Open Source Security Foundation | 13 April 2023
Hello, Linux Foundation members and readers! Here are some updates from the Open Source Security Foundation (OpenSSF) in Q1 2023:
- OpenSSF Day is coming up on May 10, 2023, as part of the Open Source Summit North America in Vancouver. All are welcome to attend!
- In March, we held a Town Hall meeting where we shared updates on OpenSSF initiatives and answered questions.
- We are happy to welcome eight new members to the OpenSSF.
- OpenSSF participated in various industry events such as CloudNativeSecurityCon, FOSDEM, and State of OpenCon. We also hosted meetups in Tokyo and Hong Kong for the first time.
Coming up: OpenSSF Day North America
The OpenSSF Day North America agenda is now live! We will host a full day of interesting session presentations, panels, and lightning talks on May 10th during Open Source Summit North America in Vancouver, Canada. Plan to join us to discuss the latest and greatest in ongoing efforts to secure the open-source software supply chain.
Improving Open Source Security through Collaboration: March 2023 OpenSSF Town Hall Highlights
.png?width=1600&height=800&name=unnamed%20(31).png)
At the end of March 2023, we hosted an OpenSSF Town Hall. We shared updates from the various initiatives at the OpenSSF, including Alpha-Omega, SBOM Everywhere, and diversity, equity, and inclusion (DEI) efforts around open source security. Participants had an opportunity to ask questions. Review highlights and watch the recording.
OpenSSF Membership Growth Signals Technical Communities’ Continued Commitment to Investing in Security
.png?width=1200&height=628&name=unnamed%20(32).png)
We recently welcomed eight new members from leading technology firms. The total number of OpenSSF members is currently over 100, and organization membership saw an 88% growth in 2022 from a variety of different sectors. New OpenSSF general member commitments include Amesto Fortytwo, Code Intelligence, Kusari, Privado, Scotiabank, and Technology Innovation Institute (TII). New associate members include the Open Source Business Alliance – Bundesverband für digitale Souveränität e.V. and Python Software Foundation. We recently welcomed eight new members from leading technology firms. We are happy to see that technical communities continue demonstrating a strong commitment to investing in security now and in the future.
Participation in Community Events Across the Globe
.jpg?width=1600&height=1066&name=unnamed%20(12).jpg)
The first-ever CloudNativeSecurityCon North America was an important event that gathered leaders and experts from across the industry to discuss the latest trends and challenges in cloud-native security. At the event, our GM Brian Behlendorf gave a keynote talk focusing on the future of OSS and software supply chain security.
During his talk, Behlendorf highlighted the potential new security threats that could emerge from the rise of AI systems like ChatGPT. He emphasized the importance of OSS projects preparing for this new future and ensuring their code is secure and resilient against these emerging threats.
The event was hosted by the Cloud Native Computing Foundation (CNCF) in Seattle, WA. It featured an OpenSSF booth where community members had the opportunity to discuss their current initiatives and recent accomplishments. This was a great opportunity for members to network and learn from each other and collaborate on future plans and projects.
In February, Brian discussed open source software security in Europe: first on a panel about open source software funding in Brussels, Belgium, during the Open Source Policy Summit, then talks on open source security at FOSDEM, and finally, a panel on international security policy at the State of OpenCon in London, UK.
We also hosted inaugural community meetups in Tokyo and Hong Kong that were well attended.
Latest News
We’ve been busy at the OpenSSF, and often share updates with the community on our blog. Here are a few recent posts you won’t want to miss. Check them out!
- OpenSSF Best Practices Working Group Provides Security Guidance and Tools for Open Source Developers - April 5, 2023
- Taking the Pulse of Leading Software Repositories’ Security - April 4, 2023
- Clarifying Sigstore Terms of Use - March 30, 2023
- The Role of Foundations in Securing OSS - March 28, 2023
- SBOM Everywhere Update and Python SPDX-Tools - March 27, 2023
- Improving Supply Chain Security: IBM as a user and a contributor to Open Source Security Foundation Scorecard - March 20, 2023
- New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security - March 15, 2023
- SLSA v1.0 Release Candidate - March 9, 2023
- Why Open Source is Infrastructure, and Why it Matters - March 8, 2023
- How to Make High-Quality SBOMs - March 2, 2023
- Spotlight on OpenSSF Board Member: Vincent Danen, Vice President of Product Security, Red Hat - February 14, 2023
- Independent Security Audit Impact Report - February 1, 2023
- Spotlight on OpenSSF Board Member: Tracy Ragan, CEO, DeployHub - January 18, 2023
How You Can Help Secure the OSS Supply Chain
We remain committed to ensuring the open source software ecosystem is secure for all. We’d love it if you and your organization could get involved in the OpenSSF. This could range from participating in our working groups to joining our Slack or mailing list.
We look forward to working with you to help secure the entire OSS ecosystem!