Tag: Open Source Security Foundation (OpenSSF)

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
News

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

Similar to the recently discovered intrusion directed towards the open-source XZ Utils project, security experts have discovered a "credible" takeover attempt targeting the OpenJS Foundation. In a combined notice, the OpenJS Foundation and Open Source Security Foundation (OpenSSF) stated that "the OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails." Without giving any details, the emails pushed OpenJS to upgrade one of its well-known JavaScript projects to fix serious vulnerabilities, according to Omkhar Arasaratnam, general manager at OpenSSF, and Robin Bender Ginn, executive director of OpenJS Foundation read more OpenJS Foundation Targeted in Potential JavaScript Pr...
CISA and OpenSSF Release Framework for Package Repository Security
News

CISA and OpenSSF Release Framework for Package Repository Security

A new framework for securing package repositories will be published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group. The methodology, known as the Principles for Package Repository Security, attempts to further fortify open-source software ecosystems by laying out a set of fundamental guidelines for package administrators. According to OpenSSF, package repositories play a crucial role in the open-source ecosystem by assisting in the mitigation or prevention of such assaults. Robust security gains can result from even little steps read more CISA and OpenSSF Release Framework for Package Repository Security. Get up to date on the latest cybersecurity ...