Team – please review Issue 103(1) and review our WG Charter and express your vote so we can close this matter. Thanks all! - https://github.com/ossf/wg-best-practices-os-developers/issues/103 Cheers,

All, FYI: GitHub now supports private reporting of security vulnerabilities to projects! This is a big deal. Details here: https://docs.github.com/en/code-security/security-advisories/guidance-on-repo

Subject: [OpenSSF] The US Securing Open Source Software Act of 2022 is a step in the right direction Good day from Singapore, I have just come across this article. Sharing it for more awareness. Artic

I propose adding to the fundamentals security course an example using Ashley Madison. You can see the proposed text here: https://github.com/ossf/secure-sw-dev-fundamentals/pull/105 The full story is

All: Feedback on the "Secure Software Development Fundamentals course" indicated that many really liked our "Story Time" sections. These give specific real-world examples of attacks. As a result, I pl

In case you didn't see it, there's lots of info in Sonatype's 8th annual "State of the Software Supply Chain Report" (2022): https://www.sonatype.com/state-of-the-software-supply-chain/introduction It

Hi all, As discussed on the TAC call yesterday, just a quick note to share that: We will be cancelling all OpenSSF meetings during the holiday periods of Nov. 24-25 and Dec. 26-30. Please let us know

Dear all, I'm happy to announce that we're approaching the first session of the Office Hours. Below is the announcement message (based on the work of Michael S), please review in the next hours. The c

All: I created a proposed short section on securing AI/ML for the fundamentals course: https://github.com/ossf/secure-sw-dev-fundamentals/pull/91 I wish there were better/more complete answers, but be

Hello all, OpenSSF Office Hours is an initiative to organize regular calls where open source maintainers can come and ask their security-related questions. For that to work we need security experts. T

Hi folks, Scorecard badges launched a few weeks ago and developers have already started interacting with it (yay!). A common feedback we received is - clicking through the badge returns a JSON blob an

All: I wasn't sure id this was already clear, so I'm posting. The main OpenSSF site (openssf.org), under Resources -> Guides, links to this page with a list of guides: https://openssf.org/resources/gu

Hello! OpenSSF Staff are undertaking an effort to provide better data and reporting to our community in a number of different ways. One of these ways is to gauge Working Group and committee participat

$SUBJECT Cheers, CRob Director of Security Communications Intel Product Assurance and Security

All: I believe we've completed the first versions of our two "concise guides": 1. Concise Guide for Developing More Secure Software https://github.com/ossf/wg-best-practices-os-developers/blob/main/do

FYI: The Best Practices Badge project now has over 5,000 participating projects. This makes sense because we've had continuous growth. As of 2022-07-30 there were 4,930; as of 2022-08-30 there were 5,

FYI: Here's another story showing it's possible to plan for & rapidly handle vulnerable dependencies, as outlined in "Concise Guide for Developing More Secure Software". --- David A. Wheeler =========

Team – we will not be meeting on 13September. Many of us will be in Dublin at the OSS-EU conference and participating in OpenSSF day. We will be formally announcing our Concise Guides as part of the c

All: We now have two new final-draft documents produced by the OpenSSF Best Practices Working Group. I propose that we vote for their approval at our next meeting. Details & links below. --- David A.

FYI, here are some statistics for the secure software development fundamentals courses, as of today. --- David A. Wheeler ====================== LFD 121 is on the Linux Foundation T&C platform, and th