Just shipped a new newsletter to my GitHub Sponsors! 🎁

This one includes my latest talk, secure publishing research, #Expressjs updates, #OSSF #Scorecard improvements, and a bunch of ecosystem news.

It will be public soon, but you can read it early and support my OSS work here:
https://github.com/sponsors/UlisesGascon

https://github.com/ossf/scorecard-webapp

written in #golang

#ossf #openssf #opensourcesecurityfoundation

🚀 Recent #Lodash updates focus on stronger #CI & #security posture!

✅ CI support expanded (Node 4 → 25)

🌐 New browser tests via #Playwright

📝 Docs now have dedicated CI

🔒 Added #OpenJS #CNA escalation policy

📊 Reporting #OSSF #Scorecard

🧯 New Incident Response Plan (#IRP)

🧠 Threat Model inspired by #Express & #Webpack

More details: https://blog.ulisesgascon.com/the-future-of-lodash

🔒 Stalwart joins GitHub's Open Source Secure Fund! Learn how the program is helping us strengthen our defenses and improve performance at https://stalw.art/blog/github-ossf #GitHub #OSSF #security

I am very proud to announce that the #OSSF #Scorecard Monitor tool that I created, it will be part of the @openssf as I donated the project.

I will continue working on it, so be ready for the next release!

More details about the journey: https://github.com/ossf/scorecard-monitor/issues/79

Yes! I am very proud to announce that the #OSSF #Scorecard Monitor tool that I created, it will be part of the @openssf as I donated the project.

I will continue working on it, so be ready for the next release!

More info: https://github.com/marketplace/actions/openssf-scorecard-monitor

A big positive shout out to the #OSSF https://openssf.org/ for their fantastic guide on compiler security options. If you compile code please read!

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html

#clang #c #compiler #programming

npm Best Practices Guide by #OSSF - #cybersecurity #howto #research #cyberdefense #devsecops https://github.com/ossf/package-manager-best-practices/blob/main/published/npm.md#readme

Guide to implementing a coordinated vulnerability disclosure process for open source projects - #openssf #ossf #security #vulnerabilty #cybersecurity https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md#readme

npm Best Practices Guide by #OSSF - #cybersecurity #howto #research #cyberdefense #devsecops https://github.com/ossf/package-manager-best-practices/blob/main/published/npm.md#readme

Concise Guide for Developing More Secure Software - #ossf #cybersecurity #softwaredevelopment #guideline #howto #openssf https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Concise-Guide-for-Developing-More-Secure-Software.md#readme