Nov 2, 2023 |
In Blog
OpenSSF Co-Signs Industry Joint Statement on Article 45 in the EU’s eIDAS Regulation
The organizations that build and secure the Internet are concerned about proposed EU regulations that aim to mandate that all Web browsers recognize a new form of certificate for the purposes of authenticating websites. To support Mozilla’s position on eIDAS regulation and the organization’s multi-year effort to avert a potential… Read more.
Nov 2, 2023 |
In Blog, Press Release
Linux Foundation, ISC2 and OpenSSF Collaborate to Target Secure Code Development
Linux Foundation Training & Certification, ISC2, and Open Source Security Foundation (OpenSSF) today announced a new collaboration to empower the open source cybersecurity community through secure software development, knowledge sharing, education, certification and much more. Together, the three organizations will lead the way to secure software development and lifecycle management… Read more.
Nov 1, 2023 |
US White House Executive Order on Safe, Secure, and Trustworthy AI
The Biden-Harris Administration issued a landmark Executive Order on developing Artificial Intelligence (AI), harnessing the power of AI responsibly, and managing the risks of AI. Executive Order 14110 directs actions for new standards on AI safety, security, privacy protection, equity and civil rights advancement, consumer and worker protection, and more. Read more.
Nov 1, 2023 |
In Blog, Press Release
OpenJS Foundation Warns Consumer Privacy and Security at Risk in Three-Quarters of a Billion Websites
Global web infrastructure is in a precarious position based on new research by the OpenJS Foundation thanks to an OpenSSF grant. The OpenJS Foundation is announcing the results of an end-user audit based on an IDC survey that shows three-quarters of a billion websites are running out of date software, with most… Read more.
Oct 31, 2023 |
In Blog
OpenSSF Identifying Security Threats Working Group: Evaluating the Health of Open Source Projects
This month's spotlight is on the OpenSSF Identifying Security Threats Working Group, which recently released the first version of the Security Insights Specification. This Working Group is dedicated to equipping the community with tools and documents for assessing the health of open source projects using metrics and other supporting evidence. Read more.
Oct 30, 2023 |
In Blog, Guest Blog
Safeguarding Your Data – How to Harden Your Systems
In our increasingly digitized world, data reigns supreme. Alongside traditional valuable information like customer records and bank details, data on interactions and activity has become more valuable to companies. As data has become critical, it is also more at risk from theft or attacks like ransomware. According to IBM, the… Read more.
Oct 26, 2023 |
In Blog
3 New Express Learning Courses on Security for Cloud Pros
Security is the key theme throughout the three new free Express Learning courses launched by Linux Foundation Training & Certification for cloud professionals. The courses include: Security Self-Assessments for Open Source Projects (LFEL1005), Securing Projects with OpenSSF Scorecard (LFEL1006), Automating Supply Chain Security: SBOMs and Signatures (LFEL1007). Read more.
Oct 24, 2023 |
In Blog
OpenSSF Launches Security Job Board for the Community
We are excited to announce the launch of the OpenSSF Security Job Board. This job board is meant to serve the community in two ways: allowing developers to view top-notch jobs in the security space and helping companies hire great people. By making the best security jobs easily accessible in… Read more.
Oct 23, 2023 |
In Blog
Secure by Design: Guidance from Governments
In April 2023 the US Cybersecurity and Infrastructure Agency (CISA), along with other government agencies inside and outside the US, released a paper emphasizing software secure-by-design principles and approaches. In October 2023 a significant update was released, now titled Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure… Read more.
Oct 20, 2023 |
In Blog
SLSA Tech Talk Highlights
Earlier this month we held a Tech Talk on Securing the Software Supply Chain: An In-Depth Exploration of SLSA. SLSA, or Supply-chain Levels for Software Artifacts, is an OpenSSF project that provides a security framework to improve the integrity and security of packages and infrastructure. You can watch the Tech… Read more.