🌈 Social 📸 Photography 🌈

OpenSSFThe <a href="https://social.lfx.dev/tags/OpenSSF" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSF</a> Memory Safety SIG just released the <a href="https://social.lfx.dev/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#MemorySafety</a> Continuum! Practical steps to tackle memory safety risks and strengthen <a href="https://social.lfx.dev/tags/OSSSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#OSSSecurity</a> — no matter where you are today. 👉 Read more: https://<a href="https://openssf.org/blog/2025/04/28/announcing-the-release-of-the-memory-safety-continuum/" rel="nofollow noopener" translate="no" target="_blank">https://openssf.org/blog/2025/04/28/announcing-the-release-of-the-memory-safety-continuum/</a>

OpenSSF🔍 How can we better protect open source ecosystems from supply chain attacks? Datadog, an <a href="https://social.lfx.dev/tags/OpenSSF" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSF</a> member, advances security with <a href="https://social.lfx.dev/tags/GuardDog" class="mention hashtag" rel="nofollow noopener" target="_blank">#GuardDog</a>, an open source tool detecting malicious packages in PyPI & npm while contributing to a public threat dataset. Read the blog: <a href="https://openssf.org/blog/2025/03/28/guarddog-strengthening-open-source-security-against-supply-chain-attacks/" rel="nofollow noopener" translate="no" target="_blank">https://openssf.org/blog/2025/03/28/guarddog-strengthening-open-source-security-against-supply-chain-attacks/</a>

AndiMann"<a href="https://masto.ai/tags/OpenSSF" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSF</a> Defines Baseline for Securing <a href="https://masto.ai/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://masto.ai/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#Software</a>"ICYMI, a new <a href="https://masto.ai/tags/OSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#OSS</a> project aims to standardize a <a href="https://masto.ai/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> framework for OSS maintainers. Love it! Coz my research has shown breaking down org boundaries has a very strong correlation with <a href="https://masto.ai/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevOps</a> success!<a href="https://devops.com/openssf-defines-baseline-for-securing-open-source-software/" rel="nofollow noopener" translate="no" target="_blank">https://devops.com/openssf-defines-baseline-for-securing-open-source-software/</a>

OpenSSF🚀 OpenSSF is securing the open source ecosystem! With over 100 members and thousands of contributors, we’re shaping the future of secure software development.📥 Download the Annual Report to see our impact in 2024: <a href="https://hubs.la/Q0318XDQ0" rel="nofollow noopener" translate="no" target="_blank">https://hubs.la/Q0318XDQ0</a> <a href="https://social.lfx.dev/tags/OSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#OSS</a> <a href="https://social.lfx.dev/tags/OpenSSF" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSF</a> <a href="https://social.lfx.dev/tags/SoftwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SoftwareSecurity</a>

Jan SchaumannExcellent summary by Solar Designer on oss-security of what's happened in the last two weeks in response to the <a href="https://mstdn.social/tags/xz" class="mention hashtag" rel="nofollow noopener" target="_blank">#xz</a> <a href="https://mstdn.social/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#backdoor</a>:<a href="https://www.openwall.com/lists/oss-security/2024/04/16/5" rel="nofollow noopener" translate="no" target="_blank">https://www.openwall.com/lists/oss-security/2024/04/16/5</a>Noteworthy: - <a href="https://mstdn.social/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSH</a> implemented systemd notification - <a href="https://mstdn.social/tags/systemd" class="mention hashtag" rel="nofollow noopener" target="_blank">#systemd</a> moves to dlopen(3) for some dependencies - another detailed timeline at <a href="https://research.swtch.com/xz-timeline" rel="nofollow noopener" translate="no" target="_blank">https://research.swtch.com/xz-timeline</a> - similar social engineering takeover attempts suspected in <a href="https://mstdn.social/tags/OpenJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenJS</a> and <a href="https://mstdn.social/tags/OpenSSF" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSF</a>

paris :1up:heading to <a href="https://hachyderm.io/tags/openssf" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssf</a> community day as part of <a href="https://hachyderm.io/tags/ossna" class="mention hashtag" rel="nofollow noopener" target="_blank">#ossna</a> <a href="https://hachyderm.io/tags/osssna" class="mention hashtag" rel="nofollow noopener" target="_blank">#osssna</a> summit. come say hi to talk about <a href="https://hachyderm.io/tags/swift" class="mention hashtag" rel="nofollow noopener" target="_blank">#swift</a>, <a href="https://hachyderm.io/tags/pkl" class="mention hashtag" rel="nofollow noopener" target="_blank">#pkl</a>, the cool stuff i’m up to, or <a href="https://hachyderm.io/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> governance today or throughout the week hope to see you 💖

Ed W8EMVOpenSSF scorecard, wow, OMG, <a href="https://hachyderm.io/@Rejekts" class="u-url mention" rel="nofollow noopener" target="_blank">@Rejekts</a> edition<a href="https://hachyderm.io/@justaugustus" class="u-url mention" rel="nofollow noopener" target="_blank">@justaugustus</a> Stephen Augustus, Cisco<a href="https://whois.auggie.dev" rel="nofollow noopener" translate="no" target="_blank">https://whois.auggie.dev</a>"Is the project safe" "Is it maintained" "Is there a security policy" "Are there contributors from multiple organizations" "Is the code good"^^^ quick things, a few minutesharder things:"are there unfixed vulnerabilities"much harder things"is the project doing fuzzing"--- <a href="https://hachyderm.io/tags/OpenSSF" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSF</a> Scorecard<a href="https://scorecard.dev/" rel="nofollow noopener" translate="no" target="_blank">https://scorecard.dev/</a><a href="https://hachyderm.io/tags/rejekts2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#rejekts2024</a>

heise online (inoffiziell)Sigstore, der kostenlose Software-Signierungsdienst der OpenSSF, gilt nach Erreichen von Version 1.0 als offiziell reif für den produktiven Einsatz. <a href="https://www.heise.de/news/Software-Supply-Chain-Security-Sigstore-ist-einsatzreif-fuer-die-Produktion-7325958.html" rel="nofollow noopener" target="_blank">Software Supply Chain Security: Sigstore ist einsatzreif für die Produktion</a>

heise online (inoffiziell)Insgesamt 800.000 US-Dollar verteilt die OpenSSF an die Open-Source-Organisationen. Das Geld soll in Personal und Ressourcen für Security-Maßnahmen fließen. <a href="https://www.heise.de/news/Open-Source-Security-Finanzspritze-fuer-Eclipse-und-Python-Software-Foundation-7146434.html" rel="nofollow noopener" target="_blank">Open-Source-Security: Finanzspritze für Eclipse und Python Software Foundation</a>

Boiling SteamAWS commits additional $10M to OpenSSF for open source security: <a href="https://aws.amazon.com/blogs/opensource/aws-investing-an-additional-10-million-in-open-source-supply-chain-security/" rel="nofollow noopener" target="_blank">https://aws.amazon.com/blogs/opensource/aws-investing-an-additional-10-million-in-open-source-supply-chain-security/</a> <a href="https://mastodon.cloud/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://mastodon.cloud/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#foss</a> <a href="https://mastodon.cloud/tags/openssf" class="mention hashtag" rel="nofollow noopener" target="_blank">#openssf</a> <a href="https://mastodon.cloud/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

heise online (inoffiziell)Die OpenSSF hat mit Package Analysis ein Projekt gestartet, das Open-Source-Pakete auf verdächtiges Verhalten untersucht. <a href="https://www.heise.de/news/Open-Source-Tool-spuert-Schadcode-in-Paketen-auf-npm-PyPI-und-Co-auf-7070895.html" rel="nofollow noopener" target="_blank">Open-Source-Tool spürt Schadcode in Paketen auf npm, PyPI und Co auf</a>

heise online (inoffiziell)Die Open Source Security Foundation wählt Node.js als erstes förderwürdiges Projekt im Rahmen der Alpha-Omega-Initiative aus und investiert 300.000 US-Dollar. <a href="https://www.heise.de/news/Finanzspritze-soll-Security-der-JavaScript-Runtime-Node-js-staerken-7060618.html" rel="nofollow noopener" target="_blank">Finanzspritze soll Security der JavaScript-Runtime Node.js stärken</a>

GambaJo<a href="https://social.tchncs.de/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> und <a href="https://social.tchncs.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> finanzieren <a href="https://social.tchncs.de/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a>-Sicherheitskampagne .Das ist ein Dilemma. Einerseits tut eine Geldspritze der Community sicherlich gut. Andererseits haben so Konzerne großen Einfluss drauf, in welche Richtung die Reise geht.<a href="https://social.tchncs.de/tags/OpenSSF" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSSF</a> <a href="https://www.heise.de/news/Google-und-Microsoft-finanzieren-Open-Source-Sicherheitskampagne-6347070.html" rel="nofollow noopener" target="_blank">https://www.heise.de/news/Google-und-Microsoft-finanzieren-Open-Source-Sicherheitskampagne-6347070.html</a>

heise online (inoffiziell)Eine neue Initiative der OpenSSF ist das Ergebnis von Verhandlungen im Weißen Haus. 5 Millionen US-Dollar fließen in den Schutz von Open-Source-Anwendungen. <a href="https://www.heise.de/news/Google-und-Microsoft-finanzieren-Open-Source-Sicherheitskampagne-6347070.html" rel="nofollow noopener" target="_blank">Google und Microsoft finanzieren Open-Source-Sicherheitskampagne</a>

Dr. Roy Schestowitz (罗伊)<a class="hashtag" href="https://pleroma.site/tag/arduino" rel="nofollow noopener" target="_blank">#arduino</a> joins dodgy <a class="hashtag" href="https://pleroma.site/tag/openssf" rel="nofollow noopener" target="_blank">#openssf</a> (controlled by <a class="hashtag" href="https://pleroma.site/tag/microsoft" rel="nofollow noopener" target="_blank">#microsoft</a> 'moles') <a href="http://www.tuxmachines.org/node/143788#comment-26966" rel="nofollow noopener" target="_blank">http://www.tuxmachines.org/node/143788#comment-26966</a> see <a href="http://techrights.org/2020/10/30/openssf-microsoft/" rel="nofollow noopener" target="_blank">http://techrights.org/2020/10/30/openssf-microsoft/</a>

Dr. Roy Schestowitz (罗伊)With <a class="hashtag" href="https://pleroma.site/tag/microsoft" rel="nofollow noopener" target="_blank">#Microsoft</a> in Charge, <a class="hashtag" href="https://pleroma.site/tag/openssf" rel="nofollow noopener" target="_blank">#OpenSSF</a> Seems More Like It’s About <a class="hashtag" href="https://pleroma.site/tag/backdoors" rel="nofollow noopener" target="_blank">#BackDoors</a> — Not Real <a class="hashtag" href="https://pleroma.site/tag/security" rel="nofollow noopener" target="_blank">#Security</a> — Inside the <a class="hashtag" href="https://pleroma.site/tag/linuxfoundation" rel="nofollow noopener" target="_blank">#LinuxFoundation</a> <a href="http://techrights.org/2020/10/30/openssf-microsoft/" rel="nofollow noopener" target="_blank">http://techrights.org/2020/10/30/openssf-microsoft/</a>

Dr. Roy Schestowitz (罗伊)<a class="hashtag" href="https://pleroma.site/tag/openssf" rel="nofollow noopener" target="_blank">#OpenSSF</a> already infiltrated and now headed by <a class="hashtag" href="https://pleroma.site/tag/microsoft" rel="nofollow noopener" target="_blank">#microsoft</a> (the <a class="hashtag" href="https://pleroma.site/tag/nsa" rel="nofollow noopener" target="_blank">#nsa</a> back doors), so <a class="hashtag" href="https://pleroma.site/tag/linuxfoundation" rel="nofollow noopener" target="_blank">#linuxfoundation</a> is a total farce <a href="https://www.techrepublic.com/article/openssf-and-linux-foundation-offer-3-free-courses-on-developing-secure-open-source-software/" rel="nofollow noopener" target="_blank">https://www.techrepublic.com/article/openssf-and-linux-foundation-offer-3-free-courses-on-developing-secure-open-source-software/</a>

Dr. Roy Schestowitz (罗伊)Unfettered Freedom, Ep. 1 - <a class="hashtag" href="https://pleroma.site/tag/linux" rel="nofollow noopener" target="_blank">#Linux</a> 5.8, Linux Libre, <a class="hashtag" href="https://pleroma.site/tag/openssf" rel="nofollow noopener" target="_blank">#OpenSSF</a> , <a class="hashtag" href="https://pleroma.site/tag/libreoffice" rel="nofollow noopener" target="_blank">#LibreOffice</a> , the Fediverse <a href="https://www.youtube.com/watch?v=eWG7FboQj30" rel="nofollow noopener" target="_blank">https://www.youtube.com/watch?v=eWG7FboQj30</a>

Recent searches

Search options

Administered by:

Server stats:

#openssf