The Open Source Security Foundation (OpenSSF) has published its annual report for 2024. The Foundation’s work focuses on developing security tools, training developers, and lobbying, particularly in the United States and Europe.
Advertisement
OpenSSF now has 126 members from 15 countries, including AWS, Google, Intel, Microsoft, and Red Hat. 2239 contributors from the community helped in working groups or developing security tools. 62,618 projects use the Sigstore tool, 12,000 participants attended foundation courses and 7,500 projects, such as Kubernetes, the Linux kernel, and Node.js, follow best practices published by OpenSSF.
Free Training and Open Source Tools
Open Source Security Foundation Annual Report
(Image: OpenSSF)
Many developers will be particularly interested in the free courses and learning materials as well as the OpenSSF tools. It’s free For example, the online introductory course Developing Secure Software (LFD121), which this year attracted 8,000 participants. For example, the instructions are also publicly available Secure Principles for Package Repository Security, Using Regular Expressions Correctly for Secure Input Validation Or Compiler Option Hardening Guide for C and C++Another document is being prepared on the Python topic. OpenSSF also charges fees for other parts of the training program.
The report lists Sigstore and Scorecard as the most important among the 14 tools under the foundation. Key and completed in 2022 certificate manager sigstore The software secures the components as well as the manufacturing and supply chain process. For this purpose, OpenSSF operates its own trust center. project scorecard Used to record metrics in the security area. New tools added to the sandbox this year are Protobom, BomCTR, and Minder, software that manages bill of materials or supply chain.
Another function of OpenSSF is to identify system-critical open source software, to list and advising the projects involved. Additionally, it creates security scores for 500,000 projects every month.
The Foundation wants to increase its commitment to artificial intelligence in the future: “As AI becomes more widespread, I look forward to seeing how OpenSSF will use AI and open source to make AI more secure and improve security.” “Arun Gupta, chair of the governing board, writes in the report.
The annual report can be downloaded for free as a PDF On the website of the Foundation,
read this also
(Who)
AI Factory Barcelona | Barcelona to get 200 million euros to become one of the EU’s “artificial intelligence factories”
