OpenSSF

🎁✨ The holiday season is here, hackers don’t take holidays! 🚨 While we celebrate, cyber threats can escalate, targeting busy individuals and organizations. Learn how to safeguard your digital world this season with OpenSSF tools: https://lnkd.in/eZe7-JbE 🎉 Happy holidays! #cybersecurity #softwaresupplychain #holidays #OpenSSF #OpenSource

🎉 As we wrap up 2024, we're reflecting on a year of incredible progress and collaboration across the #OpenSSF community. Dive into the December newsletter for highlights, community updates, and a big thank you to everyone who contributed to securing open source software this year. https://hubs.la/Q030ggcp0

sigstore creator, Chainguard CEO, OpenSSF TAC member and Season 1 guest Dan Lorenc returns to the #ITOps Query #podcast to discuss the year in #opensource and #cybersecurity. Topics range from #softwaresupplychain management, hardening #containerimages and #SBOMs in limbo to #openproduct companies and business models, including his own company's shift in focus this year. Plus: a look ahead to #SecOps and #AI in 2025. #yearinreview #2024inreview #2025predictions

📣 The OpenSSF Meetup in Japan wrapped up just last week. Catch the video and recap both #SOSSFusion and #SOSSCommunity Day Japan together! ✨ Meetup recording is now available: https://lnkd.in/ejvVczEf Blog: https://lnkd.in/efPGyZjE #OSSSecurity #Meetup #Community #Japan #OSS

⏰ It’s Tomorrow! 🎉 Don’t miss the OpenSSF MAC + DevRel End-of-Year Celebration – a casual, fun-filled virtual event to honor YOU! 📅 Date: December 19, 2024 ⏰ Time: 1:00 PM EST 🔗 Zoom Link: https://lnkd.in/eR3MAwUJ What’s happening: 🌟 Recognition of amazing contributors 👕 Ugly Sweater Contest – festive attire encouraged! 🍺 Beer & Donuts vibes (BYO snacks) 🐾 Fluffy friends welcome as +1s Open to everyone in the OpenSSF community. Let’s wrap up 2024 together with gratitude, fun, and holiday cheer!

🌍 “We can’t wait for the next Log4j to happen.” In Ep. #22 of What’s in the SOSS?, Tara Tarakiyee from the Sovereign Tech Agency highlights why long-term investment in open source infrastructure is critical. Learn how they’re funding vital projects and empowering maintainers to build a secure, resilient digital world. 🎧 Tune in: https://hubs.la/Q02_W6K00 #OpenSourceSecurity #SovereignTechAgency #OpenSSF

🎉 Don’t Miss Out! 🎉 The OpenSSF MAC + DevRel End-of-Year Celebration is just a few days away! 📅 When: December 19, 2024, at 1:00 PM EST 🔗 Where: https://lnkd.in/eR3MAwUJ Get ready for: 🌟 Celebrating MAC + DevRel contributions 👕 Ugly Sweater Contest 🍺 Beer & Donuts vibes 🐾 Fluffy friends welcome as your +1s Let’s toast to an incredible 2024. Open to all in our community – see you there!

As a supplement for Part 2 of the little OpenSSF blog series on the #CRA, here's a more compact overview over the timeline until the evaluation in six years. Understanding the CRA: OpenSSF’s Role in the Cyber Resilience Act Implementation – Part 2: https://lnkd.in/ezs-5niC

Last month, the OpenSSF community gathered in Salt Lake City for #SigstoreCon: Supply Chain Day, co-located with #KubeCon NA 2024! 🎉 This conference was packed with insightful keynotes, technical deep dives, and case studies, showcasing how #Sigstore is transforming software supply chain security. Sigstore is revolutionizing software integrity by simplifying the signing and verification of digital artifacts, ensuring developers and organizations can implement security practices at scale. Check out key moments from the conference, including: 🔑 Keynotes from Bob Callaway (Google) & Luke Hinds (Stacklok) 🔍 Technical deep dives on sigstore's advancements 🔐 Real-world case studies from Red Hat, Ruby Central, Inc., and more Read the full blog to explore the highlights and how Sigstore is shaping the future of software security: https://lnkd.in/d6se9vNx Hayden Blauzvern, Bob Callaway, Luke Hinds, Chinenye Okafor, Jussi Kukkonen, Poppaea McDermott, Parth Patel, CISSP, λ Mihai λ Maruseac λ, Ian Dunbar-Hall, Marc Frankel, @Samuel Giddins, Lance Ball, @Brian Cook, @William Woodruff, Zach Steindler

🌮 Spice Up Your Supply Chain Security with GUAC v0.12.0! 🥑✨ The latest version of #GUAC is here, and it’s loaded with tasty new features to keep your #softwaresupplychain fresh and #secure: 🌮 A new certifier to fetch end-of-life info straight from endoflife.date – because no one likes stale #dependencies! 🥗 An OCI collector to gather insights from #container registries – serving up secure #software, one container at a time. 🌶️ Enhanced OSV certifier with severity metadata – now adding an extra kick to #vulnerability tracking! 📖 Feast on the full details in our blog post ⤵️ https://lnkd.in/gAh4jEw9 #SoftwareSupplyChainSecurity #SoftwareSecurity #SBOM #OpenSource #DevSecOps 🥑