Join us

ContentUpdates from The Open Source Security Foundation (OpenSSF) is a...
 Activity
cmndrsp0ck
@cmndrsp0ck started using tool Ansible , 3 weeks, 4 days ago.
 Activity
cmndrsp0ck
@cmndrsp0ck started using tool Python , 3 weeks, 4 days ago.
 Activity
cmndrsp0ck
@cmndrsp0ck started using tool Kubernetes , 3 weeks, 4 days ago.
 Activity
cmndrsp0ck
@cmndrsp0ck started using tool Go , 3 weeks, 4 days ago.
 Activity
cmndrsp0ck
@cmndrsp0ck started using tool GNU/Linux , 3 weeks, 4 days ago.
 Activity
cmndrsp0ck
@cmndrsp0ck started using tool GitLab CI/CD , 3 weeks, 4 days ago.
 Activity
cmndrsp0ck
@cmndrsp0ck started using tool Docker , 3 weeks, 4 days ago.
Story
laura_garcia
@laura_garcia shared a post, 3 weeks, 4 days ago
Software Developer, RELIANOID

The UK raises the bar on digital security

With cyberattacks on the rise, the Product Security and Telecommunications Infrastructure (PSTI) Act marks a major step toward making connected technology secure by design. In our latest article, we explain: What the PSTI Act requires Why it matters beyond consumer IoT How it signals a global sh..

426 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story Palark Team Trending
shurup
@shurup shared a post, 3 weeks, 4 days ago
@palark

New CNCF Sandbox projects in 2025: From Podman to CloudNativePG

#kuberne...  #Contain...  #Cloud N...  #Podman  #cncf 
Kubernetes

Each year, 25-30 new Open Source projects related to the Cloud Native ecosystem are accepted to the CNCF Sandbox. In January 2025, there were 13 additions, with four of them donated by Red Hat. Here's the list of these newly added CNCF projects: - Podman Container Tools (security-focused Docker alte..

CNCF Sandbox projects in January 2025
608 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
sancharini
@sancharini shared a post, 3 weeks, 4 days ago

CI Testing Best Practices for Reliable and Fast Builds

As software teams adopt continuous integration, build speed and reliability become critical success factors. CI testing plays a central role in ensuring that every code change is validated quickly and consistently before it moves further down the delivery pipeline. Without clear practices, however, ..

428 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
The Open Source Security Foundation (OpenSSF) is an industry-backed foundation focused on strengthening the security of the global open source software ecosystem. It brings together major technology companies, cloud providers, open source communities, and security experts to address systemic security challenges that affect how software is built, distributed, and consumed.

OpenSSF was launched in 2021 and operates under the Linux Foundation, combining efforts from earlier initiatives such as the Core Infrastructure Initiative (CII) and industry-led supply chain security programs. Its mission is to make open source software more trustworthy, resilient, and secure by default, without placing unrealistic burdens on maintainers.

The foundation works across several key areas:

- Supply chain security: Developing frameworks, best practices, and tools to secure the software lifecycle from source to deployment. This includes stewardship of projects like sigstore and leadership on SLSA (Supply-chain Levels for Software Artifacts).

- Security tooling: Supporting and incubating open source tools that help developers detect, prevent, and remediate vulnerabilities at scale.

- Vulnerability management: Improving how vulnerabilities are discovered, disclosed, scored, and fixed across open source projects.

- Education and best practices: Publishing guidance, training, and maturity models such as the OpenSSF Best Practices Badge Program, which helps projects assess and improve their security posture.

- Metrics and research: Advancing data-driven approaches to understanding open source security risks and ecosystem health.

OpenSSF operates through working groups and special interest groups (SIGs) that focus on specific problem areas like securing builds, improving dependency management, or automating provenance generation. This structure allows practitioners to collaborate on concrete, actionable solutions rather than high-level policy alone.

By aligning maintainers, enterprises, and security teams, OpenSSF plays a central role in reducing large-scale risks such as dependency confusion, compromised build systems, and malicious package injection. Its work underpins many modern DevSecOps and cloud-native security practices and is increasingly referenced by governments and enterprises as a baseline for secure software development.