announce that our second OSS Security Meetup in Japan will be held at Cybozu Tokyo Office on June 2nd in Tokyo, hosted by Open Source…

Apr 26

Love0

OpenSSF Seats New Technical Advisory Council and Security Community Individual Representative

By jbly Blog

We are excited to announce the composition of 2023 Technical Advisory Council (TAC) and Security Community Individual Representative (SCIR) on the Governing Board of the OpenSSF. The 2023 TAC includes…

Apr 19

Love0

OpenSSF Announces SLSA Version 1.0 Release

By OpenSSF Blog, Press Release

The Open Source Security Foundation (OpenSSF) is proud to announce the release of version 1.0 of Supply-chain Levels for Software Artifacts (SLSA). SLSA is an OpenSSF project that provides specifications…

Apr 17

Love0

Distinguish between source and vendor

By David Wheeler Blog, Guest Blog

It’s important to distinguish the term “source” (any source of a good or service) from the term “vendor” (a source who is paid and has a contractual relationship), especially when…

Apr 14

Love0

Assessing Product Risk Using SBOMs and OpenSSF Scorecard

By OpenSSF Blog, Guest Blog

The use of SBOMs is becoming increasingly essential in managing software supply chains. The main consumption use case is for evaluating dependencies known-vulnerabilities risk, by mapping the dependencies listed in…

Apr 12

Love0

OpenSSF Board Member Spotlight - Brian Fox, Sonatype

Spotlight on OpenSSF Board Member: Brian Fox, Co-Founder and CTO, Sonatype

By jbly Blog

Join us for a conversation with OpenSSF Board Member, Brian Fox. In this series, we are shining the spotlight on individuals who play a pivotal leadership role in setting the…

Apr 06

Love0

SBOMs, So Far, So Good, So What?

By OpenSSF Blog, Guest Blog

We’ve been discussing the creation of SBOMs for over ten years, but has it gotten us any closer to hardening our software development practices? SBOMs provide critical supply chain data,…

Apr 05

Love0

OpenSSF Best Practices Working Group Provides Security Guidance and Tools for Open Source Developers

By OpenSSF Blog

The goal of the Best Practices Working Group is to provide open source developers with recommendations on best practices around development and security. This working group focuses on providing developers…

How I Got Involved with the OpenSSF

Getting to know the Open Source Vulnerability (OSV) format

Join Us at the OSS Security Meetup in Tokyo, Japan

OpenSSF Seats New Technical Advisory Council and Security Community Individual Representative

OpenSSF Announces SLSA Version 1.0 Release

Distinguish between source and vendor

Assessing Product Risk Using SBOMs and OpenSSF Scorecard

Spotlight on OpenSSF Board Member: Brian Fox, Co-Founder and CTO, Sonatype

SBOMs, So Far, So Good, So What?

OpenSSF Best Practices Working Group Provides Security Guidance and Tools for Open Source Developers

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

Blog

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox