| CARVIEW |
Select Language
HTTP/2 301
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: max-age=3600
content-security-policy: default-src 'none'; script-src 'nonce-62696a4c48' 'strict-dynamic';script-src-elem 'self' 'nonce-62696a4c48' *.hsforms.net *.hs-scripts.com *.googletagmanager.com *.google.com *.osano.com *.hubspot.com *.hsadspixel.net *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.facebook.net js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com schedule.zoominfo.com api.schedule.zoominfo.com *.buzzsprout.com snap.licdn.com *.google-analytics.com *.hs-analytics.net *.usemessages.com googleads.g.doubleclick.net js-agent.newrelic.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.js;style-src 'unsafe-inline' 'self' *.fontawesome.com fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.osano.com https://cdn.jsdelivr.net/jquery.slick/1.3.15/slick.css; object-src 'self' *.osano.com; base-uri 'self'; connect-src 'self' api-gw.platform.linuxfoundation.org js.zi-scripts.com *.hsforms.com *.hscollectedforms.net analytics.google.com *.google-analytics.com *.hubspot.com *.doubleclick.net *.hubapi.com *.linkedin.com *.osano.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com api.schedule.zoominfo.com *.googleadservices.com www.googletagmanager.com *.google.com js-agent.newrelic.com; font-src 'self' data: *.fontawesome.com fonts.gstatic.com; frame-src 'self' *.osano.com *.hsforms.com *.youtube.com *.google.com *.openssf.org *.landscape2.io *.buzzsprout.com aorta.clickagy.com hemsync.clickagy.com *.doubleclick.net zoom-lfx.platform.linuxfoundation.org; img-src 'self' data: *.buzzsprout.com *.hsforms.com *.hubspot.com *.hubspot.net *.linkedin.com *.ads.linkedin.com secure.gravatar.com *.w.org *.google.com *.google-analytics.com *.facebook.com *.linuxfoundation.org https://googletagmanager.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.amazonaws.com;manifest-src 'self'; media-src 'self'; worker-src blob: *.osano.com; frame-ancestors 'self'; form-action 'self' *.hsforms.com;
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none; report-to='default'
cross-origin-embedder-policy-report-only: unsafe-none; report-to='default'
cross-origin-opener-policy: unsafe-none
cross-origin-opener-policy-report-only: unsafe-none; report-to='default'
cross-origin-resource-policy: cross-origin
expires: Fri, 26 Dec 2025 05:47:38 GMT
location: https://openssf.org/case-studies/
permissions-policy: browsing-topics=(), accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-security-policy: default-src 'self'; img-src *; media-src * data:;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe3-a-779bbcb77d-gsmqf
x-permitted-cross-domain-policies: none
x-redirect-by: WordPress
x-styx-req-id: 0148bdf8-e216-11f0-8279-126e1b8b63dc
x-xss-protection: 1; mode=block
age: 0
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 26 Dec 2025 04:47:39 GMT
x-served-by: cache-chi-kigq8000175-CHI, cache-bom-vanm7210095-BOM, cache-bom-vanm7210054-BOM, cache-bom-vanm7210054-BOM
x-cache: MISS, MISS, MISS, MISS
x-cache-hits: 0, 0, 0, 0
x-timer: S1766724459.600165,VS0,VE599
vary: Cookie, Cookie
content-length: 0
HTTP/2 200
access-control-allow-headers: Content-Type, Authorization
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=43200, stale-while-revalidate=86400, stale-if-error=604800
content-encoding: gzip
content-security-policy: default-src 'none'; script-src 'nonce-d892ca40f4' 'strict-dynamic';script-src-elem 'self' 'nonce-d892ca40f4' *.hsforms.net *.hs-scripts.com *.googletagmanager.com *.google.com *.osano.com *.hubspot.com *.hsadspixel.net *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.facebook.net js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com schedule.zoominfo.com api.schedule.zoominfo.com *.buzzsprout.com snap.licdn.com *.google-analytics.com *.hs-analytics.net *.usemessages.com googleads.g.doubleclick.net js-agent.newrelic.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.9.0/slick.js;style-src 'unsafe-inline' 'self' *.fontawesome.com fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.osano.com https://cdn.jsdelivr.net/jquery.slick/1.3.15/slick.css; object-src 'self' *.osano.com; base-uri 'self'; connect-src 'self' api-gw.platform.linuxfoundation.org js.zi-scripts.com *.hsforms.com *.hscollectedforms.net analytics.google.com *.google-analytics.com *.hubspot.com *.doubleclick.net *.hubapi.com *.linkedin.com *.osano.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com api.schedule.zoominfo.com *.googleadservices.com www.googletagmanager.com *.google.com js-agent.newrelic.com; font-src 'self' data: *.fontawesome.com fonts.gstatic.com; frame-src 'self' *.osano.com *.hsforms.com *.youtube.com *.google.com *.openssf.org *.landscape2.io *.buzzsprout.com aorta.clickagy.com hemsync.clickagy.com *.doubleclick.net zoom-lfx.platform.linuxfoundation.org; img-src 'self' data: *.buzzsprout.com *.hsforms.com *.hubspot.com *.hubspot.net *.linkedin.com *.ads.linkedin.com secure.gravatar.com *.w.org *.google.com *.google-analytics.com *.facebook.com *.linuxfoundation.org https://googletagmanager.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.amazonaws.com;manifest-src 'self'; media-src 'self'; worker-src blob: *.osano.com; frame-ancestors 'self'; form-action 'self' *.hsforms.com;
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none; report-to='default'
cross-origin-embedder-policy-report-only: unsafe-none; report-to='default'
cross-origin-opener-policy: unsafe-none
cross-origin-opener-policy-report-only: unsafe-none; report-to='default'
cross-origin-resource-policy: cross-origin
link: ; rel="alternate"; title="JSON"; type="application/json"
link: ; rel=shortlink
permissions-policy: browsing-topics=(), accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-security-policy: default-src 'self'; img-src *; media-src * data:;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe3-b-576d655bff-rgncp
x-permitted-cross-domain-policies: none
x-styx-req-id: ca77b0ee-e1d8-11f0-82ad-f6df14fdaf4a
x-tec-api-origin: https://openssf.org
x-tec-api-root: https://openssf.org/wp-json/tribe/events/v1/
x-tec-api-version: v1
x-xss-protection: 1; mode=block
age: 26291
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
date: Fri, 26 Dec 2025 04:47:39 GMT
x-served-by: cache-chi-klot8100069-CHI, cache-bom-vanm7210062-BOM, cache-bom-vanm7210054-BOM, cache-bom-vanm7210054-BOM
x-cache: HIT, MISS, MISS, MISS
x-cache-hits: 8, 0, 0, 0
x-timer: S1766724459.213309,VS0,VE272
vary: Accept-Encoding, Cookie, Cookie
content-length: 28101
Case Studies – Open Source Security Foundation
Case Studies
Aug 14, 2025
Case Study: How LFX Insights and OSPS Baseline Validated GUAC’s Security in Under an Hour
Tools: GUAC, OSPS Baseline, LFX Insights Challenge: Demonstrating strong security posture quickly and credibly to stakeholders Solution: Leveraging Linux Foundation Insights (LFX Insights) and the Open Source Security Foundation (OpenSSF) Open Source Project Security Baseline (OSPS Baseline) for instant, standards-aligned validation Result: Saved significant time in verifying security practices, completing… Read more.
Jul 23, 2025
Case Study: Google Secures Machine Learning Models with sigstore
As machine learning (ML) evolves at lightning speed, so do the threats. The rise of large models like LLMs has accelerated innovation—but also introduced serious vulnerabilities. Data poisoning, model tampering, and unverifiable origins are not theoretical—they’re real risks that impact the entire ML supply chain. Read more.
Jun 13, 2025
Case Study: OSTIF Improves Security Posture of Critical Open Source Projects Through OpenSSF Membership
Organization: Open Source Technology Improvement Fund, Inc. (OSTIF) Contributor: Amir Montazery, Managing Director Website: ostif.org Problem Critical open source software (OSS) projects—especially those that are long-standing and widely adopted—often lack the resources and systematic support needed to regularly review and improve their security posture. Many of these projects are maintained… Read more.
May 15, 2025
Case Study: Ericsson’s C/C++ Compiler Options Hardening Guide and OpenSSF Collaboration
Ericsson, a global leader in telecommunications and networking, has been deeply engaged in open source and software security for over a decade. Through its Open Source Program Office (OSPO), Ericsson coordinates its participation across multiple foundations and initiatives, including the Open Source Security Foundation (OpenSSF). This case study highlights Ericsson's… Read more.
Oct 24, 2024
Case Study: Kusari’s Implementation of OpenSSF Tools and Services
Challenge For many years, the software supply chain has suffered from a lack of transparency and inefficient, unsustainable security management methods such as spreadsheets, emails, and word of mouth. The severity of these challenges was highlighted during incidents like Log4Shell, where the limitations of these approaches became evident — organizations… Read more.
Aug 27, 2024
Innovative Supply Chain Security for Enterprise Cloud Platform Service
This blog explores how Guidewire Cloud Platform is using and collaborating with GUAC. Read more.
Jun 4, 2024
OpenSSF Case Study: Enhancing Open Source Security with Sigstore at Stacklok
Stacklok was founded in 2023 by Craig McLuckie (co-creator of Kubernetes) and Luke Hinds (creator of the OpenSSF project Sigstore), with the goal of helping developers produce and consume open source software more safely. Read more.
May 24, 2024
Introducing Artifact Attestations—Now in Public Beta
There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to their source code and build instructions. And with more than 100 million developers building on GitHub, we want to ensure that developers have the tools needed to help… Read more.
Mar 25, 2024
How Intel Uses OpenSSF Scorecard To Better Secure Its Software Portfolio
Scorecard is an automated tool from the OpenSSF that assesses 19 different vectors with heuristics ("checks") associated with important software security aspects and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your… Read more.
Feb 16, 2024
Scaling Up Supply Chain Security: Implementing Sigstore for Seamless Container Image Signing
In this post, we will explore how Yahoo leverages Sigstore, in concert with Athenz, an open source platform for managing X.509 certificates, as an internal Certificate Authority, to sign and verify container images. Read more.
“Microsoft worked with partners to establish the OpenSSF to ensure the open source communities we collectively build, support, and depend upon have the best tools, infrastructure, and experience to be as secure as possible. We are proud to continue investing in that mission’s success.
Mark RussinovichAzure CTO and Technical Fellow at Microsoft
“As a longstanding member of the open source community, Intel strongly supports organizations like OpenSSF that inspire and enable the creation of more innovative solutions that secure the open source software we all depend on. Our contributions, along with other members of the open source ecosystem, help OpenSSF continue to break down barriers of security for all.
Arun GuptaVice President and General Manager for Open Ecosystem at Intel Corporation and OpenSSF Governing Board Chair
“NYU Tandon is working with OpenSSF to improve open source security. OpenSSF's mission of securing the software supply chain is one of the key security issues of our time. We are proud to help the OpenSSF shape a more secure future, while training the next generation of cybersecurity professionals.
Justin CapposAssociate Professor, Tandon Computer Science and Engineering Department at New York University
“Open source software security is a top priority for AWS. That’s why we are deeply invested in multiple initiatives, including OpenSSF, to provide open source communities with the financial support, expertise, and resources they need to enhance the security of the software that we all rely on.
Mark RylandDirector, Amazon Security at Amazon Web Services (AWS)
“The OpenSSF plays a vital role in strengthening the security posture of open source software by bringing together open source developers and the industry to jointly create tools and methods for secure open source software development. Ericsson is a proud and committed supporter of the OpenSSF’s mission.
Per BemingHead of Standard and Industry Initiatives, Ericsson
“OpenSSF’s support, collaboration, and resources enable us to move forward confidently, ensuring that our innovations not only push boundaries but also uphold strong security standards. As a contributing OpenSSF member, we reinforce Intel’s dedication to advancing open source software security and creating trusted open solutions for the future.
Katherine DruckmanOpen Source Security Evangelist, Intel Corporation
We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.
Get Involved
Subscribe to the OpenSSF Newsletter!
Get the latest announcements, event info, and the community news in your inbox
Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.