OpenSSF

OSPS Baseline: Practical security best practices for open source software projects

cyber resilience, Don't miss, guide, Hot stuff, News, open source, OpenSSF, software development /

OSPS Baseline: Practical security best practices for open source software projects 2025-02-28 at 14:49 By Help Net Security The Open Source Security Foundation (OpenSSF), a cross-industry initiative by the Linux Foundation, has announced the initial release of the Open Source Project Security Baseline (OSPS Baseline), a tiered framework of security practices that evolve with the […]

React to this headline:

Loading spinner

OSPS Baseline: Practical security best practices for open source software projects Read More »

OpenSSF Releases Security Baseline for Open Source Projects

Application Security, open source, OpenSSF, OSPS Baseline /

OpenSSF Releases Security Baseline for Open Source Projects 2025-02-26 at 13:45 By Eduard Kovacs The Open Source Security Foundation (OpenSSF) has created a structured set of security requirements for open source projects. The post OpenSSF Releases Security Baseline for Open Source Projects appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

OpenSSF Releases Security Baseline for Open Source Projects Read More »

One-third of dev professionals unfamiliar with secure coding practices

code, News, OpenSSF, report, software, software development, survey, The Linux Foundation, training /

One-third of dev professionals unfamiliar with secure coding practices 2024-07-19 at 07:01 By Help Net Security Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security, according to OpenSSF and the Linux Foundation. Despite this, many developers lack the essential knowledge and skills to effectively implement secure software development. Lack

React to this headline:

Loading spinner

One-third of dev professionals unfamiliar with secure coding practices Read More »

Authelia: Open-source authentication and authorization server

authentication, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, OpenSSF, software /

Authelia: Open-source authentication and authorization server 2024-05-22 at 07:33 By Mirko Zorz Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests. Authelia connects directly to the reverse proxy but never to the application backends.

React to this headline:

Loading spinner

Authelia: Open-source authentication and authorization server Read More »

Establishing a security baseline for open source projects

automation, cybersecurity, Don't miss, education, Features, Hot stuff, News, open source, OpenSSF, opinion, patching, penetration testing, policy, software development, standards /

Establishing a security baseline for open source projects 2024-05-13 at 08:01 By Mirko Zorz In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges. The OpenSSF community has developed open-source security tools and projects, aiming

React to this headline:

Loading spinner

Establishing a security baseline for open source projects Read More »

Protobom: Open-source software supply chain tool

CISA, DHS, Don't miss, GitHub, News, open source, OpenSSF, software /

Protobom: Open-source software supply chain tool 2024-04-19 at 07:31 By Mirko Zorz Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data across standard industry SBOM formats. “he Protobom project was

React to this headline:

Loading spinner

Protobom: Open-source software supply chain tool Read More »

New open-source project takeover attacks spotted, stymied

backdoor, CISA, Don't miss, Endor Labs, Hot stuff, News, O'Reilly, open source, OpenJS Foundation, OpenSSF, social engineering, supply chain attacks, tips /

New open-source project takeover attacks spotted, stymied 2024-04-16 at 16:16 By Zeljka Zorz The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious maintainer achieved that coveted position after

React to this headline:

Loading spinner

New open-source project takeover attacks spotted, stymied Read More »

Transitioning to memory-safe languages: Challenges and considerations

code, cybersecurity, Don't miss, education, Features, Hot stuff, News, OpenSSF, opinion, programming, regulation, software development /

Transitioning to memory-safe languages: Challenges and considerations 2024-03-11 at 09:07 By Mirko Zorz In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. Memory safety concerns, prevailing

React to this headline:

Loading spinner

Transitioning to memory-safe languages: Challenges and considerations Read More »

Securing software repositories leads to better OSS security

CISA, Don't miss, framework, GitHub, Hot stuff, Malware, News, open source, OpenSSF, PyPI /

Securing software repositories leads to better OSS security 2024-03-04 at 14:03 By Zeljka Zorz Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s

React to this headline:

Loading spinner

Securing software repositories leads to better OSS security Read More »

White House launches AI Cyber Challenge to make software more secure

Anthropic, Artificial Intelligence, Black Hat USA 2023, critical infrastructure, cybersecurity, darpa, DEF CON, Google, Government, Microsoft, News, OpenAI, OpenSSF, software, USA, vulnerability /

White House launches AI Cyber Challenge to make software more secure 10/08/2023 at 12:33 By Help Net Security The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the internet and critical infrastructure. The AI Cyber Challenge (AIxCC) will challenge

React to this headline:

Loading spinner

White House launches AI Cyber Challenge to make software more secure Read More »

Popular generative AI projects pose serious security threat

Artificial Intelligence, cybersecurity, generative AI, GitHub, News, OpenSSF, report, Rezilion /

Popular generative AI projects pose serious security threat 29/06/2023 at 07:48 By Help Net Security Many popular generative AI projects are an increased security threat and open-source projects that utilize insecure generative AI and LLMs also have poor security posture, resulting in an environment with substantial risk for organizations, according to Rezilion. Advancements in LLMs

React to this headline:

Loading spinner

Popular generative AI projects pose serious security threat Read More »

Enhancing open source security: Insights from the OpenSSF on addressing key challenges

CISO, Don't miss, Features, Hot stuff, News, open source, OpenSSF, opinion, software, strategy, The Linux Foundation, tips /

Enhancing open source security: Insights from the OpenSSF on addressing key challenges 18/05/2023 at 08:00 By Mirko Zorz In this Help Net Security interview, we meet a prominent industry leader. Brian Behlendorf, CTO at the Open Source Security Foundation (OpenSSF), shares insights on the influence of his experiences with the White House CTO office, World

React to this headline:

Loading spinner

Enhancing open source security: Insights from the OpenSSF on addressing key challenges Read More »

Scroll to Top