OpenSSF Archives

Joining the FINOS AI security initiative

Eddie Knight | July 2, 2025 | Artificial Intelligence, FINOS, Open Source Security, open-source-software, OpenSSF

It's only been four months since I last posted about Sonatype's contributions to the open source security ecosystem — not too bad! ...

2024 Sonatype Blog

Behind the Baseline: Reflecting on the launch of the Open Source Project Security Baseline

Eddie Knight | February 25, 2025 | FINOS, open source, Open Source Tools, OpenSSF

It's been a while since I've shared an update on the work Sonatype is doing in the open source ecosystem, so I'm excited to share an update on a few things we're ...

2024 Sonatype Blog

The State of Open Source Cloud-Native Security

Bill Doerrfeld | January 12, 2024 | Cloud Security, Cloud-Native Security, open source, OpenSSF, SBOMs, Software Security

As 2024 kicks off, here's where cloud-native supply chain security stands and what to expect in the immediate future ...

Security Boulevard

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

Aaron Linskens | December 18, 2023 | DevZone, government, open source, OpenSSF, software supply chain

In October 2023, the Cybersecurity and Infrastructure Security Agency (CISA) published a white paper Software Identification Ecosystem Option Analysis. Following the release of that paper, the Department of Homeland Security (DHS), CISA's ...

Sonatype Blog

OpenSSF Head Delivers AI Warning for Application Security

Michael Vizard | February 2, 2023 | AI, Linux Foundation, open source, OpenSSF, secure software

The overall state of application security is likely to worsen if organizations fail to take note of advances in artificial intelligence (AI). Brian Behlendorf, general manager for the Open Source Security Foundation ...

Security Boulevard

actors, critical, infrastructure, threats, cybersecurity energy infrastructure CISA NSA

Critical Infrastructure’s Open Source Problem

Sue Poremba | November 17, 2022 | cisa, Critical Infrastructure, executive order cybersecurity, open source, OpenSSF

Open source has a security problem, and that could have real-world impact when it affects critical infrastructure. According to research from Synopsis, 78% of code in codebases is open source, and 81% ...

Security Boulevard

OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1

Richi Jennings | October 28, 2022 | critical flaw, Mark J. Cox, Oh joy—what did the NSA sabotage in that project this time?, OpenSSF, openssl, openssl vulnerabilities, SB Blogwatch

OpenSSL has a new ‘critical’ bug. But it’s a secret until next month ...

Security Boulevard

OpenSSF Announces Project for Open Source Security- TechStrongTV

Alan Shimel | September 6, 2022 | Linux Foundation, open source, OpenSSF, supply chain security

OpenSSF is excited to announce the Alpha-Omega Project to improve the security posture of open source software (OSS) through direct engagement of software security experts and automated security testing. Microsoft and Google ...

Security Boulevard

cyberwar, cyber, SLA, cyberattack, retailers, Ai, applications, sysdig, attack, cisco, AI, AI-powered, attacks, attackers, security, BreachRx, Cisco, Nexus, security, challenges, attacks, cybersecurity, risks, industry, Cisco Talos hackers legitimate tools used in cyberattacks

Techstrong TV: 19 Organizations Join OpenSSF

Alan Shimel | August 18, 2022 | open source, OpenSSF, Security Vulnerabilities

OpenSSF announced 19 new organizations have joined OpenSSF to help identify and fix security vulnerabilities in open source software and develop improved tooling, training, research, best practices, and vulnerability disclosure practices. Alan ...

Security Boulevard

OpenText OCSF WhiteSource Log4j window Proofpoint Open Source Security

OpenSSF Seeks $150M+ to Address Open Source Software Security

Michael Vizard | May 13, 2022 | open source, open source software supply chain, OpenSSF, supply chain security

The Open Source Security Foundation (OpenSSF) this week outlined a plan to better secure open source software by focusing on 10 streams of investment that, in total, would require more than $150 ...

Security Boulevard

OpenSSF

Joining the FINOS AI security initiative

Behind the Baseline: Reflecting on the launch of the Open Source Project Security Baseline

The State of Open Source Cloud-Native Security

OpenSSF responds to CISA, advocates for a multifaceted approach to software identification

OpenSSF Head Delivers AI Warning for Application Security

Critical Infrastructure’s Open Source Problem

OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1

OpenSSF Announces Project for Open Source Security- TechStrongTV

Techstrong TV: 19 Organizations Join OpenSSF

OpenSSF Seeks $150M+ to Address Open Source Software Security

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On