OpenSSF Webinar: Introduction to Project Alpha-Omega
We’ve scheduled a webinar on February 16, 2022 at 10:00 AM US/Pacific time for anyone who wants to learn more about Project Alpha-Omega and registration is now open! Hear from...
Blog
Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4
Authors: Best Practices Working Group, Laurent Simon (Google), Azeem Shaikh (Google), and Jose Palafox (GitHub) Today, two members of the Open Source Security Foundation, Google and GitHub, are partnering to...
The OpenSSF and the Linux Foundation Address Software Supply Chain Security Challenges at White House Summit
Today marks an important moment in the Linux Foundation’s history of engagement with public sector organizations. The White House convened an important cross-section of the Open Source developer and commercial...
Open Source Foundations Must Work Together to Prevent the Next Log4Shell Scramble
As someone who has spent their entire career in open source software (OSS), the Log4Shell scramble (an industry-wide four-alarm-fire to address a serious vulnerability in the Apache Log4j package) is...
Securing Critical Open Source Projects with Multifactor Authentication
The Open Source Security Foundation (OpenSSF) Developer Best Practices Working Group has undertaken a project to improve the overall security and integrity of critical open source software projects and their...
November Town Hall Recording
On behalf of the OpenSSF community and staff, thank you to everyone who joined our quarterly town hall meeting today. If you weren’t able to attend the live presentation, check...
OpenSSF Quarterly Town Hall Announcement – UPDATED
The OpenSSF community is excited to chat more in-depth about several exciting project updates and recent announcements! We hope you’ll join us for our next community Town Hall, to be...
The World’s Major Technology Providers Converge to Improve the Security of Software Supply Chains
Imagine you have created an open source project that has become incredibly popular. Thousands, if not millions, of developers worldwide, rely on the lines of code that you wrote. You...
Announcing the OpenSSF Vulnerability Disclosure WG guide to disclosure for OSS projects
Authors: Anne Bertucio, Christopher Robinson, David Wheeler, OpenSSF Vulnerability Disclosure WG members https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md Vulnerability disclosure is the process of reporting, remediating, and communicating the details of a discovered vulnerability. This...
Introducing the Allstar GitHub App
Authors: Mike Maraya, Jeff Mendoza We’re excited to announce Allstar, a GitHub app that provides automated continuous enforcement of security best practices for GitHub projects. With Allstar, owners can check...