Ulises GasconDec 3

Just shipped a new newsletter to my GitHub Sponsors! 🎁

This one includes my latest talk, secure publishing research, #Expressjs updates, #OSSF #Scorecard improvements, and a bunch of ecosystem news.

It will be public soon, but you can read it early and support my OSS work here:
https://github.com/sponsors/UlisesGascon

Mert ŞişmanoğluNov 14

https://github.com/ossf/scorecard-webapp

written in #golang

#ossf #openssf #opensourcesecurityfoundation

ossf/scorecard-webapp

Website and API for OpenSSF Scorecard. Contribute to ossf/scorecard-webapp development by creating an account on GitHub.

GitHub
Ulises GasconOct 27

🚀 Recent #Lodash updates focus on stronger #CI & #security posture!

✅ CI support expanded (Node 4 → 25)

🌐 New browser tests via #Playwright

📝 Docs now have dedicated CI

🔒 Added #OpenJS #CNA escalation policy

📊 Reporting #OSSF #Scorecard

🧯 New Incident Response Plan (#IRP)

🧠 Threat Model inspired by #Express & #Webpack

More details: https://blog.ulisesgascon.com/the-future-of-lodash

The Future of Lodash

Lodash begins a new stage with a more collaborative and sustainable model. This post outlines the plan to simplify its maintenance, strengthen security, and ensure its key role in the JavaScript ecosystem for the coming years.

Stalwart LabsAug 11, 2025
🔒 Stalwart joins GitHub's Open Source Secure Fund! Learn how the program is helping us strengthen our defenses and improve performance at https://stalw.art/blog/github-ossf #GitHub #OSSF #security
Stalwart Joins GitHub's Open Source Secure Fund | Stalwart Labs

We're excited to announce that Stalwart has been selected to participate in Session 2 of GitHub's Open Source Secure Fund (OSSF), a prestigious program designed to enhance security across the open source ecosystem. This recognition represents not only an acknowledgment of Stalwart's growing importance in the email infrastructure space but also our commitment to maintaining the highest security standards.

Ulises GasconJun 10, 2024

I am very proud to announce that the #OSSF #Scorecard Monitor tool that I created, it will be part of the @openssf as I donated the project.

I will continue working on it, so be ready for the next release!

More details about the journey: https://github.com/ossf/scorecard-monitor/issues/79

BREAKING NEWS: The scorecard Monitor is part of the OSSF Organization! :partying_face: · Issue #79 · ossf/scorecard-monitor

TL;DR: I am very glad to announce that this repository is now part of the OSSF Organization, so the Scorecard Visualizer is now an official tool in the OSSF Scorecard ecosystem. 🎊 🎊 Important Detai...

GitHub
Show threadUlises GasconJun 4, 2024

Yes! I am very proud to announce that the #OSSF #Scorecard Monitor tool that I created, it will be part of the @openssf as I donated the project.

I will continue working on it, so be ready for the next release!

More info: https://github.com/marketplace/actions/openssf-scorecard-monitor

OpenSSF Scorecard Monitor - GitHub Marketplace

Monitor OpenSSF Scorecard evolution over time

GitHub
Jeff MossMay 26, 2024

A big positive shout out to the #OSSF https://openssf.org/ for their fantastic guide on compiler security options. If you compile code please read!

https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html

#clang #c #compiler #programming

Open Source Security Foundation – Linux Foundation Projects

Sven RuppertMar 26, 2023
npm Best Practices Guide by #OSSF - #cybersecurity #howto #research #cyberdefense #devsecops https://github.com/ossf/package-manager-best-practices/blob/main/published/npm.md#readme
package-manager-best-practices/npm.md at main · ossf/package-manager-best-practices

Collection of security best practices for package managers. - package-manager-best-practices/npm.md at main · ossf/package-manager-best-practices

GitHub
Sven RuppertFeb 21, 2023
Guide to implementing a coordinated vulnerability disclosure process for open source projects - #openssf #ossf #security #vulnerabilty #cybersecurity https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md#readme
oss-vulnerability-guide/maintainer-guide.md at main · ossf/oss-vulnerability-guide

A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disclosure notifications. - oss-vulnerability-guide/maintainer-g...

GitHub
Sven RuppertFeb 20, 2023
npm Best Practices Guide by #OSSF - #cybersecurity #howto #research #cyberdefense #devsecops https://github.com/ossf/package-manager-best-practices/blob/main/published/npm.md#readme
package-manager-best-practices/npm.md at main · ossf/package-manager-best-practices

Collection of security best practices for package managers. - package-manager-best-practices/npm.md at main · ossf/package-manager-best-practices

GitHub