#OpenSSF

Securing Your Supply Chain by Building with FRSCA

Explore FRSCA, an OpenSSF project implementing CNCF's Secure Software Factory Reference Architecture to protect against supply chain attacks and enhance build pipeline security.

Add to list

16 Lesons

38 minutes

On-Demand

Free-Video

Simplifying Coordinating Vulnerabilities and Disclosures in Open Source Projects

Learn best practices for handling vulnerability disclosures in open source projects. Discover tools and templates to streamline the process and reduce stress when dealing with security reports from researchers.

Add to list

1 Lesons

45 minutes

On-Demand

Free-Video

SLSA in Action: Securing the Software Supply Chain

Live demonstration of securing software supply chain and achieving SLSA compliance using sample repo. OpenSSF SLSA group showcases tooling developed to meet SLSA 1.0 Build Specification, offering practical insights into implementation.

Add to list

1 Lesons

40 minutes

On-Demand

Free-Video

Implementing OpenSSF Best Practices Badges and Scorecards for Project Security

Learn to enhance open-source project security using OpenSSF Best Practices Badges and Scorecards. Gain practical tips for implementation and addressing common issues to improve your project's security posture.

Add to list

1 Lesons

53 minutes

On-Demand

Free-Video

Open Source Software Security Mobilization Plan - Press Briefing

Executives announce Open Source Software Security Mobilization Plan, outlining ten investment streams to enhance open source software resilience and security following a summit with industry and government leaders.

Add to list

1 Lesons

40 minutes

On-Demand

Free-Video

What You Need to Know and Do About Vulnerability Disclosure

Learn about coordinated vulnerability disclosure in open source projects, its importance for security, and implications for maintainers and users.

Add to list

1 Lesons

18 minutes

On-Demand

Free-Video

Summing Up the OpenSSF Summit - May 2022 Gathering and Action Plan

Experts discuss OpenSSF's May 2022 summit, addressing open source security challenges, government involvement, and future initiatives for enhancing software supply chain resilience.

Add to list

19 Lesons

44 minutes

On-Demand

Free-Video

CNCF [Cloud Native Computing Foundation]

SLSA FRSCA Recipe for Secure Supply Chain

Explore an end-to-end solution for software supply chain security using OpenSSF-FRSCA, integrating tools like Tekton, Sigstore, and Kyverno to meet SLSA Level 3 requirements.

Add to list

1 Lesons

33 minutes

On-Demand

Free-Video

Security Is an Ecosystem - We Can't Be Secure in Isolation

Explore the evolving security landscape and OpenSSF's role in enhancing organizational security posture with industry expert Omkhar Arasaratnam.

Add to list

8 Lesons

16 minutes

On-Demand

Free-Video

Securing Content Distribution with RSTUF, an Incubating OpenSSF Project

Explore RSTUF, an OpenSSF project for securing content distribution. Learn about its implementation, adoption by PyPI and RubyGens, and use in private repositories and Archivista for in-toto attestation storage.

Add to list

1 Lesons

22 minutes

On-Demand

Free-Video

Web Developer Security: Best Practices and Beyond

Explore latest web security developments, technologies, and best practices for developers, including insights from recent workshops and W3C initiatives.

Add to list

1 Lesons

18 minutes

On-Demand

Free-Video

The Current State of Open Source Security Compliance Tooling Is Well, Sad

Explore practical approaches to improve software supply chain security using OpenSSF projects, open source tools, and open data for automated compliance and robust processes.

Add to list

1 Lesons

18 minutes

On-Demand

Free-Video

DevConf

Open Source Security: Opportunity or Oxymoron?

Explore open source security challenges, recent initiatives, and best practices for developers and consumers. Gain insights into secure development and supply chain management.

Add to list

1 Lesons

35 minutes

On-Demand

Free-Video

Beyond Guidelines - Designing and Implementing Robust Build Pipelines

Learn to design and implement secure build pipelines beyond standard guidelines. Explore practical tools and methods to enhance supply chain security and protect against rising attacks.

Add to list

1 Lesons

41 minutes

On-Demand

Free-Video

Principles for Package Repository Security

Exploring principles for package repository security, including a four-level maturity model. Learn about CISA and OpenSSF's collaborative efforts to enhance open source software security across ecosystems.

Add to list

1 Lesons

38 minutes

On-Demand

Free-Video

What is the OpenSSF? - An Introduction to the Open Source Security Foundation

Explore the OpenSSF's mission, structure, and initiatives to enhance open source software security with insights from Executive Director Brian Behlendorf.

Add to list

1 Lesons

10 minutes

On-Demand

Free-Video

Finding LibRaska: The Open Source Library that Props up our Infrastructure

Explore challenges in identifying and supporting critical, yet obscure open source packages that underpin infrastructure. Learn strategies to enhance security in open source supply chains.

Add to list

1 Lesons

18 minutes

On-Demand

Free-Video

What is OpenSSF? - Securing Open Source Software Supply Chains

Explore OpenSSF's mission to secure open source supply chains through automated tools, best practices, education, and collaboration.

Add to list

1 Lesons

17 minutes

On-Demand

Free-Video

Improving Global Software Supply Chain Security with Alpha-Omega

Explore the Alpha-Omega Project's framework for enhancing software supply chain security, focusing on critical and long-tail open source projects. Gain insights into this new OpenSSF initiative.

Add to list

1 Lesons

19 minutes

On-Demand

Free-Video

What Makes a Project Critical? Discovering and Evaluating Popular Open Source Software

Discover criteria for evaluating critical open source projects and learn to assess their impact on infrastructure and society.

Add to list

1 Lesons

12 minutes

On-Demand

Free-Video

Driving Security at Scale: Principles for Package Repository Security - Lecture

Explore principles for enhancing package repository security, including a four-level maturity model. Learn about CISA's collaboration with OpenSSF to improve open source ecosystem security at scale.

Add to list

1 Lesons

19 minutes

On-Demand

Free-Video

Born of Hard Times - The Clean Dependency Project is Here to Help

Explore the Clean Dependency Project's proactive approach to OSS vulnerability management and learn how to contribute to this innovative open-source initiative.

Add to list

1 Lesons

14 minutes

On-Demand

Free-Video

Sigstore: 2024 and Beyond

Explore Sigstore's achievements, future roadmap, and vision for securing open source software. Learn about upcoming milestones and opportunities to contribute to this de-facto signing solution.

Add to list

1 Lesons

14 minutes

On-Demand

Free-Video

Deep Dive into the OpenSSF Mobilization Plan

Explore the OpenSSF Mobilization Plan for securing open source supply chains through automated tools, best practices, education, and collaboration.

Add to list

1 Lesons

35 minutes

On-Demand

Free-Video

Sigstore: Using Transparent Digital Signatures to Help Secure the Software Supply Chain

Explore transparent digital signatures with Sigstore to enhance software supply chain security. Learn key techniques for protecting open source ecosystems.

Add to list

1 Lesons

27 minutes

On-Demand

Free-Video

Developer Security Essentials

Learn essential security practices for developers to protect open source software and strengthen supply chains.

Add to list

1 Lesons

25 minutes

On-Demand

Free-Video

Best Practices Make Perfect! How the OSSF is Improving Secure Development Education

Explore OpenSSF initiatives for improving open source security, including Scorecards, Best Practices badge, documentation, and secure software development training.

Add to list

1 Lesons

27 minutes

On-Demand

Free-Video

How's Your Supply Chain with Your Insecure OSS Ingestion?

Explore secure open source software ingestion and supply chain management strategies for enhanced cybersecurity in modern applications and infrastructure.

Add to list

8 Lesons

27 minutes

On-Demand

Free-Video

OSS-SIRT - Identify Core Services 2

Explore essential core services for open source security incident response teams, enhancing your ability to manage and mitigate security threats effectively.

Add to list

1 Lesons

1 hour 1 minute

On-Demand

Free-Video

Every Journey to Securing the Software Supply Chain Starts with a Single Step

Explore NYU's journey in software supply chain security, uncovering challenges, best practices, and a roadmap for enhancing software security.

Add to list

1 Lesons

13 minutes

On-Demand

Free-Video

Build Provenance: Lessons from Homebrew

Explore build provenance for Homebrew package manager, including achievements, challenges, and technical insights. Learn about its architecture and implications for similar ecosystems.

Add to list

1 Lesons

16 minutes

On-Demand

Free-Video

A Beginner's View of Public Instances

Explore OpenSSF's public instances: hosting, scale, security, and usage guidelines. Gain insights into tools for safer software development and protection against attackers.

Add to list

1 Lesons

14 minutes

On-Demand

Free-Video

Presenting the OSTIF Independent Security Audit Impact Report

Explore OSTIF's 2022 security improvements to critical open source projects, funded by OpenSSF. Learn about the initiative's background and key outcomes.

Add to list

1 Lesons

16 minutes

On-Demand

Free-Video

SLSA: A Security Paradigm for Software Supply Chain Integrity

Explore SLSA levels, software supply chain security basics, and tools like Cosign to enhance artifact integrity and benefit your organization.

Add to list

1 Lesons

58 minutes

On-Demand

Free-Video

Proactive Supply Chain Security with GUAC

Explore GUAC, a tool for proactive software supply chain security. Learn about its features, recent release, roadmap, and how to contribute to this OpenSSF project.

Add to list

1 Lesons

58 minutes

On-Demand

Free-Video

New Foundations of SBOM Are Underway at OpenSSF

Explore new OpenSSF projects addressing SBOM challenges, including protobom for data handling, sbomit for trust verification, and bomctl for basic operations. Learn about their impact on the SBOM ecosystem.

Add to list

1 Lesons

21 minutes

On-Demand

Free-Video

Securing the Software Supply Chain: An In-Depth Exploration of SLSA

Explore SLSA's impact on software supply chain security, covering fundamentals, trust, transparency, security levels, industry effects, and future trends.

Add to list

1 Lesons

59 minutes

On-Demand

Free-Video

OSV and the Life of an Open Source Vulnerability

Explore OSV's role in simplifying open source vulnerability management throughout the software development lifecycle, from database creation to guided remediation.

Add to list

1 Lesons

24 minutes

On-Demand

Free-Video

Learn Security with Me - Part 3

Explore cybersecurity fundamentals alongside OpenSSF's Community Manager in this interactive session, gaining practical insights and knowledge.

Add to list

1 Lesons

39 minutes

On-Demand

Free-Video

Learn Security with Me - Part 2

Explore cybersecurity fundamentals alongside OpenSSF's Community Manager in this interactive session, gaining practical insights and hands-on experience.

Add to list

1 Lesons

33 minutes

On-Demand

Free-Video

Learn Security Basics - Part 1

Explore security fundamentals with OpenSSF's Community Manager as she guides you through the initial stages of a comprehensive training program.

Add to list

12 Lesons

23 minutes

On-Demand

Free-Video

Mobilizing for the Open Source Security Mobilization Plan

Learn how OpenSSF's 10-point plan aims to improve open source software security and discover ways to contribute to this crucial initiative.

Add to list

1 Lesons

22 minutes

On-Demand

Free-Video

Trials, Tribulations and Triumphs - An End User's Perspective on Software Supply Chain Security

Explore enterprise challenges, initiatives, and future vision for open source software supply chain security from an end user perspective. Learn about threat mitigation strategies and collaborative efforts.

Add to list

1 Lesons

31 minutes

On-Demand

Free-Video

Secure Software Supply Chain Framework (S2C2F) Guide - OpenSSF SIG Meeting

Explore secure open source software consumption practices and improve your software supply chain integrity with the S2C2F guide.

Add to list

14 Lesons

48 minutes

On-Demand

Free-Video

DevSecCon

SLSA: Enhancing Software Supply Chain Security - More Than Just a Garnish for Your Pipelines

Explore SLSA principles for securing software supply chains. Learn threat models, security levels, and how to contribute to this OpenSSF project for enhanced DevSecOps processes.

Add to list

1 Lesons

50 minutes

On-Demand

Free-Video

DevSecCon

Securing Software Supply Chains Using the SLSA Framework

Implement SLSA framework to secure software supply chains. Learn practical, vendor-neutral examples for code, build process, provenance, and deployment to create a resilient software development lifecycle.

Add to list

1 Lesons

20 minutes

On-Demand

Free-Video

Conf42

Security Concerns in Every Stage of the Software Supply Chain

Explore security concerns throughout the software supply chain, from development to deployment. Learn strategies to mitigate risks and enhance overall security posture in DevOps practices.

Add to list

21 Lesons

36 minutes

On-Demand

Free-Video

Bridging Business and Open Source - Integrating Innovation and Community Contributions

Explore how Cybertrust Japan bridges open source and business, focusing on MIRACLE LINUX, AlmaLinux contributions, SBOM generation, and security enhancements through OpenSSF activities.

Add to list

1 Lesons

35 minutes

On-Demand

Free-Video

Improving the Security of a Large Open Source Project One Step at a Time

Explore Node.js security initiatives, from new features to vulnerability management. Learn to apply these insights to your development process and contribute to the Node.js community's security efforts.

Add to list

1 Lesons

48 minutes

On-Demand

Free-Video

How to Serve Open Source Maintainers Without Annoying Them

Discover best practices for reporting bugs to open source maintainers, including coordinated disclosure and effective communication, to improve acceptance rates and reduce friction.

Add to list

1 Lesons

37 minutes

On-Demand

Free-Video

Improving the Security of a Large Open Source Project One Step at a Time

Explore Node.js security initiatives, learn from real-world vulnerabilities, and discover how to contribute to the project's safety. Gain insights to enhance your own development process and ecosystem security.

Add to list

1 Lesons

47 minutes

On-Demand

Free-Video

Devoxx

AI Showdown - The Good, The Glitchy, and The Risky

Evaluating top AI frameworks for CI/CD integration, focusing on accuracy, security, coding practices, and compliance with emerging standards and legislation.

Add to list

1 Lesons

55 minutes

On-Demand

Free-Video

Trojan Model Hubs: Hacking the ML Supply Chain and Defending Against Model Serialization Attacks

Discover essential strategies for protecting ML systems from supply chain attacks, focusing on model scanning and cryptographic signing to defend against Model Serialization Attacks in public model hubs.

Add to list

1 Lesons

27 minutes

On-Demand

Free-Video

Solving Air-Gap Problems the Cloud Native Way with Zarf

Discover how to streamline Kubernetes deployments in air-gapped environments using Zarf, enabling efficient packaging and deployment of workloads while maintaining supply chain visibility through automated SBOM creation.

Add to list

1 Lesons

25 minutes

On-Demand

Free-Video

Meeting the OpenSSF Security Baseline with Minder

Discover how Minder platform helps monitor and ensure OpenSSF Security Baseline compliance across repositories, with practical demonstrations of automated security posture management.

Add to list

1 Lesons

24 minutes

On-Demand

Free-Video

The Current State of Software Bill of Materials (SBOMs) for End Users

Explore the challenges and opportunities of Software Bill of Materials (SBOMs), examining current implementation issues, regulatory requirements, and emerging solutions through OpenSSF projects like Protobom and bomctl.

Add to list

1 Lesons

29 minutes

On-Demand

Free-Video

Cloud Security Alliance

Trojan Model Hubs - Hacking the ML Supply Chain and Defending Against Security Threats

Discover essential security strategies for ML model hubs, focusing on detecting Model Serialization Attacks and implementing cryptographic signing to protect against compromised artifacts and system vulnerabilities.

Add to list

1 Lesons

26 minutes

On-Demand

Free-Video

Secure Coding Guide for Python

Learn secure coding practices for Python, focusing on CWE framework-based advice and executable examples to enhance open source project security and developer skills.

Add to list

1 Lesons

18 minutes

On-Demand

Free-Video

Protecting Kubernetes Resource Manifests in End-to-End Software Development Lifecycle

Secure Kubernetes manifests throughout the software development lifecycle. Learn about integrity protection, signing techniques, and end-to-end supply chain security.

Add to list

13 Lesons

14 minutes

On-Demand

Free-Video

Better Build Pipelines with OpenSSF Projects - Enhancing Trust and Security

Enhance build pipeline security using OpenSSF projects: cosign, SBOMs, and SLSA. Demonstrate kpack for container image building on Kubernetes, integrating signed images and SBOM generation.

Add to list

1 Lesons

14 minutes

On-Demand

Free-Video

The Journey of the Node.js Permission Model

Explore the creation of Node.js Permission Model, uncovering motivations, challenges, and solutions. Gain insights into this experimental security feature and its impact on the ecosystem.

Add to list

1 Lesons

15 minutes

On-Demand

Free-Video

Embrace the Differences: Securing Open Source Ecosystems Where They Are

Explore efforts to fix the libwebp vulnerability in Python packages, examining interactions between security standards and open source ecosystems.

Add to list

1 Lesons

18 minutes

On-Demand

Free-Video

Compiler Options Hardening for C and C++

Explore compiler options to enhance C/C++ program security. Learn about memory-safety issues, mitigation techniques, and the OpenSSF Compiler Options Hardening Guide for informed decision-making.

Add to list

1 Lesons

17 minutes

On-Demand

Free-Video

SBOMs Everywhere - Work in Progress and Challenges Ahead

Explore the progress and challenges of Software Bill of Materials (SBOMs) implementation across industries with insights from a leading expert in dependable embedded systems.

Add to list

1 Lesons

19 minutes

On-Demand

Free-Video

Securing Open Source Supply Chains: Challenges and Solutions

Explore the importance of securing open source supply chains through automation, best practices, education, and collaboration in data centers and consumer applications.

Add to list

1 Lesons

21 minutes

On-Demand

Free-Video

What's New in the World of SBOMs?

Explore recent developments in Software Bill of Materials (SBOMs) with industry experts, discussing advancements, challenges, and best practices in software supply chain security.

Add to list

1 Lesons

29 minutes

On-Demand

Free-Video

We Make Python Safer Than Ever

Explore efforts to enhance Python's security, including PyPI audits, improved practices, and community involvement. Learn about challenges, progress, and future plans for a safer ecosystem.

Add to list

1 Lesons

24 minutes

On-Demand

Free-Video

PyCon US

Making Python Safer Than Ever

Explore Python ecosystem security improvements, best practices for library maintainers and users, and PSF's efforts to enhance safety in the open-source supply chain.

Add to list

1 Lesons

29 minutes

On-Demand

Free-Video

EuroPython Conference

Best Practices for Securely Consuming Open Source in Python

Explore secure open-source consumption in Python using the S2C2F framework. Learn practical strategies for dependency management, artifact handling, and automated security updates.

Add to list

1 Lesons

33 minutes

On-Demand

Free-Video

Analysis of and Lessons from the Xz-Utils Vulnerability - What Might Come Next

Delve into the technical analysis of the xz-utils vulnerability incident, exploring the combined attack techniques, social engineering aspects, and future implications for open-source software security.

Add to list

1 Lesons

40 minutes

On-Demand

Free-Video

Helping the PyTorch Community Improve the Security Posture of this Popular AI Framework

Discover how to enhance PyTorch's security through OpenSSF Best Practices, dependency management, and proactive measures for safer AI framework implementation and neural network development.

Add to list

1 Lesons

41 minutes

On-Demand

Free-Video

C/C++ Compiler Options Best Practices - February 15, 2023

Explore best practices for C/C++ compiler options to enhance code security and performance. Learn optimization techniques and defensive programming strategies.

Add to list

1 Lesons

58 minutes

On-Demand

Free-Video

C/C++ Compiler Options Best Practices - March 29, 2023

Discover best practices for C/C++ compiler options to enhance code security and performance. Learn optimization techniques and defensive programming strategies.

Add to list

1 Lesons

58 minutes

On-Demand

Free-Video

PyCon US

Making Python Safer Than Ever

Explore Python ecosystem security efforts, best practices for library maintainers and users, and PSF's initiatives to enhance safety in the open-source supply chain.

Add to list

1 Lesons

30 minutes

On-Demand

Free-Video

Developing a Secure, Open Future

Explore OpenSSF's initiatives to enhance open source security through developer-focused tools, documentation, and expert guidance for improved coding practices and supply chain security.

Add to list

1 Lesons

42 minutes

On-Demand

Free-Video

OSS Supply Chain Threats and Why You Need a Holistic Security Strategy

Analyze 13 real-world threats to open source components and learn how to mitigate risks using the OpenSSF's Secure Supply Chain Consumption Framework for a holistic security strategy.

Add to list

1 Lesons

51 minutes

On-Demand

Free-Video

C/C++ Compiler Options Best Practices

Discover best practices for C/C++ compiler options to enhance code security and performance. Gain insights into optimizing your compilation process.

Add to list

1 Lesons

1 hour 3 minutes

On-Demand

Free-Video

C/C++ Compiler Options Best Practices - March 15, 2023

Explore best practices for C/C++ compiler options to enhance code security and performance. Learn optimization techniques and defensive programming strategies.

Add to list

1 Lesons

1 hour 1 minute

On-Demand

Free-Video

C/C++ Compiler Options Best Practices - March 1, 2023

Explore best practices for C/C++ compiler options to enhance code security and performance. Learn optimization techniques and defensive programming strategies.

Add to list

1 Lesons

1 hour 1 minute

On-Demand

Free-Video

C/C++ Compiler Options Best Practices

Explore best practices for C/C++ compiler options to enhance code security and performance. Learn optimization techniques and defensive programming strategies.

Add to list

1 Lesons

1 hour 12 minutes

On-Demand

Free-Video

C/C++ Compiler Options Best Practices

Explore best practices for C/C++ compiler options to enhance code security and performance. Learn optimization techniques and defensive programming strategies.

Add to list

1 Lesons

1 hour 3 minutes

On-Demand

Free-Video

CNCF [Cloud Native Computing Foundation]

Secure by Design CI/CD: Practical Insights for Pipeline Security

Discover practical strategies for securing CI/CD pipelines through real-world insights from Adobe and Autodesk, featuring reference architectures, security controls, and implementation of CNOE stacks for cloud-native excellence.

Add to list

1 Lesons

43 minutes

On-Demand

Free-Video

LF Networking

Efficiently Delivering Open Source Code with OpenSSF Gold-Standard Quality Measurements Using Groovy-Spock

Discover how to achieve OpenSSF Gold Standard certification using Groovy-Spock framework for efficient unit testing and quality assurance in open source software development.

Add to list

14 Lesons

52 minutes

On-Demand

Free-Video

Forging the Future of a More Secure AI - How CoSAI Intends to Help