OpenSSF = Open Source Security Foundation. According to OpenSSF.org, an introduction by itself is

The OpenSSF is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. 

file

Reports

Training

Free Course via LF Training & Certification

  • Developing Secure Software” (LFD121)

    The “Developing Secure Software” (LFD121) course is available on the Linux Foundation Training & Certification platform. It focuses on the fundamentals of developing secure software. Both the course and certificate of completion are free. It is entirely online, takes about 14-18 hours to complete, and you can go at your own pace. Those who complete the course and pass the final exam will earn a certificate of completion valid for two years.

    I think this free course can be used in training employees the an IT company.

  • Course Content Repository The course content repository on GitHub

News

Guides

Blog

Members

Many Chinese companies are members of OpenSSF. For example, Huawei,Alibaba Cloud, Tencent, VicOne, WINGTECHER, AMD-Xilinx, ZTE etc.

On the other hand, Cybozu may be the only one member of Japanese companies? I found the following news-press that indicates cybozu has joined the OpenSSF since 2022.08.31. サイボウズ、OpenSSF (Open Source Security Foundation) に加盟

I hope more Japanese companies can join OpenSSF too.

Summary

OpenSSF is a valuable website for open source security. But I don’t think its well-known in Japan. I just found out about this site today. I am very interested in the reports I mentioned above, which are The Open Source Software Security Mobilization Plan and The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness

I hope you can check it out too.