CVE-2024-3094 documents a backdoor in the xz package. While the motivation behind this backdoor remains unknown, the intent was to compromise specific distributions, as the backdoors were only applied to DEB or RPM packages for the x86-64 architecture built with gcc and the gnu linker. Situations like this remind us all that we need to…
The OpenSSF was pleased to be one of the sponsors that helped contribute to the inaugural 2024 VulnCon conference that brought together experts from across industry, government, security researchers, and community members throughout 3 days and nearly 40 sessions. Brought together by the FIRST PSIRT SIG and the CVE Board. Christopher “CRob” Robinson, OpenSSF TAC Chair…
Scorecard is an automated tool from the OpenSSF that assesses 19 different vectors with heuristics ("checks") associated with important software security aspects and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your project. Intel currently uses Scorecard to…
Empowering Women in Tech: An Interview on Angela Jeffrey’s Journey to Cybersecurity Interviewer: Omkhar Arasaratnam
Last week the community convened for the first OpenSSF Tech Talk of the year, shining a spotlight on OpenSSF Scorecard. OpenSSF Scorecard aids developers and open source consumers in assessing how well an open source project adheres to best practices. It evaluates projects for security risks using a series of automated checks. The Tech Talk…
The CVE and FIRST VulnCon 2024 and Annual CNA Summit is set to take place in Raleigh, North Carolina, next week! The OpenSSF is delighted to support this initiative and our cross-industry goals to sustainably make open source software safer.
Supply chain security took a giant leap forward this month as Sigstore officially became a graduated project within the Open Source Security Foundation (OpenSSF). This milestone is a testament to Sigstore's maturity, adoption, and its undeniable impact on making the creation and distribution of software more trustworthy.
We're excited to announce the agenda for the Tabletop Exercise (TTX) at Secure Open Source Software (SOSS) Community Day NA in now live which will take place on April 15, 2024 in Seattle, WA.Â
The OpenSSF is pleased to announce an exciting new process that will help connect impactful Technical Initiatives (TIs) with strategic funding. The OpenSSF Technical Advisory Council and Governing Board have defined a process by which OpenSSF TI’s can apply for funding and we’re confident that unlocking this new process will help create a sustainable secure…
The Open Source Security Foundation (OpenSSF) has just released its 2024 plan to improve software developer education, titled “Plan for Improving Software Developer Security Education”. This is the plan the OpenSSF Education Special Interest Group (SIG) intends to follow this year.
