Join Sonatype's Brian Fox, Ilkka Turunen, and OpenSSF's Christopher "CRob" Robinson for a live discussion exploring the risks of over-reliance on #CVEs and how to build a resilient, diversified security strategy.
📅 April 22 | 🕘 9:00 AM ET
SecurityCRob
SecurityCRob boosted:
Open source projects are adapting to CRA requirements—and the journey is already underway.
Civil Infrastructure Platform, Zephyr, and Yocto are setting examples.
The latest blog from the Linux Foundation shares how security best practices are being built in.
🔗 https://www.linuxfoundation.org/blog/pathways-to-cybersecurity-best-practices-in-open-source-how-three-linux-foundation-projects-are-leading-the-way-in-cra-compliance
#OpenSource #Cybersecurity #CRA #LinuxFoundation
@Sempf about 25xp
SecurityCRob boosted:
How many XP do I get toward being an old technomancer for realizing that I just trimmed a rogue hair in my beard with wirecutters.
SecurityCRob boosted:
Out of beta and in full release
https://medium.com/pragmatic-programmers/business-success-with-open-source-f3de286aac2b
by VM (Vicky) Brasseur, a leading expert on open source strategy, helping businesses navigate transformation, reduce risk, revealing how FOSS can be a powerful strategic asset, not just a technical concern.
SecurityCRob boosted:
🔐 #OpenSSF is sponsoring #VulnCon 2025, happening April 7-10 at the McKimmon Center in Raleigh, NC!
Join the community! Virtual admission through April 4: https://www.first.org/conference/vulncon2025/
SecurityCRob boosted:
My job is just alternating between "I have no new talks and everyone will soon forget who I am and what I do" and "Oh god I have agreed to do too many talks. How am I going to write all of this?" until the heat death of the universe.
SecurityCRob boosted:
The worst part about going to a conference is the way my todo list expands afterwards.
@sternecker much love as you embark on your new adventure, my friend
@torgo in celebration we shall hold a waffle party for you!
@megazone yum
SecurityCRob boosted:
🌍🔒 The Linux Foundation Europe and #OpenSSF communities are teaming up to help open source maintainers, manufacturers, and stewards navigate the EU Cyber Resilience Act (#CRA) and global cybersecurity regulations.
SecurityCRob boosted:
2024 was a big year for #GUAC. Read the highlights in the year-in-review post: https://guac.sh/blog/2025-01-31-2024_in_review/
@bagder @QuincePie This is all very valid and valuable feedback, thank you Daniel. There is value in the project thinking more about the value proposition for Maintainers and Consumers, since these groups have very different perspectives and needs. Like everything with a score, the value is in the eyes of the individual doing the assessment, and providing viewers context around how that score was derived and why it is included in the evaluation is needed for that "grain of salt" to round out the story.
SecurityCRob boosted:
🎧 CRob and Michael Winser discuss #AlphaOmega’s work improving open source security on he latest What’s in the SOSS? Podcast. From building trust to tackling vulnerabilities, this episode is packed with insights.
SecurityCRob boosted:
📖 CRA 101: In Part 1, we gave an overview of the Cyber Resilience Act & OpenSSF’s current activities. In Part 2, we dive into the three-year implementation timeline and what's next.
Read the blog: https://openssf.org/blog/2024/12/11/understanding-the-cra-openssfs-role-in-the-cyber-resilience-act-implementation-part-2/
SecurityCRob boosted:
🔊 In Ep. #22 of What’s in the SOSS?, CRob talks with Tara Tarakiyee from the Sovereign Tech Agency on funding critical #opensource projects and breaking the cycle of reactive security. 🎙️
Soooo…. I guess I’ll start my weekend early today.
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst