OpenSSF
@openssf.org
Open Source Security Foundation (OpenSSF)
Together, we're securing the open source ecosystem
http://openssf.org
#OSSSecurity #OpenSSFCommunity
Together, we're securing the open source ecosystem
http://openssf.org
#OSSSecurity #OpenSSFCommunity
News from Open Source #SecurityCon
New members: Target and Thread AI
Membership upgrade: OSTIF
Golden Egg Awards go to Sarah Evans, Justin Cappos, Patrick Zielinski, Evan Anderson and Brandt Keller 🎉
openssf.org/press-releas...
New members: Target and Thread AI
Membership upgrade: OSTIF
Golden Egg Awards go to Sarah Evans, Justin Cappos, Patrick Zielinski, Evan Anderson and Brandt Keller 🎉
openssf.org/press-releas...
November 10, 2025 at 2:40 PM
News from Open Source #SecurityCon
New members: Target and Thread AI
Membership upgrade: OSTIF
Golden Egg Awards go to Sarah Evans, Justin Cappos, Patrick Zielinski, Evan Anderson and Brandt Keller 🎉
openssf.org/press-releas...
New members: Target and Thread AI
Membership upgrade: OSTIF
Golden Egg Awards go to Sarah Evans, Justin Cappos, Patrick Zielinski, Evan Anderson and Brandt Keller 🎉
openssf.org/press-releas...
Join us at #KubeCon for a deep-dive on SBOMit -- a build-time technique for generating in-toto attestations and using them to produce SBOMs that don’t miss dependencies.
📅 Tue, Nov 11, 2025
🕑 2:00–5:00 PM
📍 Building B | Level 2 | Room B213
#SBOM #OSSSecurity
📅 Tue, Nov 11, 2025
🕑 2:00–5:00 PM
📍 Building B | Level 2 | Room B213
#SBOM #OSSSecurity
November 5, 2025 at 9:44 PM
Join us at #KubeCon for a deep-dive on SBOMit -- a build-time technique for generating in-toto attestations and using them to produce SBOMs that don’t miss dependencies.
📅 Tue, Nov 11, 2025
🕑 2:00–5:00 PM
📍 Building B | Level 2 | Room B213
#SBOM #OSSSecurity
📅 Tue, Nov 11, 2025
🕑 2:00–5:00 PM
📍 Building B | Level 2 | Room B213
#SBOM #OSSSecurity
How can open source maintainers prove their project’s security posture?
💬 Learn about the OSPS Baseline in our latest What’s in the SOSS? discussion with Ben Cotton & Eddie Knight.
openssf.org/podcast/2025...
#OpenSSF
💬 Learn about the OSPS Baseline in our latest What’s in the SOSS? discussion with Ben Cotton & Eddie Knight.
openssf.org/podcast/2025...
#OpenSSF
November 4, 2025 at 3:10 PM
How can open source maintainers prove their project’s security posture?
💬 Learn about the OSPS Baseline in our latest What’s in the SOSS? discussion with Ben Cotton & Eddie Knight.
openssf.org/podcast/2025...
#OpenSSF
💬 Learn about the OSPS Baseline in our latest What’s in the SOSS? discussion with Ben Cotton & Eddie Knight.
openssf.org/podcast/2025...
#OpenSSF
ICYMI 👻 Attackers are using AI… and it’s spooky.
Great insights from Hugo Huang + Canonical on why securing AI is the next battleground and how open source helps.
Read more 👉 openssf.org/blog/2025/08...
#OpenSSF
Great insights from Hugo Huang + Canonical on why securing AI is the next battleground and how open source helps.
Read more 👉 openssf.org/blog/2025/08...
#OpenSSF
October 31, 2025 at 4:38 PM
ICYMI 👻 Attackers are using AI… and it’s spooky.
Great insights from Hugo Huang + Canonical on why securing AI is the next battleground and how open source helps.
Read more 👉 openssf.org/blog/2025/08...
#OpenSSF
Great insights from Hugo Huang + Canonical on why securing AI is the next battleground and how open source helps.
Read more 👉 openssf.org/blog/2025/08...
#OpenSSF
🚨 Zarf Tech Talk happening next Thursday 2PM ET!
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly in air-gapped environments.
Register: openssf.org/resources/te...
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly in air-gapped environments.
Register: openssf.org/resources/te...
October 30, 2025 at 8:52 PM
🚨 Zarf Tech Talk happening next Thursday 2PM ET!
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly in air-gapped environments.
Register: openssf.org/resources/te...
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly in air-gapped environments.
Register: openssf.org/resources/te...
🚨 Zarf Tech Talk happening next Thursday 2PM ET!
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly, no connection required.
Register: openssf.org/resources/te...
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly, no connection required.
Register: openssf.org/resources/te...
October 30, 2025 at 8:50 PM
🚨 Zarf Tech Talk happening next Thursday 2PM ET!
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly, no connection required.
Register: openssf.org/resources/te...
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly, no connection required.
Register: openssf.org/resources/te...
Stay informed in the fast-moving world of open source security. The October #OpenSSF Newsletter covers AI security, SBOM evolution, OpenSSF Scorecard improvements, and upcoming events built for developers.
Read the full update: openssf.org/newsletter/2...
Read the full update: openssf.org/newsletter/2...
October 29, 2025 at 8:26 PM
Stay informed in the fast-moving world of open source security. The October #OpenSSF Newsletter covers AI security, SBOM evolution, OpenSSF Scorecard improvements, and upcoming events built for developers.
Read the full update: openssf.org/newsletter/2...
Read the full update: openssf.org/newsletter/2...
📣 Our next Tech Talk is around the corner. Hear from experts from Defense Unicorns, Boeing, and Sonatype as they talk about how OpenSSF project #Zarf simplifies software delivery in disconnected or semi-connected environments.
📅 Sign-up now: openssf.org/resources/te...
#openssf
📅 Sign-up now: openssf.org/resources/te...
#openssf
October 27, 2025 at 8:25 PM
📣 Our next Tech Talk is around the corner. Hear from experts from Defense Unicorns, Boeing, and Sonatype as they talk about how OpenSSF project #Zarf simplifies software delivery in disconnected or semi-connected environments.
📅 Sign-up now: openssf.org/resources/te...
#openssf
📅 Sign-up now: openssf.org/resources/te...
#openssf
The global push for #SBOM standards is reshaping how we approach cybersecurity and transparency. 🌍
Explore how the EU #CRA, CISA, and @OpenSSF efforts are aligning global software supply chain security.
openssf.org/blog/2025/10...
Explore how the EU #CRA, CISA, and @OpenSSF efforts are aligning global software supply chain security.
openssf.org/blog/2025/10...
October 22, 2025 at 4:51 PM
The global push for #SBOM standards is reshaping how we approach cybersecurity and transparency. 🌍
Explore how the EU #CRA, CISA, and @OpenSSF efforts are aligning global software supply chain security.
openssf.org/blog/2025/10...
Explore how the EU #CRA, CISA, and @OpenSSF efforts are aligning global software supply chain security.
openssf.org/blog/2025/10...
💬 “You are not alone. It’s totally OK to ask for help.” — Seth Larson
In this week’s What's In the SOSS podcast, Seth Larson joins host Yesenia Yser to talk about trust, maintainers, and building security together.
🎧 Listen: openssf.org/podcast/2025...
#OpenSSFCommunity
In this week’s What's In the SOSS podcast, Seth Larson joins host Yesenia Yser to talk about trust, maintainers, and building security together.
🎧 Listen: openssf.org/podcast/2025...
#OpenSSFCommunity
October 21, 2025 at 1:51 PM
💬 “You are not alone. It’s totally OK to ask for help.” — Seth Larson
In this week’s What's In the SOSS podcast, Seth Larson joins host Yesenia Yser to talk about trust, maintainers, and building security together.
🎧 Listen: openssf.org/podcast/2025...
#OpenSSFCommunity
In this week’s What's In the SOSS podcast, Seth Larson joins host Yesenia Yser to talk about trust, maintainers, and building security together.
🎧 Listen: openssf.org/podcast/2025...
#OpenSSFCommunity
❓What’s new in the #OSPS Baseline?
The latest release (v2025-10-10) refines guidance across access control, build & release practices, and documentation, making it easier for maintainers to adopt and demonstrate strong security practices.
baseline.openssf.org/release_note...
The latest release (v2025-10-10) refines guidance across access control, build & release practices, and documentation, making it easier for maintainers to adopt and demonstrate strong security practices.
baseline.openssf.org/release_note...
October 17, 2025 at 5:35 PM
❓What’s new in the #OSPS Baseline?
The latest release (v2025-10-10) refines guidance across access control, build & release practices, and documentation, making it easier for maintainers to adopt and demonstrate strong security practices.
baseline.openssf.org/release_note...
The latest release (v2025-10-10) refines guidance across access control, build & release practices, and documentation, making it easier for maintainers to adopt and demonstrate strong security practices.
baseline.openssf.org/release_note...
💚 #OSS thrives when communities are welcoming and inclusive.
Listen to the latest GR-OSS OUT Podcast from G-Research, Tabatha DiDomenico & Stacey Potter from OpenSSF
🎧 www.youtube.com/watch?v=Us_M...
Listen to the latest GR-OSS OUT Podcast from G-Research, Tabatha DiDomenico & Stacey Potter from OpenSSF
🎧 www.youtube.com/watch?v=Us_M...
GR-OSS OUT Podcast Episode 15: Stacey Potter - Building Welcoming Communities
YouTube video by GR Open Source Software
www.youtube.com
October 17, 2025 at 2:24 PM
💚 #OSS thrives when communities are welcoming and inclusive.
Listen to the latest GR-OSS OUT Podcast from G-Research, Tabatha DiDomenico & Stacey Potter from OpenSSF
🎧 www.youtube.com/watch?v=Us_M...
Listen to the latest GR-OSS OUT Podcast from G-Research, Tabatha DiDomenico & Stacey Potter from OpenSSF
🎧 www.youtube.com/watch?v=Us_M...
🚀 Ready to build software securely in the age of AI?
#AI code assistants can boost productivity, but they can also introduce real security risks.
Earn your digital badge in just one hour and write safer, smarter code.
📘 openssf.org/blog/2025/10...
👉 training.linuxfoundation.org/express-lear...
#AI code assistants can boost productivity, but they can also introduce real security risks.
Earn your digital badge in just one hour and write safer, smarter code.
📘 openssf.org/blog/2025/10...
👉 training.linuxfoundation.org/express-lear...
October 16, 2025 at 3:27 PM
🚀 Ready to build software securely in the age of AI?
#AI code assistants can boost productivity, but they can also introduce real security risks.
Earn your digital badge in just one hour and write safer, smarter code.
📘 openssf.org/blog/2025/10...
👉 training.linuxfoundation.org/express-lear...
#AI code assistants can boost productivity, but they can also introduce real security risks.
Earn your digital badge in just one hour and write safer, smarter code.
📘 openssf.org/blog/2025/10...
👉 training.linuxfoundation.org/express-lear...
42 is the answer to life, the universe… and everything.
For #OpenSSF, it’s the answer to secure AI development.
Listen to What’s in the SOSS? Episode #42 ft. David A. Wheeler + the launch of LFEL1012
🎧 Listen → openssf.org/podcast/2025...
🎓 Enroll → training.linuxfoundation.org/express-lear...
For #OpenSSF, it’s the answer to secure AI development.
Listen to What’s in the SOSS? Episode #42 ft. David A. Wheeler + the launch of LFEL1012
🎧 Listen → openssf.org/podcast/2025...
🎓 Enroll → training.linuxfoundation.org/express-lear...
October 16, 2025 at 1:02 PM
42 is the answer to life, the universe… and everything.
For #OpenSSF, it’s the answer to secure AI development.
Listen to What’s in the SOSS? Episode #42 ft. David A. Wheeler + the launch of LFEL1012
🎧 Listen → openssf.org/podcast/2025...
🎓 Enroll → training.linuxfoundation.org/express-lear...
For #OpenSSF, it’s the answer to secure AI development.
Listen to What’s in the SOSS? Episode #42 ft. David A. Wheeler + the launch of LFEL1012
🎧 Listen → openssf.org/podcast/2025...
🎓 Enroll → training.linuxfoundation.org/express-lear...
🎉 The new #Sigstore Rekor transparency log public dataset is now available on BigQuery!
This dataset makes it easier for researchers to analyze software signing trends & understand how artifacts are signed across the open source ecosystem.
🔗 Read: openssf.org/blog/2025/10...
This dataset makes it easier for researchers to analyze software signing trends & understand how artifacts are signed across the open source ecosystem.
🔗 Read: openssf.org/blog/2025/10...
October 15, 2025 at 7:20 PM
🎉 The new #Sigstore Rekor transparency log public dataset is now available on BigQuery!
This dataset makes it easier for researchers to analyze software signing trends & understand how artifacts are signed across the open source ecosystem.
🔗 Read: openssf.org/blog/2025/10...
This dataset makes it easier for researchers to analyze software signing trends & understand how artifacts are signed across the open source ecosystem.
🔗 Read: openssf.org/blog/2025/10...
Heading to #PyTorchCon 2025? Don’t miss our BoF on Applying DevSecOps Lessons to MLSecOps (Oct 23 | 10:30 AM PDT).
Join Jeff Diecks + Mihai Maruseac as we explore secure AI/ML development with the OpenSSF AI/ML Security WG.
👉 sched.co/27QQG
#OpenSSF #MLSecOps
Join Jeff Diecks + Mihai Maruseac as we explore secure AI/ML development with the OpenSSF AI/ML Security WG.
👉 sched.co/27QQG
#OpenSSF #MLSecOps
October 14, 2025 at 8:00 PM
Heading to #PyTorchCon 2025? Don’t miss our BoF on Applying DevSecOps Lessons to MLSecOps (Oct 23 | 10:30 AM PDT).
Join Jeff Diecks + Mihai Maruseac as we explore secure AI/ML development with the OpenSSF AI/ML Security WG.
👉 sched.co/27QQG
#OpenSSF #MLSecOps
Join Jeff Diecks + Mihai Maruseac as we explore secure AI/ML development with the OpenSSF AI/ML Security WG.
👉 sched.co/27QQG
#OpenSSF #MLSecOps
The @ostifofficial.bsky.social recently completed a security audit of #OpenSSFScorecard.
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
October 10, 2025 at 5:42 PM
The @ostifofficial.bsky.social recently completed a security audit of #OpenSSFScorecard.
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
Financial services run on open source, and #OpenSSF is helping make it more secure.
At #OSFF, our community is leading sessions on:
🔹 OSPS Baseline
🔹 CVE & vulnerability data
🔹 AI security
📖Read the blog: openssf.org/blog/2025/10...
At #OSFF, our community is leading sessions on:
🔹 OSPS Baseline
🔹 CVE & vulnerability data
🔹 AI security
📖Read the blog: openssf.org/blog/2025/10...
October 9, 2025 at 8:07 PM
Financial services run on open source, and #OpenSSF is helping make it more secure.
At #OSFF, our community is leading sessions on:
🔹 OSPS Baseline
🔹 CVE & vulnerability data
🔹 AI security
📖Read the blog: openssf.org/blog/2025/10...
At #OSFF, our community is leading sessions on:
🔹 OSPS Baseline
🔹 CVE & vulnerability data
🔹 AI security
📖Read the blog: openssf.org/blog/2025/10...
Security is no longer optional -- it’s essential.
Join us at #OpenSource SecurityCon (co-located with #KubeCon + #CloudNativeCon North America 2025) to learn, connect & collaborate on the future of secure software.
Read more 👇
🔗 openssf.org/blog/2025/10...
Join us at #OpenSource SecurityCon (co-located with #KubeCon + #CloudNativeCon North America 2025) to learn, connect & collaborate on the future of secure software.
Read more 👇
🔗 openssf.org/blog/2025/10...
October 8, 2025 at 7:09 PM
Security is no longer optional -- it’s essential.
Join us at #OpenSource SecurityCon (co-located with #KubeCon + #CloudNativeCon North America 2025) to learn, connect & collaborate on the future of secure software.
Read more 👇
🔗 openssf.org/blog/2025/10...
Join us at #OpenSource SecurityCon (co-located with #KubeCon + #CloudNativeCon North America 2025) to learn, connect & collaborate on the future of secure software.
Read more 👇
🔗 openssf.org/blog/2025/10...
New #podcast episode 🎙️
AI agents are changing the game for open source security.
CRob talks with John Amaral of root.io about the shift from scanning to fixing first.
Listen → openssf.org/podcast/2025...
AI agents are changing the game for open source security.
CRob talks with John Amaral of root.io about the shift from scanning to fixing first.
Listen → openssf.org/podcast/2025...
October 7, 2025 at 4:11 PM
New #podcast episode 🎙️
AI agents are changing the game for open source security.
CRob talks with John Amaral of root.io about the shift from scanning to fixing first.
Listen → openssf.org/podcast/2025...
AI agents are changing the game for open source security.
CRob talks with John Amaral of root.io about the shift from scanning to fixing first.
Listen → openssf.org/podcast/2025...
⏪ On September 24, OpenSSF hosted a Tech Talk with experts on securing the #AI/ML lifecycle. Recording & slides now available: openssf.org/resources/te...
📖 Read the recap: openssf.org/blog/2025/10...
#OSSecurity
📖 Read the recap: openssf.org/blog/2025/10...
#OSSecurity
October 2, 2025 at 6:59 PM
⏪ On September 24, OpenSSF hosted a Tech Talk with experts on securing the #AI/ML lifecycle. Recording & slides now available: openssf.org/resources/te...
📖 Read the recap: openssf.org/blog/2025/10...
#OSSecurity
📖 Read the recap: openssf.org/blog/2025/10...
#OSSecurity
🎉 The September #OpenSSF Newsletter is live!
CRA + SBOM updates
Golden Egg Awards 🥚
AI/ML security resources
OpenSSF Community Day Europe & India recaps
New podcasts + free courses
openssf.org/newsletter/2...
CRA + SBOM updates
Golden Egg Awards 🥚
AI/ML security resources
OpenSSF Community Day Europe & India recaps
New podcasts + free courses
openssf.org/newsletter/2...
September 30, 2025 at 3:23 PM
🎉 The September #OpenSSF Newsletter is live!
CRA + SBOM updates
Golden Egg Awards 🥚
AI/ML security resources
OpenSSF Community Day Europe & India recaps
New podcasts + free courses
openssf.org/newsletter/2...
CRA + SBOM updates
Golden Egg Awards 🥚
AI/ML security resources
OpenSSF Community Day Europe & India recaps
New podcasts + free courses
openssf.org/newsletter/2...
⏳ Join our Securing the AI Lifecycle Tech Talk in 1.5 hours!
We’re bringing together experts from Intel Labs, Google, and Dell Technologies to explore how open source can make AI/ML pipelines more secure.
See you there at 1PM ET!
openssf.org/resources/te...
We’re bringing together experts from Intel Labs, Google, and Dell Technologies to explore how open source can make AI/ML pipelines more secure.
See you there at 1PM ET!
openssf.org/resources/te...
September 24, 2025 at 3:29 PM
⏳ Join our Securing the AI Lifecycle Tech Talk in 1.5 hours!
We’re bringing together experts from Intel Labs, Google, and Dell Technologies to explore how open source can make AI/ML pipelines more secure.
See you there at 1PM ET!
openssf.org/resources/te...
We’re bringing together experts from Intel Labs, Google, and Dell Technologies to explore how open source can make AI/ML pipelines more secure.
See you there at 1PM ET!
openssf.org/resources/te...
From SPDX to SBOMs to safety-critical systems, Kate Stewart has been shaping the future of secure open source.
In this episode of What’s in the SOSS?, she discusses her journey, Zephyr Project, ELISA Project and what the CRA means for developers and manufacturers.
openssf.org/podcast/2025...
In this episode of What’s in the SOSS?, she discusses her journey, Zephyr Project, ELISA Project and what the CRA means for developers and manufacturers.
openssf.org/podcast/2025...
September 23, 2025 at 1:49 PM
From SPDX to SBOMs to safety-critical systems, Kate Stewart has been shaping the future of secure open source.
In this episode of What’s in the SOSS?, she discusses her journey, Zephyr Project, ELISA Project and what the CRA means for developers and manufacturers.
openssf.org/podcast/2025...
In this episode of What’s in the SOSS?, she discusses her journey, Zephyr Project, ELISA Project and what the CRA means for developers and manufacturers.
openssf.org/podcast/2025...
Registries like PyPI, Maven Central & crates.io power the ecosystem.
They can’t run on goodwill alone.
OpenSSF endorses the Joint Statement on Sustainable Stewardship.
👉 openssf.org/blog/2025/09...
#PreserveOpenSource
They can’t run on goodwill alone.
OpenSSF endorses the Joint Statement on Sustainable Stewardship.
👉 openssf.org/blog/2025/09...
#PreserveOpenSource
September 23, 2025 at 10:16 AM
Registries like PyPI, Maven Central & crates.io power the ecosystem.
They can’t run on goodwill alone.
OpenSSF endorses the Joint Statement on Sustainable Stewardship.
👉 openssf.org/blog/2025/09...
#PreserveOpenSource
They can’t run on goodwill alone.
OpenSSF endorses the Joint Statement on Sustainable Stewardship.
👉 openssf.org/blog/2025/09...
#PreserveOpenSource