Report a Security Vulnerability
Find the latest guidance on how to report vulnerabilities to LF projects and foundations, or with respect to Linux Foundation infrastructure (as a whole), or the main LF website.
Avoiding Social Engineering Takeovers
Read the alert for social engineering takeovers of open source projects to better recognize emerging threat patterns.
Discover the Linux Foundation projects and resources that accelerate open source software security
Alpha-Omega’s mission is to catalyze sustainable security improvements to the world’s most critical open source projects and ecosystem by funding highly-leveraged, shovel-ready security work.
(Cloud Audits +)
Protecting data in use by performing computation in a hardware-based, attested Trusted Execution Environment, increasing the security assurances for organizations that manage sensitive and regulated data.
(Secure Data in Use)
The Linux Kernel has a policy to fix known bugs as soon as possible and get releases out to users quickly. The project is a CVE Numbering Authority (CNA).
Learners from around the world gain marketable open source skills as well as sought-after, verifiable certifications, including in the important area of security.
(Skills)
LF Events are the meeting place of choice for open source maintainers, developers, architects, and leaders. Discover upcoming events with a security focus, including CloudNativeSecurityCon, and SOSS.
(Community)
Linux Foundation Research publishes empirical insights into open source trends and readiness across industries and within technology domains, including reports specific to supply chain security.
(Open Content)
LFX provides a clear view into security for project stakeholders through automated scans and fix recommendations, enabling developers to identify and resolve vulnerabilities quickly.
(Contextual Project Security Data)
OpenChain provides security assurance programs, process management standards, reference material, a focused community and international partners to build a trusted software supply chain. It is the home of ISO/IEC 5230 and ISO/IEC 18974.
(Security Assurance Standards)
OpenSSF makes it easier to securely and sustainably develop, maintain, and consume the open source software we all depend on by fostering collaboration, defining best practices, and developing innovative solutions.
(Multi-Stakeholder Security)
The Post-Quantum Cryptography Alliance develops and advances the adoption of cryptographic solutions resistant to quantum attacks, ensuring the security and integrity of communications and data in this post-quantum era.
(Quantum Security)
A freely available international open standard for Software Bill of Materials (SBOMs), communicating release information such as name, version, components, licenses, copyrights, superset profiles, and security references.
(Software Bill of Materials)
Explore industry-focused projects requiring specialized security standards and practices for regulatory compliance
FINOS accelerate innovation in financial services through open source, standards, and data. To enable open collaboration in this highly regulated industry, FINOS provides an Open Source Readiness training/certification and ongoing security scanning for its projects.
The security of the global power grid is of the utmost importance. LF Energy provides resources to ensure open source tools for interoperability and reliability of power grids and energy systems generally are built securely.
LF Networking projects provide the building blocks for modern communications networks. Securely developing these projects to prevent serious security breaches is an important measure for hardening the critical infrastructure globally.
