home.social

#openssf — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #openssf, aggregated by home.social.

  1. For folks who are thinking about locally patching open-source software to fix what they think is a bug (_especially_ if they think it's a security vulnerability), I think that's a path to xkcd.com/424/

  2. For folks who are thinking about locally patching open-source software to fix what they think is a bug (_especially_ if they think it's a security vulnerability), I think that's a path to xkcd.com/424/

    #InfoSec #CVE #OpenSource #Mythos #Glasswing #OpenSSF

  3. For folks who are thinking about locally patching open-source software to fix what they think is a bug (_especially_ if they think it's a security vulnerability), I think that's a path to xkcd.com/424/

    #InfoSec #CVE #OpenSource #Mythos #Glasswing #OpenSSF

  4. For folks who are thinking about locally patching open-source software to fix what they think is a bug (_especially_ if they think it's a security vulnerability), I think that's a path to xkcd.com/424/

    #InfoSec #CVE #OpenSource #Mythos #Glasswing #OpenSSF

  5. For folks who are thinking about locally patching open-source software to fix what they think is a bug (_especially_ if they think it's a security vulnerability), I think that's a path to xkcd.com/424/

    #InfoSec #CVE #OpenSource #Mythos #Glasswing #OpenSSF

  6. OpenSSF’s CRob: ‘The Runway Is Rapidly Running Out’ on EU CRA Readiness

    The EU’s Cyber Resilience Act kicks into high gear this September, and companies are still clueless about how…
    #Europe #EU #Compliance #devsecops #EuropeanUnion #OpenSourceSummitNorthAmerica #OpenSSF
    europesays.com/europe/48251/

  7. The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.

    Read the blog by Helen Woeste (OSTIF):

    openssf.org/blog/2026/05/12/ha

  8. The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.

    Read the blog by Helen Woeste (OSTIF):

    openssf.org/blog/2026/05/12/ha

  9. The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.

    Read the blog by Helen Woeste (OSTIF):

    openssf.org/blog/2026/05/12/ha

  10. The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.

    Read the blog by Helen Woeste (OSTIF):

    openssf.org/blog/2026/05/12/ha

  11. The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.

    Read the blog by Helen Woeste (OSTIF):

    openssf.org/blog/2026/05/12/ha

  12. OSSGuard — one CLI to scan your project and tell you exactly which OpenSSF security practices are missing: Scorecard, SLSA, SBOM, Sigstore, and more.

    Works with Python, Go, JS, Rust, Java, C/C++.

    pip install ossguard
    brew install kirankotari/tap/ossguard
    npx ossguard

    github.com/kirankotari/ossguard

    #OpenSSF #SupplyChainSecurity #DevSecOps #OpenSource #DevOps #Python #Node #Golang #Community

  13. The CPS project has just officially secured the #OpenSSF Gold Badge.

    CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project.

    Read the full story: openssf.org/blog/2026/05/07/th

  14. The CPS project has just officially secured the #OpenSSF Gold Badge.

    CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project.

    Read the full story: openssf.org/blog/2026/05/07/th

  15. The CPS project has just officially secured the #OpenSSF Gold Badge.

    CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project.

    Read the full story: openssf.org/blog/2026/05/07/th

  16. The CPS project has just officially secured the #OpenSSF Gold Badge.

    CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project.

    Read the full story: openssf.org/blog/2026/05/07/th

  17. The CPS project has just officially secured the #OpenSSF Gold Badge.

    CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project.

    Read the full story: openssf.org/blog/2026/05/07/th

  18. In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments.

    openssf.org/podcast/2026/05/05

  19. In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments.

    openssf.org/podcast/2026/05/05

  20. In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments.

    openssf.org/podcast/2026/05/05

  21. In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments.

    openssf.org/podcast/2026/05/05

  22. In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments.

    openssf.org/podcast/2026/05/05

  23. @BrideOfLinux I enjoyed your article – thanks. Discovered three months after publication via <vermaden.wordpress.com/2026/05>.

    Just one thing:

    "… Isn’t this exactly what the Open Source Security Foundation was established to handle in the wake of OpenSSL’s difficulties?"

    I 'm not certain. The roadmap at <openssf.org/about/> begins:

    "The OpenSSF strategy is outlined across three key areas:

    We will be a Catalyst for Change, we will Educate and Empower the Modern Developer, and we will be an Ecosystem Leader. …"

    There's much more than a roadmap – and I didn't attempt to digest the charter (it's difficult to read, with the watermark) – it's difficult to tell why the OSSF was established, and so on. I don't doubt that the Foundation does great work, there's just a lot to take in. @openssf

    In the case of sudo: I imagine that the media was a catalyst for change. Some time between mid-February and 3rd March, the plea for sponsorship disappeared:

    ― <web.archive.org/web/2026021504>

    ― <web.archive.org/web/2026030514>.

    (I recall reading the article in The Register, which was discussed in Reddit <old.reddit.com/r/programming/d>, and so on.)

    Cc @millert @governa

    #sudo #OpenSSF

  24. @BrideOfLinux I enjoyed your article – thanks. Discovered three months after publication via <vermaden.wordpress.com/2026/05>.

    Just one thing:

    "… Isn’t this exactly what the Open Source Security Foundation was established to handle in the wake of OpenSSL’s difficulties?"

    I 'm not certain. The roadmap at <openssf.org/about/> begins:

    "The OpenSSF strategy is outlined across three key areas:

    We will be a Catalyst for Change, we will Educate and Empower the Modern Developer, and we will be an Ecosystem Leader. …"

    There's much more than a roadmap – and I didn't attempt to digest the charter (it's difficult to read, with the watermark) – it's difficult to tell why the OSSF was established, and so on. I don't doubt that the Foundation does great work, there's just a lot to take in. @openssf

    In the case of sudo: I imagine that the media was a catalyst for change. Some time between mid-February and 3rd March, the plea for sponsorship disappeared:

    ― <web.archive.org/web/2026021504>

    ― <web.archive.org/web/2026030514>.

    (I recall reading the article in The Register, which was discussed in Reddit <old.reddit.com/r/programming/d>, and so on.)

    Cc @millert @governa

    #sudo #OpenSSF

  25. @BrideOfLinux I enjoyed your article – thanks. Discovered three months after publication via <vermaden.wordpress.com/2026/05>.

    Just one thing:

    "… Isn’t this exactly what the Open Source Security Foundation was established to handle in the wake of OpenSSL’s difficulties?"

    I 'm not certain. The roadmap at <openssf.org/about/> begins:

    "The OpenSSF strategy is outlined across three key areas:

    We will be a Catalyst for Change, we will Educate and Empower the Modern Developer, and we will be an Ecosystem Leader. …"

    There's much more than a roadmap – and I didn't attempt to digest the charter (it's difficult to read, with the watermark) – it's difficult to tell why the OSSF was established, and so on. I don't doubt that the Foundation does great work, there's just a lot to take in. @openssf

    In the case of sudo: I imagine that the media was a catalyst for change. Some time between mid-February and 3rd March, the plea for sponsorship disappeared:

    ― <web.archive.org/web/2026021504>

    ― <web.archive.org/web/2026030514>.

    (I recall reading the article in The Register, which was discussed in Reddit <old.reddit.com/r/programming/d>, and so on.)

    Cc @millert @governa

    #sudo #OpenSSF

  26. @BrideOfLinux I enjoyed your article – thanks. Discovered three months after publication via <vermaden.wordpress.com/2026/05>.

    Just one thing:

    "… Isn’t this exactly what the Open Source Security Foundation was established to handle in the wake of OpenSSL’s difficulties?"

    I 'm not certain. The roadmap at <openssf.org/about/> begins:

    "The OpenSSF strategy is outlined across three key areas:

    We will be a Catalyst for Change, we will Educate and Empower the Modern Developer, and we will be an Ecosystem Leader. …"

    There's much more than a roadmap – and I didn't attempt to digest the charter (it's difficult to read, with the watermark) – it's difficult to tell why the OSSF was established, and so on. I don't doubt that the Foundation does great work, there's just a lot to take in. @openssf

    In the case of sudo: I imagine that the media was a catalyst for change. Some time between mid-February and 3rd March, the plea for sponsorship disappeared:

    ― <web.archive.org/web/2026021504>

    ― <web.archive.org/web/2026030514>.

    (I recall reading the article in The Register, which was discussed in Reddit <old.reddit.com/r/programming/d>, and so on.)

    Cc @millert @governa

    #sudo #OpenSSF

  27. @BrideOfLinux I enjoyed your article – thanks. Discovered three months after publication via <vermaden.wordpress.com/2026/05>.

    Just one thing:

    "… Isn’t this exactly what the Open Source Security Foundation was established to handle in the wake of OpenSSL’s difficulties?"

    I 'm not certain. The roadmap at <openssf.org/about/> begins:

    "The OpenSSF strategy is outlined across three key areas:

    We will be a Catalyst for Change, we will Educate and Empower the Modern Developer, and we will be an Ecosystem Leader. …"

    There's much more than a roadmap – and I didn't attempt to digest the charter (it's difficult to read, with the watermark) – it's difficult to tell why the OSSF was established, and so on. I don't doubt that the Foundation does great work, there's just a lot to take in. @openssf

    In the case of sudo: I imagine that the media was a catalyst for change. Some time between mid-February and 3rd March, the plea for sponsorship disappeared:

    ― <web.archive.org/web/2026021504>

    ― <web.archive.org/web/2026030514>.

    (I recall reading the article in The Register, which was discussed in Reddit <old.reddit.com/r/programming/d>, and so on.)

    Cc @millert @governa

    #sudo #OpenSSF

  28. We're still beaming with pride since at #KubeCon + CloudNativeCon Europe in April we were celebrated by the #OpenSSF because we earned all five available badges in the #SecuritySlam: Cleaner, Chronicler, Inspector, Mechanizer, and Defender: openssf.org/blog/2026/04/10/se

  29. We're still beaming with pride since at #KubeCon + CloudNativeCon Europe in April we were celebrated by the #OpenSSF because we earned all five available badges in the #SecuritySlam: Cleaner, Chronicler, Inspector, Mechanizer, and Defender: openssf.org/blog/2026/04/10/se

  30. We're still beaming with pride since at #KubeCon + CloudNativeCon Europe in April we were celebrated by the #OpenSSF because we earned all five available badges in the #SecuritySlam: Cleaner, Chronicler, Inspector, Mechanizer, and Defender: openssf.org/blog/2026/04/10/se

  31. We're still beaming with pride since at #KubeCon + CloudNativeCon Europe in April we were celebrated by the #OpenSSF because we earned all five available badges in the #SecuritySlam: Cleaner, Chronicler, Inspector, Mechanizer, and Defender: openssf.org/blog/2026/04/10/se

  32. We're still beaming with pride since at #KubeCon + CloudNativeCon Europe in April we were celebrated by the #OpenSSF because we earned all five available badges in the #SecuritySlam: Cleaner, Chronicler, Inspector, Mechanizer, and Defender: openssf.org/blog/2026/04/10/se

  33. #OpenSSF warns of hackers impersonating Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.

    Read: hackread.com/openssf-malware-s

    #CyberSecurity #Malware #LinuxFoundation #Scam

  34. warns of hackers impersonating Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.

    Read: hackread.com/openssf-malware-s

  35. #OpenSSF warns of hackers impersonating Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.

    Read: hackread.com/openssf-malware-s

    #CyberSecurity #Malware #LinuxFoundation #Scam

  36. #OpenSSF warns of hackers impersonating Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.

    Read: hackread.com/openssf-malware-s

    #CyberSecurity #Malware #LinuxFoundation #Scam

  37. #OpenSSF warns of hackers impersonating Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.

    Read: hackread.com/openssf-malware-s

    #CyberSecurity #Malware #LinuxFoundation #Scam

  38. In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."

    Read the recap to learn about the SAFE-#MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!

    openssf.org/blog/2026/04/08/op

    #OpenSSF #AgenticAI

  39. In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."

    Read the recap to learn about the SAFE-#MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!

    openssf.org/blog/2026/04/08/op

    #OpenSSF #AgenticAI

  40. In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."

    Read the recap to learn about the SAFE-#MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!

    openssf.org/blog/2026/04/08/op

    #OpenSSF #AgenticAI

  41. In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."

    Read the recap to learn about the SAFE-#MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!

    openssf.org/blog/2026/04/08/op

    #OpenSSF #AgenticAI

  42. In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."

    Read the recap to learn about the SAFE-#MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!

    openssf.org/blog/2026/04/08/op

    #OpenSSF #AgenticAI

  43. The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.

    openssf.org/community/openssf-

  44. The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.

    openssf.org/community/openssf-

  45. The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.

    openssf.org/community/openssf-

  46. The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.

    openssf.org/community/openssf-

  47. The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.

    openssf.org/community/openssf-

  48. The #OpenSSF March newsletter is live! Featuring:

    - New funding from AWS, Google, Microsoft, and others to secure AI 💰
    - Launch of the OpenSSF Ambassador Program
    - The new Gemara Model for GRC engineering

    Read more: openssf.org/newsletter/2026/03

    Subscribe: openssf.org/newsletter/#newsle

  49. The #OpenSSF March newsletter is live! Featuring:

    - New funding from AWS, Google, Microsoft, and others to secure AI 💰
    - Launch of the OpenSSF Ambassador Program
    - The new Gemara Model for GRC engineering

    Read more: openssf.org/newsletter/2026/03

    Subscribe: openssf.org/newsletter/#newsle

  50. The #OpenSSF March newsletter is live! Featuring:

    - New funding from AWS, Google, Microsoft, and others to secure AI 💰
    - Launch of the OpenSSF Ambassador Program
    - The new Gemara Model for GRC engineering

    Read more: openssf.org/newsletter/2026/03

    Subscribe: openssf.org/newsletter/#newsle