Projects adopting the practices set out by the OpenSSF in its Security Score, including adopting a dependency update tool that ensures rapid updating of vulnerable dependencies, will improve their project's security and the security of the open source projects that depend on them. Dependency management is critical, because Sonatype’s research revealed that about 6 out…
Meet Melba Lopez, STSM - Supply Chain Security, IBM. Contributors play an important role in the OpenSSF and the Linux Foundation, so we want to give you a chance to meet some of the amazing individuals in the open source software (OSS) security community. Over the next few weeks we’ll be featuring maintainers and contributors…
Meet Priya Wadhwa, Software Engineer, Chainguard. Maintainers play a vital role in the OpenSSF and the Linux Foundation and we think you should get a chance to meet some of the amazing individuals powering open source software (OSS) security initiatives. Over the next few weeks we'll be featuring maintainers and contributors and hearing how they…
Securing critical OSS components and infrastructure is an important part of securing critical infrastructure. When we consider open source critical infrastructure we must keep in mind that not all OSS is equally important, but some OSS (& its supporting infrastructure) are very critical. Several initiatives are underway at the OpenSSF to identify and fill gaps…
Thought Leadership Day on open source, infrastructure, security and community curation on the 17th of October will bring together leading figures from international Open Source communities around security, and provide opportunities to discuss the challenges that exist around security and open source over time.
Meet Azeem Shaikh, Senior Software Engineer, Google. Maintainers play a vital role in the OpenSSF and the Linux Foundation and we think you should get a chance to meet some of the amazing individuals powering open source software (OSS) security initiatives. Over the next few weeks we’ll be featuring maintainers and contributors and hearing how…
A well-designed Open Source Program Office (OSPO), when present, is the center of competency for an organization’s open source operations and structure. Here are a dozen ways OSPOs can be a key lever for open source sustainability & security in your organizations.
Along the River Liffey in Dublin, Ireland we hosted OpenSSF Day EU at the Open Source Summit Europe earlier this month where community members gathered together to discuss the challenges, big-picture solutions, ongoing work and successes in securing the open source software (OSS) supply chain.
The Securing Open Source Software Act is in response to the Log4Shell vulnerability discovered in late November 2021. What is the Securing Open Source Software Act about? On 21st September 2022, U.S. Senators Gary Peters (D-MI) and Rob Portman (R-OH), Chairman and Ranking Member of the Senate Homeland Security and Governmental Affairs Committee, introduced bipartisan…
This year SigstoreCon will be hosted for the first time! The one-day event will take place on October 25, in Detroit Michigan, in co-location with KubeCon + CloudNativeCon North America. SigstoreCon aims to help accelerate how you secure your software supply chain. The great news is that this is a vendor-neutral conference organized by the…
