Join us

ContentUpdates from The Open Source Security Foundation (OpenSSF) is a...
Discovery IconThat's all from @The Open Source Security Foundation (OpenSSF) is a — explore more posts below...
 Activity
jradxl
@jradxl started using tool Python , 5 hours, 2 minutes ago.
 Activity
jradxl
@jradxl started using tool Go , 5 hours, 2 minutes ago.
Story FAUN.dev() Team
eon01
@eon01 shared a post, 6 hours ago
Founder, FAUN.dev

Portainer: Podman environment option doesn't support Docker environments

#Portain...  #Bug  #docker  #Podman  #open so... 
Docker Portainer

During a recent training session I was leading, I watched a room full of sharp engineers do what engineers do best: follow instructions precisely. We installedPortainertogether, step by step, expecting the usual smooth glide into the world of container management. Instead, we hit a wall. A small one..

Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
laura_garcia
@laura_garcia shared a post, 8 hours ago
Software Developer, RELIANOID

🔐 Cybertech Global TLV 2026 | Tel Aviv

January 26–28, 2026 One of the world’s leading cybersecurity events is back! Cybertech Global brings together global cyber leaders, innovators, and decision-makers at the heart of Israel’s tech ecosystem. 👉 RELIANOID will be there supporting secure, resilient digital infrastructures. #CybertechTL..

cybertech_global_tel_aviv_2026_relianoid
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
sancharini
@sancharini shared a post, 9 hours ago

Black Box Testing Strategies for Modern Web Applications

Explore effective black box testing strategies for modern web applications. Learn how to validate user workflows, APIs, asynchronous behavior, and security while minimizing flaky tests.

Black Box Testing Strategies for Modern Web Applications
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story Keploy Team
sancharini
@sancharini shared a post, 9 hours ago

How to Combine Monkey Testing With Structured Test Automation?

Explore a practical approach to combining monkey testing with structured test automation, including smart test design, observability, and risk-based execution.

How to Combine Monkey Testing With Structured Test Automation?
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
idjuric660
@idjuric660 shared a post, 10 hours ago
Technical Content Writer, Mailtrap

5 Best Email API for Node.js Developers Tested & Compared

The best email APIs for Node.js developers are Mailtrap, Mailgun, SendGrid, Amazon SES, and Postmark. I tested each by building a demo application and integrating all services to find which provides the best SDK. Read on for complete results. Node.js email API comparison SDK quality SDK ‘quality’ co..

Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
 Activity
nithinsys9786
@nithinsys9786 started using tool Visual Studio Code , 16 hours, 1 minute ago.
 Activity
nithinsys9786
@nithinsys9786 started using tool Adobe Analytics , 16 hours, 1 minute ago.
 Activity
matx104
@matx104 started using tool Kubernetes - The Easier Way , 2 days, 8 hours ago.
The Open Source Security Foundation (OpenSSF) is an industry-backed foundation focused on strengthening the security of the global open source software ecosystem. It brings together major technology companies, cloud providers, open source communities, and security experts to address systemic security challenges that affect how software is built, distributed, and consumed.

OpenSSF was launched in 2021 and operates under the Linux Foundation, combining efforts from earlier initiatives such as the Core Infrastructure Initiative (CII) and industry-led supply chain security programs. Its mission is to make open source software more trustworthy, resilient, and secure by default, without placing unrealistic burdens on maintainers.

The foundation works across several key areas:

- Supply chain security: Developing frameworks, best practices, and tools to secure the software lifecycle from source to deployment. This includes stewardship of projects like sigstore and leadership on SLSA (Supply-chain Levels for Software Artifacts).

- Security tooling: Supporting and incubating open source tools that help developers detect, prevent, and remediate vulnerabilities at scale.

- Vulnerability management: Improving how vulnerabilities are discovered, disclosed, scored, and fixed across open source projects.

- Education and best practices: Publishing guidance, training, and maturity models such as the OpenSSF Best Practices Badge Program, which helps projects assess and improve their security posture.

- Metrics and research: Advancing data-driven approaches to understanding open source security risks and ecosystem health.

OpenSSF operates through working groups and special interest groups (SIGs) that focus on specific problem areas like securing builds, improving dependency management, or automating provenance generation. This structure allows practitioners to collaborate on concrete, actionable solutions rather than high-level policy alone.

By aligning maintainers, enterprises, and security teams, OpenSSF plays a central role in reducing large-scale risks such as dependency confusion, compromised build systems, and malicious package injection. Its work underpins many modern DevSecOps and cloud-native security practices and is increasingly referenced by governments and enterprises as a baseline for secure software development.