OpenSSF Outlook Q3 2023: Continuing to Strengthen the Open Source Ecosystem

Hello, Linux Foundation members and readers! As we reflect on Q2 2023, here are some updates from the Open Source Security Foundation (OpenSSF) on what’s been happening:

• In May, we welcomed Omkhar Arasaratnam as the new General Manager of OpenSSF.
• This April marked the release of Version 1.0 of the software supply chain security framework - SLSA.
• OpenSSF Day Europe is coming up on September 18, 2023, colocated with Open Source Summit Europe in Bilbao, Spain.
• We rolled out the welcome mat for new members to the OpenSSF from leading technology firms.
  
  

Meet New OpenSSF GM Omkhar Arasaratnam

Join us for a conversation with new OpenSSF General Manager, Omkhar Arasaratnam, veteran cybersecurity and technical risk management executive with more than 25 years of experience leading global organizations. In this Q&A, Omkhar covers everything from the challenges he foresees in his role to what he thinks is the most important factor to keep in mind that affects the future of the open source community.

...

OpenSSF Announces SLSA Version 1.0 Release

The OpenSSF was proud to announce the release of version 1.0 of Supply-chain Levels for Software Artifacts (SLSA). SLSA is an OpenSSF project that provides specifications for software supply chain security, established by community expert consensus. It’s designed to give confidence that software hasn’t been tampered with and can be securely traced back to its source. The stable release of the SLSA 1.0 Build Track lowers the barrier of entry for improvements, helps you focus efforts on improving your build, and reduces the chances of tampering across a large swath of the supply chain.

...

Coming Up: OpenSSF Day at Open Source Summit Europe

We’re pleased to host OpenSSF Day at Open Source Summit Europe on Monday, September 18th. OpenSSF Day Europe brings together the open source community to discuss the challenges, big-picture solutions, ongoing work and successes in securing the open source software (OSS) supply chain. The full day program will feature keynotes from Open Source Security Foundation (OpenSSF) contributors and thought leaders. Register today!

...

OpenSSF Welcomes New Members, Veteran Cybersecurity Expert as General Manager, and New Funding

The OpenSSF welcomed four new members from leading technology firms: Hitachi, Lockheed Martin, Salesforce, and SAP. The OpenSSF also welcomed new General Manager, Omkhar Arasaratnam, who said, “It’s an honor to help the Open Source community to build software that’s secure by construction.” Plus Microsoft and Google committed $5 million in continued funding for Alpha-Omega.

...

How You Can Help Secure the OSS Supply Chain

We’ve been busy at the OpenSSF, and often share updates with the community on our blog. Here are a few recent posts you won’t want to miss. Check them out!

• SBOM Everywhere and the Security Tooling Working Group: Providing the Best Security Tools for Open Source Developers - June 30, 2023
• PSF Welcomes New Security Developer in Residence with Support from Alpha-Omega - June 22, 2023
• Why SBOM Generators Need to Accurately Represent Open Source Licenses - June 20, 2023
• OpenSSF Day at Open Source Summit Europe: Call for Proposals Now Open - June 7, 2023
• OpenSSF Supply Chain Integrity Working Group Provides Security Guidance, Practical Frameworks, and Tools - May 31, 2023
• Inaugural Open Source Security Singapore Meetup - May 30, 2023
• Takeaways from OpenSSF Day North America - May 26, 2023
• Exploring the Latest Advances in SBOMs from the Devroom - May 24, 2023
• We Want to Hear from You: Take the OpenSSF Software Security Awareness Survey - May 17, 2023
• Sessions You Won’t Want to Miss at Open Source Summit and OpenSSF Day NA - May 4, 2023
• How I Got Involved with the OpenSSF - May 3, 2023
• Getting to know the Open Source Vulnerability (OSV) format - May 2, 2023
• Join Us at the OSS Security Meetup in Tokyo, Japan - April 26, 2023
• OpenSSF Seats New Technical Advisory Council and Security Community Individual Representative - April 26, 2023
• Distinguish between source and vendor - April 17, 2023
• Assessing Product Risk Using SBOMs and OpenSSF Scorecard - April 14, 2023
• Spotlight on OpenSSF Board Member: Brian Fox, Co-Founder and CTO, Sonatype - April 12, 2023

OpenSSF in the News Highlights

• Security Conversations - OpenSSF GM Omkhar Arasaratnam on open-source software security - July 5, 2023
• Dark Reading - Cl0p's MOVEit Campaign Represents a New Era in Cyberattacks - July 5, 2023
• The Resilient Cyber Podcast - Interview with Omkhar Arasaratnam, OpenSSF GM - June 23
• The New Stack - The Risks of Decomposing Software Components - June 14, 2023
• Techstrong TV - Yesenia Yser and Jonathan Leitschuh, OpenSSF | OSS North America 2023 - May 29, 2023
• Techstrong TV - Chris Robinson, Intel | OSS North America 2023 - May 29, 2023
• Dark Reading - 2 Lenses for Examining the Safety of Open Source Software - May 26, 2023
• The New Stack - Tracy Ragan: My Favorite Open Source Security Projects - May 22, 2023
• The New Stack - SBOM Everywhere: The OpenSSF Plan for SBOMs - May 20, 2023
• Help Net Security - Enhancing open source security: Insights from the OpenSSF on addressing key challenges - May 18, 2023
• GovTech - Open Source Community Leaders Talk Promise vs Vulnerability - May 13, 2023
• SiliconANGLE - OpenSSF: Making SBOMs more dynamic to reduce software security risks - May 12, 2023
• Security Week - OpenSSF Receives $5 Million for Open Source Software Security Project - May 11, 2023
• Embedded Computer Design - Dip into SLSA with OpenSSF - May 2, 2023
• CSO - OpenSSF releases SLSA v1.0, adds software supply chain-specific tracks - April 19, 2023

How You Can Help Secure the OSS Supply Chain

We continue to be committed to ensuring the open source software ecosystem is secure for all. Explore getting involved in the OpenSSF. This could range from participating in our working groups to joining our Slack or mailing list.

We look forward to working with you to help secure the entire OSS ecosystem!