Openssf

OpenSSF, the Open Source Security Foundation, is an influential collaborative initiative under the Linux Foundation dedicated to improving open source software security. Bringing together industry leaders, security experts, and developers, OpenSSF drives broad community efforts to address vulnerabilities, foster best practices, and enhance transparency across software supply chains. Among its standout contributions is the advocacy and tooling development around Software Bill of Materials (SBOMs), which have rapidly become indispensable for managing security risks in modern software ecosystems. ...

Today, I want to share with you a new initiative by OpenSSF called the Open Source Project Security Baseline. The TL;DR: This initiative consists of a series of checks that project maintainers must have in place in their software repositories to demonstrate a strong security posture. The baseline is divided into three well defined levels. I find this to be an interesting and practical initiative, easy to apply for improving and certifying a project’s security level. ...

I’ll start with a premise for those who may not already be familiar: the open-source software ecosystem often revolves around foundations, with the most famous probably being the Linux Foundation. In the cloud-native domain, the reference foundation is the Cloud Native Computing Foundation, commonly known as CNCF. CNCF is a foundation created by the Linux Foundation in 2015, specifically to manage projects in the cloud-native domain. In simple terms, it can be defined as a third-party, vendor-neutral entity that oversees the development and activities related to major projects involving containerized technologies like Kubernetes. ...