🚩 Keep up to date with @nodejs #security by watching the #Nodejs Security Working Group's last meeting on YouTube!

Topics:
👉 Load permission settings from config files
👉 #Audit build process for #dependencies
👉 Initiative for CII-Best-Practices for Nodejs Projects
👉 Permission Model - Roadmap
👉 Automate #security release process
👉 Assessment against best practices (#OpenSSF Scorecard...)

https://www.youtube.com/watch?v=IygHE0xCz6Q

Open Source Consumption Manifesto released by @openssf https://www.fosslife.org/openssf-creates-manifesto-consumption-open-source-software #OSCM #OpenSSF #OpenSource #guidelines #SoftwareDevelopment #SoftwareSupplyChain #FOSS #vulnerabilities #policy #security

Microsoft :microsoft: have an open job for a Security Program Manager for Open Source.

“Help us solve open source security challenges at scale, both for the company and the world. If you live at the intersection of open source, software engineering, security, and making things happen, please take a look… [It] is US-based, but…up to 100% remote”

https://jobs.careers.microsoft.com/global/en/job/1575779/Senior-Security-Program-Manager

#jobs #SDLC #AppSec #OpenSource #OpenSSF #Security #CodeQL

Referenced link: https://hubs.la/Q01RFkcM0
Originally posted by The Linux Foundation / @linuxfoundation@twitter.com: https://twitter.com/linuxfoundation/status/1663631507183812608#m

New from the LF Blog: we sit down with Omkhar Arasaratnam, the new General Manager of OpenSSF.

Read the conversation: https://hubs.la/Q01RFkcM0
#opensource #openssf #security @theopenssf

Am 21.03. findet das Format „B3 im Dialog“ statt, initiiert vom @inoeg via @littledetritus und @bkastl , gehosted vom @bsi - mit @grobmeier und @brianbehlendorf vom #OpenSSF moderiert von @mainec

Alle Interessenten willkommen!

https://www.bsi.bund.de/SharedDocs/Termine/DE/2023/B3_im_Dialog_2023.html

#DiCySi #B3 #foss

Am 21.03. findet das Format „B3 im Dialog“ statt, initiiert vom @inoeg via @littledetritus und @bkastl , gehosted vom @bsi - mit @grobmeier und Brian Behlendorf vom #OpenSSF moderiert von @mainec

Alle Interessenten willkommen!

https://www.bsi.bund.de/SharedDocs/Termine/DE/2023/B3_im_Dialog_2023.html

#DiCySi #B3 #foss

@wraith I am extremely cynical about the #OpenSSF for the reasons the author lists.

The solution, I think, is better tooling for consumers to mitigate vulnerabilities in vivo. while upstream may appreciate patches, it should not fall upon their shoulders to address

Guide to implementing a coordinated vulnerability disclosure process for open source projects - #openssf #ossf #security #vulnerabilty #cybersecurity https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md#readme

Concise Guide for Developing More Secure Software - #ossf #cybersecurity #softwaredevelopment #guideline #howto #openssf https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Concise-Guide-for-Developing-More-Secure-Software.md#readme

OpenSSF Day in Vancouver, BC this May (adjacent to the Open Source Summit) has opened its CFP. If you've been involved in something around the OpenSSF, we'd love to see you share your knowledge! https://openssf.org/blog/2023/02/16/openssf-day-at-open-source-summit-north-america-call-for-proposals/ #openssf #opensource #software #security

Notes on #OpenSSF Best Practices:

https://garrit.xyz/posts/2023-02-14-openssf-best-practices

This is post 046 of #100DaysToOffload.

🛡️🐍 @ThePSF is hiring a Security Developer-in-Residence!

"Thanks to the #OpenSSF we are able to hire someone to undertake a year-long security enhancement initiative and make a long-term plan for Python-related security improvements. Read more and please share the job opening:"

https://pyfound.blogspot.com/2023/01/the-psf-is-hiring-security-developer-in.html #Python #security #jobs #hiring

Bonus: removing the JAR from SCM bumped #JReleaser’s score with #OpenSSF scorecard up a notch 😁

Seen at #OSPOlogyLive AMS 🇳🇱 “What about formalizing an #OSPO Supply Chain Security Working Group?” I personally love the idea of kicking off a collaborative #OpenSSF & @todogroup WG to build open knowledge on this important topic 🎉

"In Scorecard we trust"

:github: README posted on the Open Source Security Foundation (OoenSSF) Scorecard project to gauge levels of security in code repos:

https://github.com/readme/guides/software-supply-chain-security

#ReadMe #OpenSSF #GitHub #ScoreCard #CodeSecurity #SupplyChain

New article: "urllib3 in 2022"

2022 was a great year for #urllib3, and it's time to celebrate! We received over $26,000 in financial support, shipped the first pre-release of v2.0, and improved our security posture with #OpenSSF tools and #SLSA.

👉 https://sethmlarson.dev/urllib3-in-2022

Dear valued #developer, please consider to have a look at the "#OpenSourceSecurity and the #OpenSSF Best Practices WG" at
https://www.youtube.com/watch?v=bXNcYX42Tr0&list=PLVl2hFL_zAh8pkubIFT-bphM66T6jNxOI&index=3
for #osssecurity and general #securedevelopment / #sdlc

Another #dataset updated for the holidays, I compile #OpenSSF Scorecard data on the top 5,000 most downloaded #Python packages on #PyPI and make it available here:

https://github.com/sethmlarson/pypi-scorecards

#PythonPackaging

:python:📦 A new dump of #PythonPackaging data right before Christmas! This one has data on over 400K #Python packages and 180K maintainers of those packages.

https://github.com/sethmlarson/pypi-data/releases/tag/2022.12.23

If you've never seen this project, it's a snapshot in time for most packages on #PyPI with data about the package, maintainers, dependencies, URLs, #OpenSSF scorecard data, and more!

Check it out here: https://github.com/sethmlarson/pypi-data

Come share knowledge among #OSPO's at the two day #OSPOlogy Live 🇳🇱 #event 23-24 January in Amsterdam. Focus on Program and signup at https://community.linuxfoundation.org/events/details/lfhq-ospology-european-chapter-presents-ospologylive-share-learn-netherlands/ #OpenSource event hosted at #Alliander and co-organized with #TODOGroup, #LFEnergy, #OpenChain, #SPDX, #CHAOSS #InnersourceCommons and #OpenSSF.