🚩 Keep up to date with @nodejs #security by watching the #Nodejs Security Working Group's last meeting on YouTube!
Topics:
👉 Load permission settings from config files
👉 #Audit build process for #dependencies
👉 Initiative for CII-Best-Practices for Nodejs Projects
👉 Permission Model - Roadmap
👉 Automate #security release process
👉 Assessment against best practices (#OpenSSF Scorecard...)
#security #nodejs #audit #dependencies #OpenSSF
Open Source Consumption Manifesto released by @openssf https://www.fosslife.org/openssf-creates-manifesto-consumption-open-source-software #OSCM #OpenSSF #OpenSource #guidelines #SoftwareDevelopment #SoftwareSupplyChain #FOSS #vulnerabilities #policy #security
#oscm #OpenSSF #opensource #guidelines #softwaredevelopment #softwaresupplychain #foss #vulnerabilities #policy #security
Microsoft :microsoft: have an open job for a Security Program Manager for Open Source.
“Help us solve open source security challenges at scale, both for the company and the world. If you live at the intersection of open source, software engineering, security, and making things happen, please take a look… [It] is US-based, but…up to 100% remote”
https://jobs.careers.microsoft.com/global/en/job/1575779/Senior-Security-Program-Manager
#jobs #sdlc #appsec #opensource #OpenSSF #security #CodeQL
Referenced link: https://hubs.la/Q01RFkcM0
Originally posted by The Linux Foundation / @linuxfoundation@twitter.com: https://twitter.com/linuxfoundation/status/1663631507183812608#m
New from the LF Blog: we sit down with Omkhar Arasaratnam, the new General Manager of OpenSSF.
Read the conversation: https://hubs.la/Q01RFkcM0
#opensource #openssf #security @theopenssf
#opensource #OpenSSF #security
Am 21.03. findet das Format „B3 im Dialog“ statt, initiiert vom @inoeg via @littledetritus und @bkastl , gehosted vom @bsi - mit @grobmeier und @brianbehlendorf vom #OpenSSF moderiert von @mainec
Alle Interessenten willkommen!
https://www.bsi.bund.de/SharedDocs/Termine/DE/2023/B3_im_Dialog_2023.html
Am 21.03. findet das Format „B3 im Dialog“ statt, initiiert vom @inoeg via @littledetritus und @bkastl , gehosted vom @bsi - mit @grobmeier und Brian Behlendorf vom #OpenSSF moderiert von @mainec
Alle Interessenten willkommen!
https://www.bsi.bund.de/SharedDocs/Termine/DE/2023/B3_im_Dialog_2023.html
Guide to implementing a coordinated vulnerability disclosure process for open source projects - #openssf #ossf #security #vulnerabilty #cybersecurity https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md#readme
#OpenSSF #ossf #security #vulnerabilty #cybersecurity
Concise Guide for Developing More Secure Software - #ossf #cybersecurity #softwaredevelopment #guideline #howto #openssf https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Concise-Guide-for-Developing-More-Secure-Software.md#readme
#ossf #cybersecurity #softwaredevelopment #guideline #howto #OpenSSF
OpenSSF Day in Vancouver, BC this May (adjacent to the Open Source Summit) has opened its CFP. If you've been involved in something around the OpenSSF, we'd love to see you share your knowledge! https://openssf.org/blog/2023/02/16/openssf-day-at-open-source-summit-north-america-call-for-proposals/ #openssf #opensource #software #security
#OpenSSF #opensource #software #security
Notes on #OpenSSF Best Practices:
https://garrit.xyz/posts/2023-02-14-openssf-best-practices
This is post 046 of #100DaysToOffload.
🛡️🐍 @ThePSF is hiring a Security Developer-in-Residence!
"Thanks to the #OpenSSF we are able to hire someone to undertake a year-long security enhancement initiative and make a long-term plan for Python-related security improvements. Read more and please share the job opening:"
https://pyfound.blogspot.com/2023/01/the-psf-is-hiring-security-developer-in.html #Python #security #jobs #hiring
#OpenSSF #python #security #jobs #hiring
Bonus: removing the JAR from SCM bumped #JReleaser’s score with #OpenSSF scorecard up a notch 😁
Seen at #OSPOlogyLive AMS 🇳🇱 “What about formalizing an #OSPO Supply Chain Security Working Group?” I personally love the idea of kicking off a collaborative #OpenSSF & @todogroup WG to build open knowledge on this important topic 🎉
"In Scorecard we trust"
:github: README posted on the Open Source Security Foundation (OoenSSF) Scorecard project to gauge levels of security in code repos:
https://github.com/readme/guides/software-supply-chain-security
#ReadMe #OpenSSF #GitHub #ScoreCard #CodeSecurity #SupplyChain
#readme #OpenSSF #github #scorecard #codesecurity #supplychain
Dear valued #developer, please consider to have a look at the "#OpenSourceSecurity and the #OpenSSF Best Practices WG" at
https://www.youtube.com/watch?v=bXNcYX42Tr0&list=PLVl2hFL_zAh8pkubIFT-bphM66T6jNxOI&index=3
for #osssecurity and general #securedevelopment / #sdlc
#developer #opensourcesecurity #OpenSSF #OSSsecurity #securedevelopment #sdlc
Another #dataset updated for the holidays, I compile #OpenSSF Scorecard data on the top 5,000 most downloaded #Python packages on #PyPI and make it available here:
#dataset #OpenSSF #python #pypi #pythonpackaging
:python:📦 A new dump of #PythonPackaging data right before Christmas! This one has data on over 400K #Python packages and 180K maintainers of those packages.
https://github.com/sethmlarson/pypi-data/releases/tag/2022.12.23
If you've never seen this project, it's a snapshot in time for most packages on #PyPI with data about the package, maintainers, dependencies, URLs, #OpenSSF scorecard data, and more!
Check it out here: https://github.com/sethmlarson/pypi-data
#pythonpackaging #python #pypi #OpenSSF
Come share knowledge among #OSPO's at the two day #OSPOlogy Live 🇳🇱 #event 23-24 January in Amsterdam. Focus on Program and signup at https://community.linuxfoundation.org/events/details/lfhq-ospology-european-chapter-presents-ospologylive-share-learn-netherlands/ #OpenSource event hosted at #Alliander and co-organized with #TODOGroup, #LFEnergy, #OpenChain, #SPDX, #CHAOSS #InnersourceCommons and #OpenSSF.
#OpenSSF #innersourcecommons #chaoss #spdx #openchain #lfenergy #todogroup #alliander #opensource #event #ospology #ospo