Content Paint
Search
Sign in

openssf

 |  Cybersecurity  | Apr 15, 2024
XZ Redux? Social engineering attacks on OSS intercepted
openssf open source social engineering attack

"These emails implored OpenJS to take action to update one of its popular JavaScript projects to ‘address any critical vulnerabilities'"

 |  CISA  | Feb 12, 2024
How secure is your package repo? CISA defines four levels of security maturity, starting at zero
How secure is your package repo? CISA defines four levels of security maturity, starting at zero

"Package managers are at a critical point in the open source ecosystem and have the capability to scale security improvements across open source ecosystems"

open source  | Oct 13, 2023
A free new repository offers intel on malicious open source
Open Source Security Foundation's (OpenSSF) new Malicious Packages Repository

OpenSSF's new Malicious Packages Repository is free to use in and available in OSV format.

CISO  | Oct 05, 2023
JPMorgan’s Global CISO urges use of Sigstore, Alpha-Omega in open source security drive
JPMorgan’s Global CISO urges use of Sigstore, Alpha-Omega in open source security drive

Multinational's Global CISO touts critical work being done by the OpenSSF and tools like its Security Scorecard...

Cybersecurity  | Aug 18, 2022
"We have an endemic problem" OpenSSF director warns over secure development
"We have an endemic problem" OpenSSF director warns over secure development

"We're not teaching our developers anything, and so we're getting better software than we deserve."

Interviews, Insight, Intelligence for Digital Leaders

© 2025 The Stack
©  2025 The Stack

Search the site
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.