DevSecOps in Practice
A Hands-On Guide to Operationalizing DevSecOps at Scale
Updates from The Open Source Security Foundation (OpenSSF) is a... Activity
@devopslinks added a new tool OWASP Dependency-Check , 1 month, 1 week ago.
Activity
@varbear added a new tool pre-commit , 1 month, 1 week ago.
Activity
@devopslinks added a new tool GitGuardian , 1 month, 1 week ago.
Activity
@devopslinks added a new tool detect-secrets , 1 month, 1 week ago.
Activity
@devopslinks added a new tool Gitleaks , 1 month, 1 week ago.
Course
@eon01 published a course, 1 month, 1 week ago
Founder, FAUN.dev
Story
@tairascott shared a post, 1 month, 1 week ago
AI Expert and Consultant, Trigma
How Do Large Language Models (LLMs) Work? An In-Depth Look
Discover how Large Language Models work through a clear and human centered explanation. Learn about training, reasoning, and real world applications including Agentic AI development and LLM powered solutions from Trigma.
Story
@laura_garcia shared a post, 1 month, 1 week ago
Software Developer, RELIANOID
🔐 RELIANOID at Gartner IAM Summit 2025 | Dec 8–10, Grapevine, TX
We’re heading to the Gartner Identity & Access Management Summit to showcase how RELIANOID’s intelligent proxy and ADC platforms empower modern IAM: enhancing Zero Trust enforcement, adaptive access, and hybrid/multi-cloud security. Join us to explore AI-driven automation, ITDR, and identity governa..
Link
@varbear shared a link, 1 month, 1 week ago
FAUN.dev()
Confessions of a Software Developer: No More Self-Censorship
A mid-career dev hits pause after ten years in the game -realizing core skills likepolymorphism, SQL, and automated testingnever quite clicked. Leadership roles, shipping products, mentoring junior devs - none of it filled those gaps. They'd been writingC#/.NETfor a while too. Not out of love, just .. read more
Link
@varbear shared a link, 1 month, 1 week ago
FAUN.dev()
Building a Blockchain in Go: From 'Hello, Block' to 10,000 TPS
A new Go tutorial shows how to build a lean, fast blockchain - clocking ~10,000 TPS - without the usual bloat. It covers the full stack:P2P networking,custom consensus, and properstate management. No unbounded mempools. No missing snapshots. Just a chain that actually runs, benchmarked on real machi.. read more
OpenSSF was launched in 2021 and operates under the Linux Foundation, combining efforts from earlier initiatives such as the Core Infrastructure Initiative (CII) and industry-led supply chain security programs. Its mission is to make open source software more trustworthy, resilient, and secure by default, without placing unrealistic burdens on maintainers.
The foundation works across several key areas:
- Supply chain security: Developing frameworks, best practices, and tools to secure the software lifecycle from source to deployment. This includes stewardship of projects like sigstore and leadership on SLSA (Supply-chain Levels for Software Artifacts).
- Security tooling: Supporting and incubating open source tools that help developers detect, prevent, and remediate vulnerabilities at scale.
- Vulnerability management: Improving how vulnerabilities are discovered, disclosed, scored, and fixed across open source projects.
- Education and best practices: Publishing guidance, training, and maturity models such as the OpenSSF Best Practices Badge Program, which helps projects assess and improve their security posture.
- Metrics and research: Advancing data-driven approaches to understanding open source security risks and ecosystem health.
OpenSSF operates through working groups and special interest groups (SIGs) that focus on specific problem areas like securing builds, improving dependency management, or automating provenance generation. This structure allows practitioners to collaborate on concrete, actionable solutions rather than high-level policy alone.
By aligning maintainers, enterprises, and security teams, OpenSSF plays a central role in reducing large-scale risks such as dependency confusion, compromised build systems, and malicious package injection. Its work underpins many modern DevSecOps and cloud-native security practices and is increasingly referenced by governments and enterprises as a baseline for secure software development.
