Tag: OpenSSF
-
Protobom: Open-source software supply chain tool
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software …
-
OpenSSF Warns of Open-Source Social Engineering Threats
Linux dodged a bullet. If the XZ exploit had gone undiscovered for only a few more weeks, millions of Linux systems would have been …
-
US Government and OpenSSF Partner on New SBOM Management Tool
The Open Source Security Foundation (OpenSSF), in collaboration with the US government, has launched a new tool to simplify Software Bill …
-
New open-source project takeover attacks spotted, stymied
The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in …
-
Transitioning to memory-safe languages: Challenges and considerations
In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the …
-
Google-backed GUAC cybersecurity tool becomes an OpenSSF project
in 2022 by Google LLC, cybersecurity startup Kusari Inc., Citibank NA and Purdue University. OpenSSF, the consortium to which the project …
-
Securing software repositories leads to better OSS security
Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. …
-
OpenSSF and CISA partner on Principles for Package Repository Security
According to the OpenSSF, package repositories are a critical point in the open source ecosystem for either allowing or preventing attacks. …
-
New Tripartite Initiative Aims to Fortify Open-Source Cybersecurity
Education is key to securing software. To help that happen, the Linux Foundation Training & Certification, ISC2, and the OpenSSF have …
-
OpenSSF Launches Malicious Packages Repository
The repository has already amassed over 15,000 reports of malicious packages, drawing data from various sources, including the OpenSSF …
-
New repository aims to illuminate open-source package vulnerabilities and malicious code
The Open Source Security Foundation today launched its Malicious Packages Repository, an open-source system for collecting and publishing …
-
White House launches AI Cyber Challenge to make software more secure
The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, …
●●●