#openssf — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #openssf, aggregated by home.social.
-
For folks who are thinking about locally patching open-source software to fix what they think is a bug (_especially_ if they think it's a security vulnerability), I think that's a path to https://www.xkcd.com/424/
-
For folks who are thinking about locally patching open-source software to fix what they think is a bug (_especially_ if they think it's a security vulnerability), I think that's a path to https://www.xkcd.com/424/
-
For folks who are thinking about locally patching open-source software to fix what they think is a bug (_especially_ if they think it's a security vulnerability), I think that's a path to https://www.xkcd.com/424/
-
For folks who are thinking about locally patching open-source software to fix what they think is a bug (_especially_ if they think it's a security vulnerability), I think that's a path to https://www.xkcd.com/424/
-
For folks who are thinking about locally patching open-source software to fix what they think is a bug (_especially_ if they think it's a security vulnerability), I think that's a path to https://www.xkcd.com/424/
-
OpenSSF’s CRob: ‘The Runway Is Rapidly Running Out’ on EU CRA Readiness
The EU’s Cyber Resilience Act kicks into high gear this September, and companies are still clueless about how…
#Europe #EU #Compliance #devsecops #EuropeanUnion #OpenSourceSummitNorthAmerica #OpenSSF
https://www.europesays.com/europe/48251/ -
The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.
Read the blog by Helen Woeste (OSTIF):
-
The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.
Read the blog by Helen Woeste (OSTIF):
-
The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.
Read the blog by Helen Woeste (OSTIF):
-
The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.
Read the blog by Helen Woeste (OSTIF):
-
The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.
Read the blog by Helen Woeste (OSTIF):
-
OSSGuard — one CLI to scan your project and tell you exactly which OpenSSF security practices are missing: Scorecard, SLSA, SBOM, Sigstore, and more.
Works with Python, Go, JS, Rust, Java, C/C++.
pip install ossguard
brew install kirankotari/tap/ossguard
npx ossguardhttps://github.com/kirankotari/ossguard
#OpenSSF #SupplyChainSecurity #DevSecOps #OpenSource #DevOps #Python #Node #Golang #Community
-
The CPS project has just officially secured the #OpenSSF Gold Badge.
CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project.
Read the full story: https://openssf.org/blog/2026/05/07/the-road-to-gold-how-cps-set-a-new-standard-for-security-and-quality-in-open-source/
-
The CPS project has just officially secured the #OpenSSF Gold Badge.
CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project.
Read the full story: https://openssf.org/blog/2026/05/07/the-road-to-gold-how-cps-set-a-new-standard-for-security-and-quality-in-open-source/
-
The CPS project has just officially secured the #OpenSSF Gold Badge.
CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project.
Read the full story: https://openssf.org/blog/2026/05/07/the-road-to-gold-how-cps-set-a-new-standard-for-security-and-quality-in-open-source/
-
The CPS project has just officially secured the #OpenSSF Gold Badge.
CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project.
Read the full story: https://openssf.org/blog/2026/05/07/the-road-to-gold-how-cps-set-a-new-standard-for-security-and-quality-in-open-source/
-
The CPS project has just officially secured the #OpenSSF Gold Badge.
CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project.
Read the full story: https://openssf.org/blog/2026/05/07/the-road-to-gold-how-cps-set-a-new-standard-for-security-and-quality-in-open-source/
-
In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments.
-
In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments.
-
In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments.
-
In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments.
-
In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments.
-
@BrideOfLinux I enjoyed your article – thanks. Discovered three months after publication via <https://vermaden.wordpress.com/2026/05/04/valuable-news-2026-05-04/>.
Just one thing:
"… Isn’t this exactly what the Open Source Security Foundation was established to handle in the wake of OpenSSL’s difficulties?"
I 'm not certain. The roadmap at <https://openssf.org/about/> begins:
"The OpenSSF strategy is outlined across three key areas:
We will be a Catalyst for Change, we will Educate and Empower the Modern Developer, and we will be an Ecosystem Leader. …"
There's much more than a roadmap – and I didn't attempt to digest the charter (it's difficult to read, with the watermark) – it's difficult to tell why the OSSF was established, and so on. I don't doubt that the Foundation does great work, there's just a lot to take in. @openssf
In the case of sudo: I imagine that the media was a catalyst for change. Some time between mid-February and 3rd March, the plea for sponsorship disappeared:
― <https://web.archive.org/web/20260215044031/https://www.millert.dev/>
― <https://web.archive.org/web/20260305141311/https://www.millert.dev/>.
(I recall reading the article in The Register, which was discussed in Reddit <https://old.reddit.com/r/programming/duplicates/1qwsvh9/sudos_maintainer_needs_resources_to_keep_utility/>, and so on.)
-
@BrideOfLinux I enjoyed your article – thanks. Discovered three months after publication via <https://vermaden.wordpress.com/2026/05/04/valuable-news-2026-05-04/>.
Just one thing:
"… Isn’t this exactly what the Open Source Security Foundation was established to handle in the wake of OpenSSL’s difficulties?"
I 'm not certain. The roadmap at <https://openssf.org/about/> begins:
"The OpenSSF strategy is outlined across three key areas:
We will be a Catalyst for Change, we will Educate and Empower the Modern Developer, and we will be an Ecosystem Leader. …"
There's much more than a roadmap – and I didn't attempt to digest the charter (it's difficult to read, with the watermark) – it's difficult to tell why the OSSF was established, and so on. I don't doubt that the Foundation does great work, there's just a lot to take in. @openssf
In the case of sudo: I imagine that the media was a catalyst for change. Some time between mid-February and 3rd March, the plea for sponsorship disappeared:
― <https://web.archive.org/web/20260215044031/https://www.millert.dev/>
― <https://web.archive.org/web/20260305141311/https://www.millert.dev/>.
(I recall reading the article in The Register, which was discussed in Reddit <https://old.reddit.com/r/programming/duplicates/1qwsvh9/sudos_maintainer_needs_resources_to_keep_utility/>, and so on.)
-
@BrideOfLinux I enjoyed your article – thanks. Discovered three months after publication via <https://vermaden.wordpress.com/2026/05/04/valuable-news-2026-05-04/>.
Just one thing:
"… Isn’t this exactly what the Open Source Security Foundation was established to handle in the wake of OpenSSL’s difficulties?"
I 'm not certain. The roadmap at <https://openssf.org/about/> begins:
"The OpenSSF strategy is outlined across three key areas:
We will be a Catalyst for Change, we will Educate and Empower the Modern Developer, and we will be an Ecosystem Leader. …"
There's much more than a roadmap – and I didn't attempt to digest the charter (it's difficult to read, with the watermark) – it's difficult to tell why the OSSF was established, and so on. I don't doubt that the Foundation does great work, there's just a lot to take in. @openssf
In the case of sudo: I imagine that the media was a catalyst for change. Some time between mid-February and 3rd March, the plea for sponsorship disappeared:
― <https://web.archive.org/web/20260215044031/https://www.millert.dev/>
― <https://web.archive.org/web/20260305141311/https://www.millert.dev/>.
(I recall reading the article in The Register, which was discussed in Reddit <https://old.reddit.com/r/programming/duplicates/1qwsvh9/sudos_maintainer_needs_resources_to_keep_utility/>, and so on.)
-
@BrideOfLinux I enjoyed your article – thanks. Discovered three months after publication via <https://vermaden.wordpress.com/2026/05/04/valuable-news-2026-05-04/>.
Just one thing:
"… Isn’t this exactly what the Open Source Security Foundation was established to handle in the wake of OpenSSL’s difficulties?"
I 'm not certain. The roadmap at <https://openssf.org/about/> begins:
"The OpenSSF strategy is outlined across three key areas:
We will be a Catalyst for Change, we will Educate and Empower the Modern Developer, and we will be an Ecosystem Leader. …"
There's much more than a roadmap – and I didn't attempt to digest the charter (it's difficult to read, with the watermark) – it's difficult to tell why the OSSF was established, and so on. I don't doubt that the Foundation does great work, there's just a lot to take in. @openssf
In the case of sudo: I imagine that the media was a catalyst for change. Some time between mid-February and 3rd March, the plea for sponsorship disappeared:
― <https://web.archive.org/web/20260215044031/https://www.millert.dev/>
― <https://web.archive.org/web/20260305141311/https://www.millert.dev/>.
(I recall reading the article in The Register, which was discussed in Reddit <https://old.reddit.com/r/programming/duplicates/1qwsvh9/sudos_maintainer_needs_resources_to_keep_utility/>, and so on.)
-
@BrideOfLinux I enjoyed your article – thanks. Discovered three months after publication via <https://vermaden.wordpress.com/2026/05/04/valuable-news-2026-05-04/>.
Just one thing:
"… Isn’t this exactly what the Open Source Security Foundation was established to handle in the wake of OpenSSL’s difficulties?"
I 'm not certain. The roadmap at <https://openssf.org/about/> begins:
"The OpenSSF strategy is outlined across three key areas:
We will be a Catalyst for Change, we will Educate and Empower the Modern Developer, and we will be an Ecosystem Leader. …"
There's much more than a roadmap – and I didn't attempt to digest the charter (it's difficult to read, with the watermark) – it's difficult to tell why the OSSF was established, and so on. I don't doubt that the Foundation does great work, there's just a lot to take in. @openssf
In the case of sudo: I imagine that the media was a catalyst for change. Some time between mid-February and 3rd March, the plea for sponsorship disappeared:
― <https://web.archive.org/web/20260215044031/https://www.millert.dev/>
― <https://web.archive.org/web/20260305141311/https://www.millert.dev/>.
(I recall reading the article in The Register, which was discussed in Reddit <https://old.reddit.com/r/programming/duplicates/1qwsvh9/sudos_maintainer_needs_resources_to_keep_utility/>, and so on.)
-
We're still beaming with pride since at #KubeCon + CloudNativeCon Europe in April we were celebrated by the #OpenSSF because we earned all five available badges in the #SecuritySlam: Cleaner, Chronicler, Inspector, Mechanizer, and Defender: https://openssf.org/blog/2026/04/10/security-slam-2026-celebrating-our-security-champions-and-project-milestones/
-
We're still beaming with pride since at #KubeCon + CloudNativeCon Europe in April we were celebrated by the #OpenSSF because we earned all five available badges in the #SecuritySlam: Cleaner, Chronicler, Inspector, Mechanizer, and Defender: https://openssf.org/blog/2026/04/10/security-slam-2026-celebrating-our-security-champions-and-project-milestones/
-
We're still beaming with pride since at #KubeCon + CloudNativeCon Europe in April we were celebrated by the #OpenSSF because we earned all five available badges in the #SecuritySlam: Cleaner, Chronicler, Inspector, Mechanizer, and Defender: https://openssf.org/blog/2026/04/10/security-slam-2026-celebrating-our-security-champions-and-project-milestones/
-
We're still beaming with pride since at #KubeCon + CloudNativeCon Europe in April we were celebrated by the #OpenSSF because we earned all five available badges in the #SecuritySlam: Cleaner, Chronicler, Inspector, Mechanizer, and Defender: https://openssf.org/blog/2026/04/10/security-slam-2026-celebrating-our-security-champions-and-project-milestones/
-
We're still beaming with pride since at #KubeCon + CloudNativeCon Europe in April we were celebrated by the #OpenSSF because we earned all five available badges in the #SecuritySlam: Cleaner, Chronicler, Inspector, Mechanizer, and Defender: https://openssf.org/blog/2026/04/10/security-slam-2026-celebrating-our-security-champions-and-project-milestones/
-
#OpenSSF warns of hackers impersonating Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.
Read: https://hackread.com/openssf-malware-slack-linux-foundation-figures/
-
#OpenSSF warns of hackers impersonating Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.
Read: https://hackread.com/openssf-malware-slack-linux-foundation-figures/
-
#OpenSSF warns of hackers impersonating Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.
Read: https://hackread.com/openssf-malware-slack-linux-foundation-figures/
-
#OpenSSF warns of hackers impersonating Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.
Read: https://hackread.com/openssf-malware-slack-linux-foundation-figures/
-
#OpenSSF warns of hackers impersonating Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.
Read: https://hackread.com/openssf-malware-slack-linux-foundation-figures/
-
In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."
Read the recap to learn about the SAFE-#MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!
https://openssf.org/blog/2026/04/08/openssf-tech-talk-recap-securing-agentic-ai/
-
In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."
Read the recap to learn about the SAFE-#MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!
https://openssf.org/blog/2026/04/08/openssf-tech-talk-recap-securing-agentic-ai/
-
In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."
Read the recap to learn about the SAFE-#MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!
https://openssf.org/blog/2026/04/08/openssf-tech-talk-recap-securing-agentic-ai/
-
In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."
Read the recap to learn about the SAFE-#MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!
https://openssf.org/blog/2026/04/08/openssf-tech-talk-recap-securing-agentic-ai/
-
In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."
Read the recap to learn about the SAFE-#MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!
https://openssf.org/blog/2026/04/08/openssf-tech-talk-recap-securing-agentic-ai/
-
The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.
-
The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.
-
The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.
-
The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.
-
The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.
-
The #OpenSSF March newsletter is live! Featuring:
- New funding from AWS, Google, Microsoft, and others to secure AI 💰
- Launch of the OpenSSF Ambassador Program
- The new Gemara Model for GRC engineeringRead more: https://openssf.org/newsletter/2026/03/26/openssf-newsletter-march-2026/
Subscribe: https://openssf.org/newsletter/#newsletter
-
The #OpenSSF March newsletter is live! Featuring:
- New funding from AWS, Google, Microsoft, and others to secure AI 💰
- Launch of the OpenSSF Ambassador Program
- The new Gemara Model for GRC engineeringRead more: https://openssf.org/newsletter/2026/03/26/openssf-newsletter-march-2026/
Subscribe: https://openssf.org/newsletter/#newsletter
-
The #OpenSSF March newsletter is live! Featuring:
- New funding from AWS, Google, Microsoft, and others to secure AI 💰
- Launch of the OpenSSF Ambassador Program
- The new Gemara Model for GRC engineeringRead more: https://openssf.org/newsletter/2026/03/26/openssf-newsletter-march-2026/
Subscribe: https://openssf.org/newsletter/#newsletter