Open source security gets a boost with new scorecard and best practices

by | Sep 8, 2022 | Technology

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

There is no shortage of challenges when it comes to securing open source software and no shortage of ideas for how to mitigate risks.

It is the stated mission of the OpenSSF (Open Source Security Foundation) to help improve the state of open source security, and that is precisely what it is doing. The OpenSSF is part of the Linux Foundation and has multiple ongoing efforts across different aspects of the software development lifecycle.

On September 7, 2022 the organization announced the latest iteration of its Scorecards effort, an initiative designed to help open source projects and their users identify the state of security within a project. The updated scorecards come a week after the OpenSSF issued new guidance and best practices on how to secure npm, which is a widely used, and often abused, open source package management system for JavaScript.

Easier access for open source security scorecards

The OpenSSF has its roots in a predecessor effort from the Linux Foundation, known as the Core Infrastructure Initiative (CII), which is where the concept of best practices badges for open source projects was introduced in 2015. The badge projects became part of the OpenSSF’s Scorecards effort in 2020. With security scorecards, anyone can run a scan against an open source code repository and automatically identify the general state of security. Badges enable an open source project to easily publicly display scorecard results showing the state of best practices.

Event
MetaBeat 2022
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here …

Article Attribution | Read More at Article Source

Share This