OpenSSF
@openssf.org
Open Source Security Foundation (OpenSSF)
Together, we're securing the open source ecosystem
http://openssf.org
#OSSSecurity #OpenSSFCommunity
Together, we're securing the open source ecosystem
http://openssf.org
#OSSSecurity #OpenSSFCommunity
“Open source provides inputs, not regulated products.” 🧩
Madalin explains why #CRA upstream self-attestation risks shifting responsibility to maintainers, and why automation, machine-readable metadata, and downstream accountability scale better.
Read the blog: openssf.org/blog/2026/01...
Madalin explains why #CRA upstream self-attestation risks shifting responsibility to maintainers, and why automation, machine-readable metadata, and downstream accountability scale better.
Read the blog: openssf.org/blog/2026/01...
January 21, 2026 at 4:31 PM
“Open source provides inputs, not regulated products.” 🧩
Madalin explains why #CRA upstream self-attestation risks shifting responsibility to maintainers, and why automation, machine-readable metadata, and downstream accountability scale better.
Read the blog: openssf.org/blog/2026/01...
Madalin explains why #CRA upstream self-attestation risks shifting responsibility to maintainers, and why automation, machine-readable metadata, and downstream accountability scale better.
Read the blog: openssf.org/blog/2026/01...
🎉 OpenSSF’s 2026 Themes are here, and so is Honk’s 2026 Vision Board, inspired by our new blog post that outlines the community roadmap for securing the future of open source!
Read the blog & see how themes align with our 2026 priorities: openssf.org/blog/2026/01...
#OSSSecurity
Read the blog & see how themes align with our 2026 priorities: openssf.org/blog/2026/01...
#OSSSecurity
January 15, 2026 at 9:33 PM
🎉 OpenSSF’s 2026 Themes are here, and so is Honk’s 2026 Vision Board, inspired by our new blog post that outlines the community roadmap for securing the future of open source!
Read the blog & see how themes align with our 2026 priorities: openssf.org/blog/2026/01...
#OSSSecurity
Read the blog & see how themes align with our 2026 priorities: openssf.org/blog/2026/01...
#OSSSecurity
🚨 CFP is open for #OpenSSFCommunity Day North America, and we want to hear from YOU!!
This is a community conference focused on sharing what’s working, what’s hard, and what others can learn.
🗓️ CFP closes: February 15
👉 Submit your proposal: events.linuxfoundation.org/openssf-comm...
This is a community conference focused on sharing what’s working, what’s hard, and what others can learn.
🗓️ CFP closes: February 15
👉 Submit your proposal: events.linuxfoundation.org/openssf-comm...
Call For Proposals (CFP) | LF Events
OpenSSF Community Days bring together a vibrant community from across the Security and Open Source ecosystems to share ideas and progress on capabilities that make it easier to sustainably secure the…
events.linuxfoundation.org
January 15, 2026 at 5:29 PM
🚨 CFP is open for #OpenSSFCommunity Day North America, and we want to hear from YOU!!
This is a community conference focused on sharing what’s working, what’s hard, and what others can learn.
🗓️ CFP closes: February 15
👉 Submit your proposal: events.linuxfoundation.org/openssf-comm...
This is a community conference focused on sharing what’s working, what’s hard, and what others can learn.
🗓️ CFP closes: February 15
👉 Submit your proposal: events.linuxfoundation.org/openssf-comm...
ICYMI: The latest What’s in the SOSS? #podcast celebrates OpenSSF’s 5-year anniversary and recaps a huge year for open source security.
🎧 Listen here: openssf.org/podcast/2025...
🎧 Listen here: openssf.org/podcast/2025...
January 13, 2026 at 2:35 PM
ICYMI: The latest What’s in the SOSS? #podcast celebrates OpenSSF’s 5-year anniversary and recaps a huge year for open source security.
🎧 Listen here: openssf.org/podcast/2025...
🎧 Listen here: openssf.org/podcast/2025...
Conference badges can mean more than a name 🎟️
Madalin shares what it has meant to represent the Open Source Security Foundation and The Linux Foundation across Europe 🌍 from #opensource events to policy rooms and standards discussions.
Read the story: openssf.org/blog/2026/01...
#OSSSecurity
Madalin shares what it has meant to represent the Open Source Security Foundation and The Linux Foundation across Europe 🌍 from #opensource events to policy rooms and standards discussions.
Read the story: openssf.org/blog/2026/01...
#OSSSecurity
January 9, 2026 at 3:03 PM
Conference badges can mean more than a name 🎟️
Madalin shares what it has meant to represent the Open Source Security Foundation and The Linux Foundation across Europe 🌍 from #opensource events to policy rooms and standards discussions.
Read the story: openssf.org/blog/2026/01...
#OSSSecurity
Madalin shares what it has meant to represent the Open Source Security Foundation and The Linux Foundation across Europe 🌍 from #opensource events to policy rooms and standards discussions.
Read the story: openssf.org/blog/2026/01...
#OSSSecurity
🔍 VEX promises clarity in vulnerability management, but adoption is still uneven.
This #OpenSSF community paper looks at:
• What’s working (and what isn’t)
• CSAF vs OpenVEX vs SPDX vs CycloneDX
• Tooling gaps, trust, and regulation
...and more.
🔗: openssf.org/blog/2026/01...
This #OpenSSF community paper looks at:
• What’s working (and what isn’t)
• CSAF vs OpenVEX vs SPDX vs CycloneDX
• Tooling gaps, trust, and regulation
...and more.
🔗: openssf.org/blog/2026/01...
January 8, 2026 at 8:45 PM
🔍 VEX promises clarity in vulnerability management, but adoption is still uneven.
This #OpenSSF community paper looks at:
• What’s working (and what isn’t)
• CSAF vs OpenVEX vs SPDX vs CycloneDX
• Tooling gaps, trust, and regulation
...and more.
🔗: openssf.org/blog/2026/01...
This #OpenSSF community paper looks at:
• What’s working (and what isn’t)
• CSAF vs OpenVEX vs SPDX vs CycloneDX
• Tooling gaps, trust, and regulation
...and more.
🔗: openssf.org/blog/2026/01...
👀 Everyone’s talking about the #OSPSBaseline.
This new blog serves as a "Resource Hub" where you can learn what it is, see it in action, and understand how open source projects can improve security over time.
📎 Read: openssf.org/blog/2026/01...
This new blog serves as a "Resource Hub" where you can learn what it is, see it in action, and understand how open source projects can improve security over time.
📎 Read: openssf.org/blog/2026/01...
January 7, 2026 at 9:07 PM
👀 Everyone’s talking about the #OSPSBaseline.
This new blog serves as a "Resource Hub" where you can learn what it is, see it in action, and understand how open source projects can improve security over time.
📎 Read: openssf.org/blog/2026/01...
This new blog serves as a "Resource Hub" where you can learn what it is, see it in action, and understand how open source projects can improve security over time.
📎 Read: openssf.org/blog/2026/01...
📖 Part 2 of this blog series shares practical tips for using #AI in software development, avoiding “vibe coding,” & strengthening security through human review & intent.
Take a clear look at where AI helps, where it doesn’t, & what comes next: openssf.org/blog/2026/01...
Take a clear look at where AI helps, where it doesn’t, & what comes next: openssf.org/blog/2026/01...
January 5, 2026 at 9:55 PM
📖 Part 2 of this blog series shares practical tips for using #AI in software development, avoiding “vibe coding,” & strengthening security through human review & intent.
Take a clear look at where AI helps, where it doesn’t, & what comes next: openssf.org/blog/2026/01...
Take a clear look at where AI helps, where it doesn’t, & what comes next: openssf.org/blog/2026/01...
🎙️ "What's in the SOSS?" Podcast Season Finale is live!
Join co-hosts CRob & Yesenia for a special season finale celebrating OpenSSF’s 5th anniversary, & a look back at a truly transformative year for open source security. 🛡️
🎧 Listen: openssf.org/podcast/2025...
#OSSSecurity
Join co-hosts CRob & Yesenia for a special season finale celebrating OpenSSF’s 5th anniversary, & a look back at a truly transformative year for open source security. 🛡️
🎧 Listen: openssf.org/podcast/2025...
#OSSSecurity
December 30, 2025 at 6:15 PM
🎙️ "What's in the SOSS?" Podcast Season Finale is live!
Join co-hosts CRob & Yesenia for a special season finale celebrating OpenSSF’s 5th anniversary, & a look back at a truly transformative year for open source security. 🛡️
🎧 Listen: openssf.org/podcast/2025...
#OSSSecurity
Join co-hosts CRob & Yesenia for a special season finale celebrating OpenSSF’s 5th anniversary, & a look back at a truly transformative year for open source security. 🛡️
🎧 Listen: openssf.org/podcast/2025...
#OSSSecurity
💻 AI is now the norm in software development, but security hasn’t caught up.
This blog explains:
• Why productivity is driving #AI adoption
• Where AI-generated code creates real security risk
• What developers need to watch out for
Read Part 1:
openssf.org/blog/2025/12...
This blog explains:
• Why productivity is driving #AI adoption
• Where AI-generated code creates real security risk
• What developers need to watch out for
Read Part 1:
openssf.org/blog/2025/12...
December 29, 2025 at 7:57 PM
💻 AI is now the norm in software development, but security hasn’t caught up.
This blog explains:
• Why productivity is driving #AI adoption
• Where AI-generated code creates real security risk
• What developers need to watch out for
Read Part 1:
openssf.org/blog/2025/12...
This blog explains:
• Why productivity is driving #AI adoption
• Where AI-generated code creates real security risk
• What developers need to watch out for
Read Part 1:
openssf.org/blog/2025/12...
🧑🌾 bomctl makes SBOMs easier to work with by handling format and version differences for you. Convert between SPDX and CycloneDX, upgrade spec versions, and link #SBOMs across suppliers and systems.
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
Inside the bomctl Project: Bridging SBOM Generation & Analysis | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 22, 2025 at 9:33 PM
🧑🌾 bomctl makes SBOMs easier to work with by handling format and version differences for you. Convert between SPDX and CycloneDX, upgrade spec versions, and link #SBOMs across suppliers and systems.
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
OpenSSF-funded improvements to sigstore’s rekor-monitor are making transparency logs easier to monitor for malicious package releases and identity misuse.
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
December 19, 2025 at 6:19 PM
OpenSSF-funded improvements to sigstore’s rekor-monitor are making transparency logs easier to monitor for malicious package releases and identity misuse.
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
As 2025 comes to a close, we’re grateful for the people behind open source security.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
December 19, 2025 at 5:24 PM
As 2025 comes to a close, we’re grateful for the people behind open source security.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
The December 2025 #OpenSSF Newsletter is live 🎉
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
December 18, 2025 at 3:54 PM
The December 2025 #OpenSSF Newsletter is live 🎉
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
🛡️ #gittuf brings supply chain security to the source itself - applying portable, policy-based attestations directly to Git repositories. From two-party reviews to test enforcement, gittuf makes GitOps & repo-driven workflows more trustworthy by default.
🎥 : youtu.be/bQ-GHyHJcbc?...
🎥 : youtu.be/bQ-GHyHJcbc?...
Inside the gittuf Project: Platform-Agnostic Git Security | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 17, 2025 at 9:33 PM
🛡️ #gittuf brings supply chain security to the source itself - applying portable, policy-based attestations directly to Git repositories. From two-party reviews to test enforcement, gittuf makes GitOps & repo-driven workflows more trustworthy by default.
🎥 : youtu.be/bQ-GHyHJcbc?...
🎥 : youtu.be/bQ-GHyHJcbc?...
🎙️ New episode of What’s in the SOSS is live!
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
December 16, 2025 at 2:46 PM
🎙️ New episode of What’s in the SOSS is live!
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
GUAC: Mapping Software Relationships for Supply Chain Security | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 15, 2025 at 9:28 PM
When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
💡 This week’s OpenSSF Project Spotlight explores the Model Signing project with Mihai. Learn how verified model signatures help trainers & developers ensure their models haven’t been altered; and why lightweight, flexible signing beats container-bound approaches.
👀 youtu.be/P1AE23uZQ50?...
#AIML
👀 youtu.be/P1AE23uZQ50?...
#AIML
Inside the OpenSSF Model Signing Project: Securing the ML Supply Chain | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 12, 2025 at 9:00 PM
💡 This week’s OpenSSF Project Spotlight explores the Model Signing project with Mihai. Learn how verified model signatures help trainers & developers ensure their models haven’t been altered; and why lightweight, flexible signing beats container-bound approaches.
👀 youtu.be/P1AE23uZQ50?...
#AIML
👀 youtu.be/P1AE23uZQ50?...
#AIML
💡 Read the final post of the From Beginner to Builder blog series, where we highlight free courses that help contributors build confidence across AI/ML #security, policy & compliance, ethics, inclusion, & community leadership and more!
Read now: openssf.org/blog/2025/12...
Read now: openssf.org/blog/2025/12...
December 12, 2025 at 8:29 PM
💡 Read the final post of the From Beginner to Builder blog series, where we highlight free courses that help contributors build confidence across AI/ML #security, policy & compliance, ethics, inclusion, & community leadership and more!
Read now: openssf.org/blog/2025/12...
Read now: openssf.org/blog/2025/12...
🎉 We’re excited to share our 2025 Annual Report, highlighting the milestones & collective achievements that shaped this year. Read the blog for a first glimpse into the stories, challenges, and quiet breakthroughs behind the numbers.
📘 Blog: openssf.org/blog/2025/12...
#OpenSSF #2025Wrapped
📘 Blog: openssf.org/blog/2025/12...
#OpenSSF #2025Wrapped
December 11, 2025 at 9:54 PM
🎉 We’re excited to share our 2025 Annual Report, highlighting the milestones & collective achievements that shaped this year. Read the blog for a first glimpse into the stories, challenges, and quiet breakthroughs behind the numbers.
📘 Blog: openssf.org/blog/2025/12...
#OpenSSF #2025Wrapped
📘 Blog: openssf.org/blog/2025/12...
#OpenSSF #2025Wrapped
💡 How can developers work with SBOMs without worrying about formats, parsers, or complex tooling?
⚙️ Puerco introduces #Protobom, a universal I/O layer for SBOM data that lets you read and write any SBOM format through a single, unified abstraction.
Learn more: youtu.be/YhdRE6IdUuw?...
⚙️ Puerco introduces #Protobom, a universal I/O layer for SBOM data that lets you read and write any SBOM format through a single, unified abstraction.
Learn more: youtu.be/YhdRE6IdUuw?...
Protobom Project Explained: A Unified Protocol Buffers Model for SBOMs | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 8, 2025 at 9:00 PM
💡 How can developers work with SBOMs without worrying about formats, parsers, or complex tooling?
⚙️ Puerco introduces #Protobom, a universal I/O layer for SBOM data that lets you read and write any SBOM format through a single, unified abstraction.
Learn more: youtu.be/YhdRE6IdUuw?...
⚙️ Puerco introduces #Protobom, a universal I/O layer for SBOM data that lets you read and write any SBOM format through a single, unified abstraction.
Learn more: youtu.be/YhdRE6IdUuw?...
🇰🇷 #OpenSSFCommunity Day Korea took place this November in Seoul, bringing developers and security engineers together for a day of practical discussions on software security.
💬 If you missed the event, don’t miss the full recap: openssf.org/blog/2025/12...
💬 If you missed the event, don’t miss the full recap: openssf.org/blog/2025/12...
December 5, 2025 at 6:39 PM
🇰🇷 #OpenSSFCommunity Day Korea took place this November in Seoul, bringing developers and security engineers together for a day of practical discussions on software security.
💬 If you missed the event, don’t miss the full recap: openssf.org/blog/2025/12...
💬 If you missed the event, don’t miss the full recap: openssf.org/blog/2025/12...
🌟 Security Insight: A New OpenSSF Project Highlight
Eddie Knight explains Security Insights, an OpenSSF specification that assists projects in publishing important security statistics in an organized, machine-readable way.
Watch the video: youtu.be/kWpncbcqscc?...
#OpenSSF
Eddie Knight explains Security Insights, an OpenSSF specification that assists projects in publishing important security statistics in an organized, machine-readable way.
Watch the video: youtu.be/kWpncbcqscc?...
#OpenSSF
Security Insights: Machine-Readable Security Metadata for Open Source | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 4, 2025 at 4:17 PM
🌟 Security Insight: A New OpenSSF Project Highlight
Eddie Knight explains Security Insights, an OpenSSF specification that assists projects in publishing important security statistics in an organized, machine-readable way.
Watch the video: youtu.be/kWpncbcqscc?...
#OpenSSF
Eddie Knight explains Security Insights, an OpenSSF specification that assists projects in publishing important security statistics in an organized, machine-readable way.
Watch the video: youtu.be/kWpncbcqscc?...
#OpenSSF
#CyberWeek is LIVE! ⚡
Hear from David A. Wheeler on why now is the best time to build your security skills. From Dec 1–9, get the Linux Foundation Education's biggest course savings!
Your future self will thank you.
➡️ training.linuxfoundation.org/cyber-week-2...
➡️ openssf.org/training/
Hear from David A. Wheeler on why now is the best time to build your security skills. From Dec 1–9, get the Linux Foundation Education's biggest course savings!
Your future self will thank you.
➡️ training.linuxfoundation.org/cyber-week-2...
➡️ openssf.org/training/
December 3, 2025 at 3:35 PM
#CyberWeek is LIVE! ⚡
Hear from David A. Wheeler on why now is the best time to build your security skills. From Dec 1–9, get the Linux Foundation Education's biggest course savings!
Your future self will thank you.
➡️ training.linuxfoundation.org/cyber-week-2...
➡️ openssf.org/training/
Hear from David A. Wheeler on why now is the best time to build your security skills. From Dec 1–9, get the Linux Foundation Education's biggest course savings!
Your future self will thank you.
➡️ training.linuxfoundation.org/cyber-week-2...
➡️ openssf.org/training/
New What’s in the SOSS episode with Jay White from Microsoft. We talk AI, model signing, supply chain security, and why community collaboration matters.
Listen here: openssf.org/podcast/2025...
#OpenSSF
Listen here: openssf.org/podcast/2025...
#OpenSSF
December 2, 2025 at 2:47 PM
New What’s in the SOSS episode with Jay White from Microsoft. We talk AI, model signing, supply chain security, and why community collaboration matters.
Listen here: openssf.org/podcast/2025...
#OpenSSF
Listen here: openssf.org/podcast/2025...
#OpenSSF