![]() We founded our business with the belief that OSS is fundamental in creating world-changing applications. Never before has so much attention been focused on open source software and its impact on modern application development and security. Participants at the Summit discussed the security challenges for the consumption of OSS in critical infrastructure sectors and beyond and highlighted the shared responsibility needed to ensure the resilience of OSS in critical infrastructure. ![]() Last week the OpenSSF brought together US Government (USG) officials from the National Security Council (NSC), Office of the National Cyber Director (ONCD), and the Cybersecurity and Infrastructure Security Agency (CISA) among others with industry leaders at the Secure Open Source Software (SOSS) Summit 2023. The US Cybersecurity and Infrastructure Security Agency (CISA) also recently released an Open Source Software Security Roadmap with which the OpenSSF is uniquely positioned to assist toward securing open source software for the public good. The OpenSSF plans to reply to the RFI, and encourages all stakeholders to respond as well. Recently, the US Federal Government issued a Request for Information (RFI) on Open Source Software Security that originated from the Open-Source Software Security Initiative (OS3I) interagency working group created to improve OSS security. In support of the DARPA AI Cyber Challenge (AIxCC), a two-year competition aimed at driving innovation at the nexus of AI and cybersecurity to create a new generation of cybersecurity tools, the OpenSSF is serving as challenge advisor and the Open Track Registration opens on November 1st. The OpenSSF also recently released updates to Scorecard, its automated tool for measuring OSS projects’ security status Scorecard now supports GitLab (in addition to GitHub) and its analyses now have many improvements. The grant to Prossimo is earmarked to advance the functionality and scalability of the Rustls TLS library and the Rust for Linux effort. ![]() The Alpha portion of Alpha-Omega is collaborative in nature, targeting and evaluating the most critical open source projects to help them improve their security postures. ![]() OpenSSF’s Alpha-Omega Project granted $530,000 to the Internet Security Research Group (ISRG), the parent organization of Prossimo, to bring memory safety to critical components of the Internet. This guide is a comprehensive resource dedicated to raising awareness and education for securing and implementing best practices for source code management platforms, including GitHub and GitLab. The OpenSSF recently released the Source Code Management Best Practices Guide 1.0. Both in-person and virtual registration are available. A panel will explore navigating open source, open standards and government directives for better cybersecurity. Highlights on the schedule include sessions on collaboratively developing security in the open, managing vulnerabilities, collaborating along the open source supply chain, building better pipelines, and more. OpenSSF Day is an exciting opportunity to learn more about ongoing efforts to secure the open source software ecosystem. Today, the OpenSSF hosts OpenSSF Day Europe at Open Source Summit Europe in Bilbao, Spain. “At a time when open source software’s place in critical infrastructure is more important than ever before, we look forward to working together to make the open source ecosystem more safe, secure, and reliable.” “We are excited to welcome these new members to the OpenSSF community,” said Omkhar Arasaratnam. Technical communities continue to prioritize investment in open source security and recognize the role of supporting and sustaining open source communities in maintaining a healthy, vibrant, and secure open source ecosystem. New OpenSSF associate member, the Rust Foundation, also joins. New OpenSSF general members include Mend.io, RTX, Shopify, SlimAI, and Stacklok. Bilbao, Spain, Septem– The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), welcomes six new members from leading technology firms.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |