‘Vigilance required to counter infiltration attempts of open-source projects’
The backdoor in the Linux compression tool xz may not have been an isolated incident, say the Open Source Security Foundation and the OpenJS Foundation in a joint statement. They or their members recently intercepted multiple attempts to infiltrate open-source software projects.
The organization... Read more
OpenSSF launches manifesto for responsible open-source use
The OpenSSF End Users Working Group wants end users of open-source software to pay more attention to the responsible use of the software. To this end, the Open Source Consumption Manifesto (OSCM) has now been presented.
With the manifesto, OpenSSF wants to achieve that end-users of open-source s... Read more
Open Source Summit features announcements from AWS, Meta and OpenSSF
Quite a few companies are making announcements at the Open Source Summit North America in Vancouver. For example, AWS indicates how it will further its contributions to the open source community. Additionally, Meta has been accepted as a Gold member in the OpenJS Foundation and OpenSSF can count on... Read more
OpenSSF strengthens supply chain security with SLSA 1.0
SLSA 1.0 is intended to provide a standard language for software supply chain security. The project is at an important milestone in software development security with its first stable version, according to OpenSSF.
The Open Source Security Foundation (OpenSSF) was launched in 2020 by the Linux F... Read more