entity

OpenSSF

Also known as: Open Source Security Foundation, OSSF

Facts (16)

Sources

bureado/awesome-software-supply-chain-security - GitHub github.com GitHub 9 facts

referenceThe Open Source Project Security Baseline is a tiered framework of security practices for open source projects provided by OpenSSF, aligned with international cybersecurity standards such as CRA and NIST SSDF, to provide actionable guidance for developers.

referenceThe npm Best Practices Guide, published by the Open Source Security Foundation (OpenSSF), provides features and recommendations for using the npm package manager safely.

referenceThe Principles for Package Repository Security, published by the Open Source Security Foundation (OpenSSF), establishes a taxonomy and security maturity levels for package repositories covering authentication, authorization, general capabilities, and CLI tooling.

claimThe Open Source Security Foundation (OpenSSF) operates the Alpha-Omega Project.

referenceThe OpenSSF Concise Guide for Developing More Secure Software was published on September 1, 2022.

referenceThe Open Source Security Foundation (OpenSSF) offers 'Secure Software Development Fundamentals' courses.

referenceAdolfo García Veytia of the OpenSSF presented on establishing cryptographically verifiable security baselines in a talk titled 'True Security: Unforgeable Baseline Compliance'.

referenceTakashi Ninjouji from OpenSSF presented 'From SBOM Basics To Automation: A Beginner's Journey in Extracting ELF Binary Dependencies', which covers practical SBOM automation and binary analysis.

referenceAllstar is a GitHub App developed by the Open Source Security Foundation (OSSF) used to set and enforce security policies.

A Mixed-Methods Study of Open-Source Software Maintainers On ... arxiv.org arXiv Feb 3, 2025 4 facts

referenceThe survey design was informed by the 'Getting started GitHub security features guide' and established initiatives like the OpenSSF guides on vulnerability management.

referenceThe Linux Foundation maintains the Open Source Security Foundation (OpenSSF) working groups, documented at https://openssf.org/community/openssf-working-groups/.

claimFuture research can leverage Large Language Models (LLMs) to help OSS maintainers interpret reported vulnerabilities by using OSS security datasets, such as those curated by the OpenSSF, and to help generate patches for reported vulnerabilities with minimized regression tests.

referenceThe Open Source Security Foundation (OpenSSF) published a guide in 2022 titled 'Guide to implementing a coordinated vulnerability disclosure process for open source projects' to assist maintainers in managing security vulnerabilities.

Cybersecurity Trends and Predictions 2025 From Industry Insiders itprotoday.com ITPro Today 2 facts

claimChristopher Robinson, the chief security architect at the OpenSSF, predicts that open source software (OSS) supply chain attacks will continue to expand, noting that such attacks have risen significantly over the last several years.

referenceThe OpenSSF provides resources to help developers and consumers vet open source software components, including the SIREN mailing list for emerging exploits, the OSV database for tracking malicious packages and vulnerabilities, and tools like Scorecard and GUAC for dependency visibility.

What Is Open Governance? Drafting a charter for an Open Source ... opensource.org Open Source Initiative May 9, 2023 1 fact

claimThe ClearlyDefined project used the governance models of ORT, OpenSSF, SPDX, FOSSology, OpenChain, CNCF, the Todo Group, and the Eclipse Foundation as inspiration for drafting its own charter.