Jan 31, 2025 |
Linux Foundation Europe and OpenSSF Launch Initiative to Prepare Maintainers, Manufacturers, and Open Source Stewards for Global Cybersecurity Legislation
Leading organizations support global cybersecurity legislation preparedness efforts for open source communities. BRUSSELS 鈥� JANUARY 31, 2025 鈥� Linux Foundation Europe and OpenSSF are excited to announce a global joint initiative to help prepare maintainers, manufacturers, and open source stewards for the implementation of the EU Cyber Resilience Act (CRA)… Read more.
Jan 29, 2025 |
Alpha Omega 2024 Annual Report
This post originally appeared on Alpha-Omega and has been revised for the OpenSSF. By Alpha-Omega We鈥檙e pleased to share our 2024 annual report. In it we try to convey the great progress in securing open source and our joy in seeing the increased security across so many open source ecosystems.… Read more.
Jan 29, 2025 |
In Blog
OpenSSF Community Day NA 2025: Call for Proposals Now Open!
The Call for Proposals (CFP) for OpenSSF Community Day North America is officially open through March 23, 2025! Co-located with Open Source Summit North America, this event will bring the open source community together in Denver, Colorado, on June 26, 2025, for a full day of engaging discussions and presentations… Read more.
Jan 23, 2025 |
Predictions for Open Source Security in 2025: AI, State Actors, and Supply Chains
Open source software is everywhere鈥攗sed in almost every modern application鈥攂ut the security challenges it faces continue to grow more serious.聽 Relying on the backbone of volunteers, vulnerabilities now make it a prime target for cyberattacks by both malicious hackers and state actors. The close call with the xz Utils backdoor… Read more.
Jan 22, 2025 |
Accelerating OpenSSF Adoption: Unlocking Scorecard Insights with a Centralized Dashboard
Open source components are consumed by over 90% of modern applications. Their omnipresence stems from their cost-effectiveness, flexibility, and collaborative nature, making them a cornerstone of contemporary software development. However, this widespread use also makes it a critical weak link in software security. Many open source projects are maintained by… Read more.
Jan 3, 2025 |
In Blog
SOSS Community Day India 2024: Wrap Up
Towards the end of 2024, we hosted the inaugural SOSS Community Day India, and we鈥檙e thrilled to share that it was a resounding success! This remarkable event brought together some of the most active open source contributors in the industry for a day filled with sharing, learning, and collaboration Read more.
Dec 23, 2024 |
CRA Stewards and Manufacturers Workshop: Key Takeaways and Next Steps
Last week the Linux Foundation Europe and OpenSSF teams held a workshop focused on the implications of the recently published Regulation (EU) 2024/2847, commonly known as the Cyber Resilience Act or CRA. The 2024 Stewards and Manufacturers Workshop in Amsterdam was a highly successful event where members from across the… Read more.
Dec 20, 2024 |
In Blog
Staying OSS Safe During the Holidays
The holiday season is upon us, and while many of us are gearing up for festivities, gift shopping, and reconnecting with loved ones, it鈥檚 also a time when cybersecurity threats loom larger than ever. Supply-chain attacks such as SolarWinds and Log4Shell happened during the holiday season, as that is a… Read more.
Dec 16, 2024 |
SigstoreCon 2024: Advancing Software Supply Chain Security
On November 12, 2024, the software security community gathered in Salt Lake City for SigstoreCon: Supply Chain Day, co-located with KubeCon North America 2024. The one-day conference brought together developers, maintainers, and security experts to explore how Sigstore is transforming software supply chain security through simplified signing and verification of… Read more.
Dec 11, 2024 |
Understanding the CRA: OpenSSF鈥檚 Role in the Cyber Resilience Act Implementation – Part 2
In Part 1, we provided a general overview of the CRA and highlighted OpenSSF鈥檚 current activities related to its implementation. In Part 2, we鈥檒l take a closer look at the three-year implementation timeline and what lies ahead. Read more.