Announcement Blog Post: Create blog post on openssf.org announcing The Great MFA Project and important details related to it #8
Comments
|
Blog Content: Supply chain integrity is more important and prescient than ever. Supply chain attacks have increased at rates that parallel the explosive growth of open source software development techniques and code. The OpenSSF was formed in 2020 from a broad coalition of industry and open source security experts focusing on different aspects of improving the overall quality and security of OSS through deep collaboration with communities. As the foundation grows and evolves, so does the scope of projects the group collaborates on. The OpenSSF’s Great MFA Distribution Project is one of several active projects focused on securing OSS. Through the use of MFA tokens a developer, contributor, or maintainer on an OSS project can add extra assurance of their identity as they engage with code and tooling within their projects instead of just using a username/password combination. For example, these tokens will eliminate the problem of attackers using stolen passwords to “take over” OSS developer accounts to release subverted source code or packages. This helps improve the trustworthiness of this software for downstream consumers, strengthening the chain of custody and trustworthiness. The Great MFA Distribution project has begun reaching out to a list of identified critical OSS projects and distribution of tokens will be underway during December. The MFA Distribution project offers no-charge hardware tokens to OSS project developers and maintainers along with simple documentation on how these tools can be integrated into daily development activities. Details on the project can be found in the Great MFA DIstribution project repository. |
|
We have a draft post, it's in process to get out. Ideally it would have been posted before we contact the projects, but that didn't happen :-). |
No description provided.
The text was updated successfully, but these errors were encountered: