Open Source Security Foundation (OpenSSF)
Verified
We've verified that the organizationossf controls the domain:
- openssf.org
OpenSSF is committed to working both upstream and with existing communities to advance open source security for all.
We foster collaboration, establish best practices, and develop innovative solutions to secure the development, maintenance, and consumption of open source software. OpenSSF is part of the nonprofitLinux Foundation.
- Visit our Projects page (https://openssf.org/projects/)
- AI/ML Security - explore the security risks associated with AI and ML and their impact on open source
- Diversity, Equity & Inclusion - foster a more diverse and inclusive cybersecurity workforce
- Best Practices for Open Source Developers — provide awareness, education, and guidance about security best practices
- Global Cyber Policy - collaborate on cybersecurity-related legislation, frameworks, and standards
- Securing Critical Projects — identify and help secure critical open source projects
- Securing Software Repositories — strengthen the security posture of software repositories
- Security Tooling — identify and provide state of the art, globally accessible security tools
- Supply Chain Integrity — ensure the provenance of open source code
- Vulnerability Disclosures — enable efficient vulnerability reporting and remediation
For any questions, concerns, reports, etc., please emailoperations@openssf.org.
- Join theOpenSSF Slack
- Subscribe to the [OpenSSF monthly newsletter] (https://openssf.org/sign-up/)
- Join one of theOpenSSF Mailing Lists
- Attend Working Group, Special Interest Group (SIG), and Project meetings, which can be found on ourCommunity Calendar
- For more ways to participate, visit ourGet Involved page
We encourage all individual contributors to work with their employers to become members. We aim to grow an active, healthy community of contributors, reviewers, and code owners.Learn more about the requirements and responsibilities of membership in ourMembership page or seecurrent members.
PinnedLoading
- wg-best-practices-os-developers
wg-best-practices-os-developers PublicThe Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
- ai-ml-security
ai-ml-security PublicWorking Group on Artificial Intelligence and Machine Learning (AI/ML) Security
- wg-securing-critical-projects
wg-securing-critical-projects PublicHelping allocate resources to secure the critical open source projects we all depend on.
- wg-securing-software-repos
wg-securing-software-repos PublicOpenSSF Working Group on Securing Software Repositories
Repositories
- malicious-packages Public
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
ossf/malicious-packages’s past year of commit activity - security-baseline Public
ossf/security-baseline’s past year of commit activity - cve-bin-tool Public
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
ossf/cve-bin-tool’s past year of commit activity - orbit-launchpad Public
ossf/orbit-launchpad’s past year of commit activity - wg-best-practices-os-developers Public
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
ossf/wg-best-practices-os-developers’s past year of commit activity - alpha-omega Public
Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.
ossf/alpha-omega’s past year of commit activity
Top languages
Loading…
Uh oh!
There was an error while loading.Please reload this page.