We’re pleased to announce we will be hosting the second ever OpenSSF Day at Open Source Summit Europe on Tuesday, September 13th. This is your chance to find out what the OpenSSF community is doing to secure the open source ecosystem and how you can get involved.
My learning experience taking the “DEVELOPING SECURE SOFTWARE (LFD121)” course was positive, and I immediately started applying these learnings in my work as a software architect and developer.
At the next virtual OpenSSF Town Hall you will get an in-depth tour of several key initiatives and find out how to get involved yourself in the exciting work of the OpenSSF.
A new survey by Chainguard in collaboration with the Eclipse Foundation, the Rust Foundation and OpenSSF aims to understand the software supply chain integrity practices of a broad range of software professionals. The goal of this survey is to learn more about how software professionals use and view key software supply chain integrity practices.Â
I’m very excited to present at the first ever Open Source Security Foundation (OpenSSF) meetup in India, next Thursday, July 28 in Bangalore, hosted by OpenSSF Premier Member, Wipro. Companies and governments are increasingly recognizing the need to prioritize their software supply chains and the role open source software (OSS) plays in them. Given the increasing…
By: The OpenSSF Technical Advisory Council On July 8th, 2022, the Python Package Index (PyPI) announced a security key giveaway for maintainers of critical projects, where “critical” is a label...
The first ever OpenSSF Day at the Open Source Summit North America (OSS NA) was a big success. On June 20th, we gathered in Austin, Texas and online to understand how to solve some of the biggest security challenges in the open source industry, steps being taken, and what’s next.Â
We’re excited to report the results of two security audits, one for Sigstore and one for slf4j. The goal of security audits is to find vulnerabilities so they can be fixed before attackers exploit them, as well as to identify opportunities to harden a project’s implementation and processes to counter vulnerabilities in the future. The…
To make it easier to use Sigstore’s toolkit to its full potential, OpenSSF and Linux Foundation Training & Certification released a free online training course, Securing Your Software Supply Chain with Sigstore (LFS182x), designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers, etc.
Snyk has teamed up with the Linux Foundation to research and report on security concerns in the open source ecosystem. The 2022 State of Open Source Security report shows that many organizations still don’t have good policies and governance around open source security in spite of the popularity of open source packages.
