Join us

ContentUpdates from The Open Source Security Foundation (OpenSSF) is a...
 Activity
derynleigh
@derynleigh started using tool OWASP Dependency-Check , 2 weeks, 6 days ago.
 Activity
derynleigh
@derynleigh started using tool Amazon S3 , 2 weeks, 6 days ago.
 Activity
derynleigh
@derynleigh started using tool Amazon ELB , 2 weeks, 6 days ago.
 Activity
derynleigh
@derynleigh started using tool Amazon EC2 , 2 weeks, 6 days ago.
 Activity
derynleigh
@derynleigh started using tool Amazon Cloudfront , 2 weeks, 6 days ago.
 Activity
derynleigh
@derynleigh started using tool Akamai , 2 weeks, 6 days ago.
Story
laura_garcia
@laura_garcia shared a post, 2 weeks, 6 days ago
Software Developer, RELIANOID

🔐 RELIANOID & NIST Cybersecurity Framework Alignment

At RELIANOID, security is built into both our Load Balancer and our internal operations. We align our product and organizational practices with the NIST Cybersecurity Framework (CSF) across its five core functions: Identify, Protect, Detect, Respond, and Recover. ✔️ Consistent security controls acro..

NIST Cybersecurity Framework RELIANOID compliance
440 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Link
varbear
@varbear shared a link, 2 weeks, 6 days ago
FAUN.dev()

Goodbye Microservices

Twilio Segment collapsed 140+ destination-specific microservices into asingle monolith, one repo, one set of dependencies, one test harness. They leveled out version sprawl and builtTraffic Recorder, a homegrown yakbak-based HTTP playback tool. That killed off hours-long test runs, dropping them to.. read more  

Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Link
varbear
@varbear shared a link, 2 weeks, 6 days ago
FAUN.dev()

Why I Didn’t Sign the Resonant Computing Manifesto: The Foundations Need Work

A sharp critique of theResonant Computing Manifestopushes it past vague ideals. It calls for real governance scaffolding, not just poetic prose. Without that? The manifesto risks becoming just another glossy PDF for entrenched players to wave around while changing nothing. Under the hood:What’s real.. read more  

Why I Didn’t Sign the Resonant Computing Manifesto: The Foundations Need Work
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Link
varbear
@varbear shared a link, 2 weeks, 6 days ago
FAUN.dev()

Rust unit testing: file writing

To test file writes without hitting the disk, the author swaps in a closure that takes a file handle. That handle’s a test double, so after the code runs, you can crack it open and inspect what got written... read more  

Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
The Open Source Security Foundation (OpenSSF) is an industry-backed foundation focused on strengthening the security of the global open source software ecosystem. It brings together major technology companies, cloud providers, open source communities, and security experts to address systemic security challenges that affect how software is built, distributed, and consumed.

OpenSSF was launched in 2021 and operates under the Linux Foundation, combining efforts from earlier initiatives such as the Core Infrastructure Initiative (CII) and industry-led supply chain security programs. Its mission is to make open source software more trustworthy, resilient, and secure by default, without placing unrealistic burdens on maintainers.

The foundation works across several key areas:

- Supply chain security: Developing frameworks, best practices, and tools to secure the software lifecycle from source to deployment. This includes stewardship of projects like sigstore and leadership on SLSA (Supply-chain Levels for Software Artifacts).

- Security tooling: Supporting and incubating open source tools that help developers detect, prevent, and remediate vulnerabilities at scale.

- Vulnerability management: Improving how vulnerabilities are discovered, disclosed, scored, and fixed across open source projects.

- Education and best practices: Publishing guidance, training, and maturity models such as the OpenSSF Best Practices Badge Program, which helps projects assess and improve their security posture.

- Metrics and research: Advancing data-driven approaches to understanding open source security risks and ecosystem health.

OpenSSF operates through working groups and special interest groups (SIGs) that focus on specific problem areas like securing builds, improving dependency management, or automating provenance generation. This structure allows practitioners to collaborate on concrete, actionable solutions rather than high-level policy alone.

By aligning maintainers, enterprises, and security teams, OpenSSF plays a central role in reducing large-scale risks such as dependency confusion, compromised build systems, and malicious package injection. Its work underpins many modern DevSecOps and cloud-native security practices and is increasingly referenced by governments and enterprises as a baseline for secure software development.