Open Source Security Gets a Boost with New Scorecard and Best Practices
1 min read
Sep 14, 2022
There is no shortage of challenges when it comes to securing open source software and no shortage of ideas for how to mitigate risks.
It is the stated mission of the OpenSSF (Open Source Security Foundation) to help improve the state of open source security, and that is precisely what it is doing. The OpenSSF is part of the Linux Foundation and has multiple ongoing efforts across different aspects of the software development lifecycle.
On September 7, 2022 the organization announced the latest iteration of its Scorecards effort, an initiative designed to help open source projects and their users identify the state of security within a project. The updated scorecards come a week after the OpenSSF issued new guidance and best practices on how to secure npm, which is a widely used, and often abused, open source package management system for JavaScript.
Related Articles
1 - 0 min read
How Seccomp Profiles Can Improve Kubernetes Security
1 - 0 min read
Open Source is Not Insecure, Despite Common Misconceptions
1 - 0 min read
Linux Kernel 'Make-Me-Root' Flaw Threatens Popular Distros
1 - 0 min read
Joomla XSS Bug Puts Millions of Websites at Risk of RCE
