Skip to main content

Unlock the Keys to Improved Software Security

May 20, 2024Announcements

By David A. Wheeler

This post summarizes key steps that software developers can take to improve software security. It is a text version of a talk given at Open Source Summit North America (OSS NA) 2024.

Software is under attack. Attackers are looking for vulnerabilities to exploit, and today that does not mean only directly exploiting unintentional vulnerabilities in production software. Attackers are also trying to divert software developers to the wrong software via typosquatting & dependency confusion attacks. Attackers are trying to take over developer accounts, and sometimes they even play long cons to try to gain trust and insert malicious code into software as authorized maintainers (as exemplified by the recently-discovered attack on xz). Unfortunately, this includes open source software (OSS) Supply chain attacks on OSS are increasing. It’s not just OSS; as the attack on SolarWinds’ Orion software revealed, attackers are also attacking the supply chains of closed source software.

So if you develop software, you must develop and release it to resist attack. You must also take reasonable precautions when bringing in software from the outside (whether or not it’s OSS). The good news is that the Open Source Security Foundation (OpenSSF) has materials to help you do that! In this post I’ll particularly focus on key points from two OpenSSF guides, which then point to other materials:

First, when developing software, here are a few key points:

Read the full post


Thank you for your interest in Linux Foundation training and certification. We think we can better serve you from our China Training site. To access this site please click below.

感谢您对Linux Foundation培训的关注。为了更好地为您服务,我们将您重定向到中国培训网站。 我们期待帮助您实现在中国区内所有类型的开源培训目标。