Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

Tag: OpenSSF

old school library catalog.

OpenSSF Siren: Security for One, Security for All

| | CVEs, intelligence sharing, iocs, NIST, open source, OpenSSF, risk mitigation, siren, TTPs
The OpenSSF Siren is a fresh, new take on ye old security mailing list ...
OpenSSF warns of Open Source Social Engineering Threats

OpenSSF warns of Open Source Social Engineering Threats

| | Linux Foundation, open source, open source threats, OpenSSF, social engineering, XZ Utils
Linux dodged a bullet. If the XZ exploit had gone undiscovered for only a few more weeks, millions of Linux systems would have been compromised with a backdoor. We were lucky. But ...
OpenSSF warns of Open Source Social Engineering Threats

Summit Highlights Open Source Software Security Progress

| | open source, OpenSSF, software security, Software Supply Chain Security
The OpenSSF hosted a Secure Open Source Software (SOSS) Summit 2023 event during which it made available a Secure Open Source Software Vision Brief 2023 ...
privacy risk Sigstore GraphQL security Checkmarx Sonatype WhiteSource the secure software development

Sigstore Code Signing Service Becomes Generally Available

| | code signing, open source security, OpenSSF, Sigstore
A free digital signing service for software created by the Sigstore open source community has become generally available this week via the cloud. Announced at the SigstoreCon event that occurred during the ...
DARPA, code schema Lineaje devOps Rust JFrog Project Pyrsia OpenRewrite Micronaut ModernePython

Rust Foundation Allies With OpenSSF and JFrog to Secure Code

| | jfrog, open source, OpenSSF, Rust, The Linux Foundation
The Rust Foundation announced today it is working with the Open Source Security Foundation (OpenSSF) and JFrog to help maintainers secure open source software created using the Rust programming language. Rebecca (Bec) ...
software, security, open-source, Lineaje, Linux, open source, report, study, Open source code

Survey Uncovers Depth of Open Source Software Insecurity

| | devsecops, open source, OpenSSF, Snyk
A survey from Snyk and the Linux Foundation published today found that less than half of respondents (49%) work for organizations that have security policies in place for the use or development ...
Honeycomb Grafana OpenSSF open source

OpenSSF Adds Open Source Package Analysis Tool Prototype

| | code scanning, open source, OpenSSF, package analysis, SCA
The Open Source Security Foundation (OpenSSF) has made available a prototype of a package analysis tool that has already identified more than 200 malicious packages uploaded to PyPI and npm software components ...
code, kernel, eBPF, Veracode GitKraken JFrog GitGuardian organizations, quality fear unknown software app Rust Contrast Security Adds API Support to Application Security Platform

Checkmarx Finds Malicious Open Source PyPi Repository

| | Checkmarx, cybercriminals, OpenSSF, PyPi, software security, Starjacking
Checkmarx, a provider of a platform for testing application security, this week disclosed it has discovered a malicious instance of a PyPi repository for Python code that has been downloaded more than ...
DevOps jobs job Linux Foundation

Linux Foundation Lists Top Open Source Libraries

| | application security, open source, OpenSSF, supply chain, The Linux Foundation
The Linux Foundation today published a report that provides access to eight lists of the top 500 open source libraries being used by organizations as part of an ongoing effort to help ...