The EU’s Cyber Resilience Act kicks into high gear this September, and companies are still clueless about how they must obey its strictures. MINNEAPOLIS — At Open Source Summit North America, Christopher “CRob” Robinson, Chief Security Architect for the Open Source Software Foundation (OpenSSF), spoke about the European Union’s (EU) Cyber Resilience Act (CRA). CRob […]
Open Letter Calls for Fundamental Change to Open Source Economics
Leading stewards of several major open source projects today issued a joint open letter calling for major changes to be made to the way the IT infrastructure used to support these initiatives is funded, operated and maintained. Posted on the Open Source Security Foundation (OpenSSF) website, the open letter signed by representatives from open source […]
OpenSSF Siren: Security for One, Security for All
The OpenSSF Siren is a fresh, new take on ye old security mailing list.
OpenSSF warns of Open Source Social Engineering Threats
Linux dodged a bullet. If the XZ exploit had gone undiscovered for only a few more weeks, millions of Linux systems would have been compromised with a backdoor. We were lucky. But can we stay lucky? The Open Source Security Foundation (OpenSF) and the OpenJS Foundation revealed that a similar hackling attempt had targeted several […]
Summit Highlights Open Source Software Security Progress
The OpenSSF hosted a Secure Open Source Software (SOSS) Summit 2023 event during which it made available a Secure Open Source Software Vision Brief 2023.
Sigstore Code Signing Service Becomes Generally Available
A free digital signing service for software created by the Sigstore open source community has become generally available this week via the cloud. Announced at the SigstoreCon event that occurred during the KubeCon + CloudNativeCon North America conference, the cloud service makes it possible for developers to both cryptographically sign artifacts and verify that the […]
Rust Foundation Allies With OpenSSF and JFrog to Secure Code
The Rust Foundation announced today it is working with the Open Source Security Foundation (OpenSSF) and JFrog to help maintainers secure open source software created using the Rust programming language. Rebecca (Bec) Rumbul, executive director at the Rust Foundation, said even though Rust is a memory-safe language, there are still security issues that maintainers need […]
Survey Uncovers Depth of Open Source Software Insecurity
A survey from Snyk and the Linux Foundation published today found that less than half of respondents (49%) work for organizations that have security policies in place for the use or development of open source software. The survey, which polled 550 software development professionals, was conducted by Snyk, a provider of tools for securing software, […]
OpenSSF Adds Open Source Package Analysis Tool Prototype
The Open Source Security Foundation (OpenSSF) has made available a prototype of a package analysis tool that has already identified more than 200 malicious packages uploaded to PyPI and npm software components. Caleb Brown, an OpenSSF maintainer of the project, said the goal is to understand the behavior and capabilities of packages available on open […]
Checkmarx Finds Malicious Open Source PyPi Repository
Checkmarx, a provider of a platform for testing application security, this week disclosed it has discovered a malicious instance of a PyPi repository for Python code that has been downloaded more than 70,000 times. Tzachi Zorenshtain, head of supply chain security, said this discovery represents another instance where cybercriminals have made available a malicious copy […]