Ulises Gascon · @ulisesgascon
14 followers · 22 posts · Server fosstodon.org

🚩 Keep up to date with @nodejs by watching the Security Working Group's last meeting on YouTube!

Topics:
👉 Load permission settings from config files
👉 build process for
👉 Initiative for CII-Best-Practices for Nodejs Projects
👉 Permission Model - Roadmap
👉 Automate release process
👉 Assessment against best practices ( Scorecard...)

youtube.com/watch?v=IygHE0xCz6

#security #nodejs #audit #dependencies #OpenSSF

Last updated 1 year ago

FOSSlife · @fosslife
2063 followers · 226 posts · Server fosstodon.org
aegilops :github::microsoft: · @aegilops
146 followers · 560 posts · Server fosstodon.org

Microsoft :microsoft: have an open job for a Security Program Manager for Open Source.

“Help us solve open source security challenges at scale, both for the company and the world. If you live at the intersection of open source, software engineering, security, and making things happen, please take a look… [It] is US-based, but…up to 100% remote”

jobs.careers.microsoft.com/glo

#jobs #sdlc #appsec #opensource #OpenSSF #security #CodeQL

Last updated 1 year ago

· @twitter
1 followers · 56474 posts · Server mstdn.skullb0x.io

Referenced link: hubs.la/Q01RFkcM0
Originally posted by The Linux Foundation / @linuxfoundation@twitter.com: twitter.com/linuxfoundation/st

New from the LF Blog: we sit down with Omkhar Arasaratnam, the new General Manager of OpenSSF.

Read the conversation: hubs.la/Q01RFkcM0
@theopenssf

#opensource #OpenSSF #security

Last updated 1 year ago

Lars Bartsch · @kunde_x
169 followers · 1858 posts · Server social.tchncs.de

Am 21.03. findet das Format „B3 im Dialog“ statt, initiiert vom @inoeg via @littledetritus und @bkastl , gehosted vom @bsi - mit @grobmeier und @brianbehlendorf vom moderiert von @mainec

Alle Interessenten willkommen!

bsi.bund.de/SharedDocs/Termine

#foss #b3 #DiCySi #OpenSSF

Last updated 2 years ago

Lars Bartsch · @kunde_x
166 followers · 1836 posts · Server social.tchncs.de

Am 21.03. findet das Format „B3 im Dialog“ statt, initiiert vom @inoeg via @littledetritus und @bkastl , gehosted vom @bsi - mit @grobmeier und Brian Behlendorf vom moderiert von @mainec

Alle Interessenten willkommen!

bsi.bund.de/SharedDocs/Termine

#foss #b3 #DiCySi #OpenSSF

Last updated 2 years ago

@wraith I am extremely cynical about the for the reasons the author lists.

The solution, I think, is better tooling for consumers to mitigate vulnerabilities in vivo. while upstream may appreciate patches, it should not fall upon their shoulders to address

#OpenSSF

Last updated 2 years ago

Sven Ruppert · @svenruppert
399 followers · 169 posts · Server mastodon.social

Guide to implementing a coordinated vulnerability disclosure process for open source projects - github.com/ossf/oss-vulnerabil

#OpenSSF #ossf #security #vulnerabilty #cybersecurity

Last updated 2 years ago

Sven Ruppert · @svenruppert
401 followers · 159 posts · Server mastodon.social
benny Vasquez · @benny
85 followers · 34 posts · Server social.linux.pizza

OpenSSF Day in Vancouver, BC this May (adjacent to the Open Source Summit) has opened its CFP. If you've been involved in something around the OpenSSF, we'd love to see you share your knowledge! openssf.org/blog/2023/02/16/op

#OpenSSF #opensource #software #security

Last updated 2 years ago

Garrit 🎲 · @garritfra
725 followers · 3543 posts · Server fosstodon.org
hugovk · @hugovk
405 followers · 294 posts · Server mastodon.social

🛡️🐍 @ThePSF is hiring a Security Developer-in-Residence!

"Thanks to the we are able to hire someone to undertake a year-long security enhancement initiative and make a long-term plan for Python-related security improvements. Read more and please share the job opening:"

pyfound.blogspot.com/2023/01/t

#OpenSSF #python #security #jobs #hiring

Last updated 2 years ago

Andres Almiray · @aalmiray
626 followers · 234 posts · Server mastodon.social

Bonus: removing the JAR from SCM bumped ’s score with scorecard up a notch 😁

#jreleaser #OpenSSF

Last updated 2 years ago

Ana Jimenez · @anajsana
41 followers · 27 posts · Server fosstodon.org

Seen at AMS 🇳🇱 “What about formalizing an Supply Chain Security Working Group?” I personally love the idea of kicking off a collaborative & @todogroup WG to build open knowledge on this important topic 🎉

#ospologylive #OSPO #OpenSSF

Last updated 2 years ago

aegilops :github::microsoft: · @aegilops
94 followers · 315 posts · Server fosstodon.org

"In Scorecard we trust"

:github: README posted on the Open Source Security Foundation (OoenSSF) Scorecard project to gauge levels of security in code repos:

github.com/readme/guides/softw

#readme #OpenSSF #github #scorecard #codesecurity #supplychain

Last updated 2 years ago

Seth Michael Larson · @sethmlarson
649 followers · 313 posts · Server fosstodon.org

New article: "urllib3 in 2022"

2022 was a great year for , and it's time to celebrate! We received over $26,000 in financial support, shipped the first pre-release of v2.0, and improved our security posture with tools and .

👉 sethmlarson.dev/urllib3-in-202

#urllib3 #OpenSSF #SLSA

Last updated 2 years ago

Kalypso · @Kalypso
1 followers · 22 posts · Server fosstodon.org
Seth Michael Larson · @sethmlarson
610 followers · 250 posts · Server fosstodon.org

Another updated for the holidays, I compile Scorecard data on the top 5,000 most downloaded packages on and make it available here:

github.com/sethmlarson/pypi-sc

#dataset #OpenSSF #python #pypi #pythonpackaging

Last updated 2 years ago

Seth Michael Larson · @sethmlarson
596 followers · 239 posts · Server fosstodon.org

:python:📦 A new dump of data right before Christmas! This one has data on over 400K packages and 180K maintainers of those packages.

github.com/sethmlarson/pypi-da

If you've never seen this project, it's a snapshot in time for most packages on with data about the package, maintainers, dependencies, URLs, scorecard data, and more!

Check it out here: github.com/sethmlarson/pypi-da

#pythonpackaging #python #pypi #OpenSSF

Last updated 2 years ago

Nico Rikken · @nicorikken
33 followers · 57 posts · Server mastodon.nl