Skip to main content

Register for OpenSSF Community Day Europe

search
Yearly Archives

2025

Jun 25
Love0

An Introduction to the OpenSSF Model Signing (OMS) Specification: Model Signing for Secure and Trusted AI Supply Chains

By Blog, Guest Blog

By Mihai Maruseac (Google), Eoin Wickens (HiddenLayer), Daniel Major (NVIDIA), Martin Sablotny (NVIDIA)

As AI adoption continues to accelerate, so does the need to secure the AI supply chain. Organizations want to be able to verify that the models they build, deploy, or consume are authentic, untampered, and compliant with internal policies and external regulations. From tampered models to poisoned datasets, the risks facing production AI systems are growing — and the industry is responding.

In collaboration with industry partners, the Open Source Security Foundation (OpenSSF)’s AI/ML Working Group recently delivered a model signing solution. Today, we are formalizing the signature format as OpenSSF Model Signing (OMS): a flexible and implementation-agnostic standard for model signing, purpose-built for the unique requirements of AI workflows.

What is Model Signing

Model signing is a cryptographic process that creates a verifiable record of the origin and integrity of machine learning models.  Recipients can verify that a model was published by the expected source, and has not subsequently been tampered with.  

Signing AI artifacts is an essential step in building trust and accountability across the AI supply chain.  For projects that depend on open source foundational models, project teams can verify the models they are building upon are the ones they trust.  Organizations can trace the integrity of models — whether models are developed in-house, shared between teams, or deployed into production.  

Key stakeholders that benefit from model signing:

  • End users gain confidence that the models they are running are legitimate and unmodified.
  • Compliance and governance teams benefit from traceable metadata that supports audits and regulatory reporting.
  • Developers and MLOps teams are equipped to trace issues, improve incident response, and ensure reproducibility across experiments and deployments.

How does Model Signing Work

Model signing uses cryptographic keys to ensure the integrity and authenticity of an AI model. A signing program uses a private key to generate a digital signature for the model. This signature can then be verified by anyone using the corresponding public key. These keys can be generated a-priori, obtained from signing certificates, or generated transparently during the Sigstore signing flow.If verification succeeds, the model is confirmed as untampered and authentic; if it fails, the model may have been altered or is untrusted.

Figure 1:  Model Signing Diagram

How Does OMS Work

OMS Signature Format

OMS is designed to handle the complexity of modern AI systems, supporting any type of model format and models of any size. Instead of treating each file independently, OMS uses a detached OMS Signature Format that can represent multiple related artifacts—such as model weights, configuration files, tokenizers, and datasets—in a single, verifiable unit.

The OMS Signature Format includes: 

  • A list of all files in the bundle, each referenced by its cryptographic hash (e.g., SHA256)
  • An optional annotations section for custom, domain-specific fields (future support coming)
  • A digital signature that covers the entire manifest, ensuring tamper-evidence

The OMS Signature File follows the Sigstore Bundle Format, ensuring maximum compatibility with existing Sigstore (a graduated OpenSSF project) ecosystem tooling.  This detached format allows verification without modifying or repackaging the original content, making it easier to integrate into existing workflows and distribution systems.

OMS is PKI-agnostic, supporting a wide range of signing options, including:

  • Private or enterprise PKI systems
  • Self-signed certificates
  • Bare keys
  • Keyless signing with public or private Sigstore instances 

This flexibility enables organizations to adopt OMS without changing their existing key management or trust models.

Figure 1. OMS Signature Format

Signing and Verifying with OMS

As reference implementations to speed adoption, OMS offers both a command-line interface (CLI) for lightweight operational use and a Python library for deep integration into CI/CD pipelines, automated publishing flows, and model hubs. Other library integrations are planned.

Signing and Verifying with Sigstore

Shell
# install model-signing package
$ pip install model-signing

# signing the model with Sigstore
$ model_signing sign <MODEL_PATH>

# verification if the model is signed with Sigstore
$ model_signing verify \
  <MODEL_PATH> \
  --signature <OMS_SIG_FILE> \
  --identity "<IDENTITY>" \
  --identity_provider "<OIDC_PROVIDER>"

 

Signing and Verifying with PKI Certificates

Shell
# install model-signing package
$ pip install model-signing

# signing the model with a PKI certificate
$ model_signing sign  \
  --certificate_chain  \
  --private_key 

# verification if the model is signed with a PKI certificate
$ model_signing verify \
 <MODEL_PATH> \
  --signature <OMS_SIG_FILE> \
  --certificate_chain <ROOT_CERT>


 

Other examples, including signing using PKCS#11, can be found in the model-signing documentation.

This design enables better interoperability across tools and vendors, reduces manual steps in model validation, and helps establish a consistent trust foundation across the AI lifecycle.

Looking Ahead

The release of OMS marks a major step forward in securing the AI supply chain. By enabling organizations to verify the integrity, provenance, and trustworthiness of machine learning artifacts, OMS lays the foundation for safer, more transparent AI development and deployment.

Backed by broad industry collaboration and designed with real-world workflows in mind, OMS is ready for adoption today. Whether integrating model signing into CI/CD pipelines, enforcing provenance policies, or distributing models at scale, OMS provides the tools and flexibility to meet enterprise needs.

This is just the first step towards a future of secure AI supply chains. The OpenSSF AI/ML Working Group is engaging with the Coalition for Secure AI to incorporate other AI metadata into the OMS Signature Format, such as embedding rich metadata such as training data sources, model version, hardware used, and compliance attributes.  

To get started, explore the OMS specification, try the CLI and library, and join the OpenSSF AI/ML Working Group to help shape the future of trusted AI.

Special thanks to the contributors driving this effort forward, including Laurent Simon, Rich Harang, and the many others at Google, HiddenLayer, NVIDIA, Red Hat, Intel, Meta, IBM, Microsoft, and in the Sigstore, Coalition for Secure AI, and OpenSSF communities.

Mihai Maruseac is a member of the Google Open Source Security Team (GOSST), working on Supply Chain Security for ML. He is a co-lead on a Secure AI Framework (SAIF) workstream from Google. Under OpenSSF, Mihai chairs the AI/ML working group and the model signing project. Mihai is also a GUAC maintainer. Before joining GOSST, Mihai created the TensorFlow Security team and prior to Google, he worked on adding Differential Privacy to Machine Learning algorithms. Mihai has a PhD in Differential Privacy from UMass Boston.

Eoin Wickens, Director of Threat Intelligence at HiddenLayer, specializes in AI security, threat research, and malware reverse engineering. He has authored numerous articles on AI security, co-authored a book on cyber threat intelligence, and spoken at conferences such as SANS AI Cybersecurity Summit, BSides SF, LABSCON, and 44CON, and delivered the 2024 ACM SCORED opening keynote.

Daniel Major is a Distinguished Security Architect at NVIDIA, where he provides security leadership in areas such as code signing, device PKI, ML deployments and mobile operating systems. Previously, as Principal Security Architect at BlackBerry, he played a key role in leading the mobile phone division’s transition from BlackBerry 10 OS to Android. When not working, Daniel can be found planning his next travel adventure.

Martin Sablotny is a security architect for AI/ML at NVIDIA working on identifying existing gaps in AI security and researching solutions. He received his Ph.D. in computing science from the University of Glasgow in 2023. Before joining NVIDIA, he worked as a security researcher in the German military and conducted research in using AI for security at Google.

Jun 18
Love0

Member Spotlight: Datadog – Powering Open Source Security with Tools, Standards, and Community Leadership

By Blog

Datadog, a leading cloud-scale observability and security platform, joined the Open Source Security Foundation (OpenSSF) as a Premier Member in July, 2024. With both executive leadership and deep technical involvement, Datadog has rapidly become a force in advancing secure open source practices across the industry.

Key Contributions

GuardDog: Open Source Threat Detection

In early 2025, Datadog launched GuardDog, a Python-based open source tool that scans package ecosystems like npm, PyPI, and Go for signs of malicious behavior. GuardDog is backed by a publicly available threat dataset, giving developers and organizations real-time visibility into emerging supply chain risks.

This contribution directly supports OpenSSF’s mission to provide practical tools that harden open source ecosystems against common attack vectors—while promoting transparency and shared defense.

Datadog actively supports the open source security ecosystem through its engineering efforts, tooling contributions, and participation in the OpenSSF community:

  • SBOM Generation and Runtime Insights
    Datadog enhances the usability and value of Software Bills of Materials (SBOMs) through tools and educational content. Their blog, Enhance SBOMs with runtime security context, outlines how they combine SBOM data with runtime intelligence to identify real-world risks and vulnerabilities more effectively.
  • Open Source Tools Supporting SBOM Adoption
    Datadog maintains the SBOM Generator, an open source tool based on CycloneDX, which scans codebases to produce high-quality SBOMs. They also released the datadog-sca-github-action, a GitHub Action that automates SBOM generation and integrates results into the Datadog platform for improved visibility.
  • Sigstore and Software Signing
    As part of the OpenSSF ecosystem, Datadog supports efforts like Sigstore to bring cryptographic signing and verification to the software supply chain. These efforts align with Datadog’s broader commitment to improving software provenance and integrity, especially as part of secure build and deployment practices.
  • OpenSSF Membership
    As a Premier Member of OpenSSF, Datadog collaborates with industry leaders to advance best practices, contribute to strategic initiatives, and help shape the future of secure open source software.

These collaborations demonstrate Datadog’s investment in long-term, community-driven approaches to open source security.

What’s Next

Datadog takes the stage at OpenSSF Community Day North America on Thursday, June 26, 2025, in Denver, CO, co-located with Open Source Summit North America.

They’ll be presenting alongside Intel Labs in the session:

Talk Title: Harnessing In-toto Attestations for Security and Compliance With Next-gen Policies
Time: 3:10–3:30 PM MDT
Location: Bluebird Ballroom 3A
Speakers:

  • Trishank Karthik Kuppusamy, Staff Engineer, Datadog
  • Marcela Melara, Research Scientist, Intel Labs

This session dives into the evolution of the in-toto Attestation Framework, spotlighting new policy standards that make it easier for consumers and auditors to derive meaningful insights from authenticated metadata—such as SBOMs and SLSA Build Provenance. Attendees will see how the latest policy framework bridges gaps in compatibility and usability with a flexible, real-world-ready approach to securing complex software supply chains.

Register now and connect with Datadog, Intel Labs, and fellow open source security leaders in Denver.

Why It Matters

By contributing to secure development frameworks, creating open source tooling, and educating the broader community, Datadog exemplifies what it means to be an OpenSSF Premier Member. Their work is hands-on, standards-driven, and deeply collaborative—helping make open source safer for everyone.

Learn More

Jun 17
Love0

What’s in the SOSS? Podcast #33 – S2E10 Bridging DevOps and Security: Tracy Ragan on the Future of Open Source

By Podcast

Summary

In this episode of What’s in the SOSS, we sit down with longtime open source leader and DevOps champion Tracy Ragan. From her early days with the Eclipse Foundation to her current work with Ortelius, the Continuous Delivery Foundation, and the OpenSSF, Tracy shares her journey through the ever-evolving world of open source security.

We dig into the importance of configuration management, what DevSecOps really means, and how projects like the OpenSSF Scorecard and Ortelius help make our software supply chains more transparent and secure. Plus, we tackle the education gap between security pros and DevOps engineers — and how we can bridge it.

If you’re curious about building more secure pipelines or just want to geek out about SBOMs and OpenSSF Scorecard, this episode is for you.

Conversation Highlights

00:25 – Welcome + Tracy’s Open Source Origin Story
02:00 – Early Days at the Eclipse Foundation
03:10 – DevOps + DevSecOps: Why It Matters
04:20 – Explaining the DevOps “Factory Floor”
06:00 – DevOps Pipelines as Security Data Engines
07:50 – What Is the OpenSSF Scorecard?
09:30 – Ortelius: Aggregating DevOps + Security Insights
11:20 – The DevOps Budget Problem + Exposing Insecure Packages
13:00 – Why DevRel Is Critical for DevOps Security Education
15:40 – Crossing the Divide Between DevOps and Security Teams
16:10 – Rapid Fire: Editors, Mascots & Spicy Food
17:30 – Final Call to Action + How to Get Involved

Transcript

CRob (00:25.07)
Welcome, welcome, welcome to What’s in the SOSS. The OpenSSF podcast where we talk to the amazing people that help make this open source ecosystem for the benefit of everybody. Today we have a real treat: friend of the show Tracy Ragan is here to talk with us about several topics near and dear to her heart. But Tracy before we dive into the exciting technology, can you maybe give us a little bit of information about your open source origin story?

Tracy Ragan
man, which one? When I first started getting involved in open source was the Eclipse Foundation. The Eclipse Foundation was my first foundation in open source and was really the beginning of me understanding what open source was and why it’s important. This was during my Open Mac software days and I think IBM was looking for a woman to be in the room.

To be honest. one of them reached out to me and said, hey, we need somebody technical to add to this board. Would you be interested? And I said, sure. So I went on an honesty of, I always think I was number five or six on the original Eclipse board. I actually even did the help doing the interview and chose Mike as our fearless leader. So I’ve been doing open source for some time, really, and been on these boards for a good part of my career.

CRob
That’s awesome. And it’s like super helpful being able to steer a significant part of the ecosystem through that board membership.

Tracy Ragan (02:07.234)
Yeah, and open source boards are a beast of their own to be quiet on. Because they get so big, and that’s good, but sometimes it can be bad and it can be hard to navigate, but it seems to always work out.

Right.

CRob (02:21.038)
That’s great. So you’ve been doing open source for quite some time and what types of projects are you engaged with more frequently this time right now?

Tracy Ragan
So, you know, I keep my foot in two realms. One foot is in the open source security foundation and the other is in the continuous delivery foundation. I’m a DevOps person. That’s who I am. I have been doing configuration management and whatever you want to call it over the years has gone through so many ridiculous acronyms. But when we really boil it down, it’s still configuration management and getting code from Code to Cloud, let’s just call it that. So I lead an open source project at the Continuous Delivery Foundation called Ortelius, and we’re going to talk a little bit about that. But I also try to keep involved in the open source of the OpenSSF as much as I can. And of course, I get involved in things like the Security Tooling Working Group.

I’m working with Ryan Ware over there too, because that really falls into my area of expertise, right? If it has the word tooling, I’m interested. Because I’m a DevOps person, you know? Is there something I should be adding to my DevOps practice? And then I’ve been involved in DevRel and I’m on the marketing committee and I help lead some of the initiatives at the OpenSSF is working on. But really where my heart is is in between, it sits in between DevOps and open source security. And we can call that DevSecOps if you want, we could all call it DevOSSOps. So that’s what I’ve been working on for the last four years.

CRob (04:21.805)
To go a little bit off script since you opened the door for our audience. Could you maybe explain a little bit more about DevOps and kind of why it’s important for open source communities to have this capability?

Tracy Ragan
So we all have a factory floor that we run. moving code from, if we talk about the software supply chain, let’s just talk about it from that perspective. We are pulling in packages, whether it be an enterprise piece of enterprise code or open source code or something the government’s writing, we pull in these packages, these transitive dependencies that we don’t necessarily understand. We just know we have to have them.

And that’s the way life is. We’ve built this ginormous, I like to call it a Death Star of open source packages and dependencies that we use. We’ve done that over the course of the last 15 years, and we’re not going back. So DevOps, the idea of continuously integrating and continuously deploying code out to end user consumers. We won’t identify what that consumer is. It could be a developer consuming your code, or you could be delivering software to an end user that’s running a mortgage application. When we do that, we have traditionally focused on just being able to execute build and deploy scripts, which is really important.

Gathering the information from the build and deploy scripts is really critical right now in where we are right now in tracking vulnerabilities. Because it shows two things. The build scripts, if we’re doing an SBOM, and please do, shows us the packages we’re consuming. And the deploy script shows where we’re deploying them. So the DevOps, you know, the DevOps pipeline is important, but the data that it generates is critical right now, absolutely critical. So we should all be doing some level of DevOps, but in my mind, we should all be gathering the DevOps information and making it actionable. So we have a lot to do in terms of evolving where we are in the CI, CD world and the continuous delivery foundation and where we believe this kind of technology, how it should evolve.

In my mind right now, we have so many things that we’re working on. AI is chasing us. We have vulnerabilities we’re worrying about. And right now, we haven’t done a whole lot to evolve the DevOps pipeline. So that’s why I talk about it as much as I can. Because that’s where we’re going to find vulnerabilities and fix them. Otherwise, we’re not going to do that.

CRob
Absolutely. And to bridge these two worlds, you recently helped write a blog about our OpenSSF Scorecard, which is a tool that consumers can use to kind of understand the security qualities of software. Could you maybe talk a little bit about your blog and what you were trying to educate folks about?

Tracy Ragan
So we have several really awesome tools at the OpenSSF, one of which is one of the first ones that we came out with. Jamie Thomas kind of spearheaded this called the OpenSSF Scorecard. And what it does is it goes through and it evaluates your repo on certain characteristics.

if I can think about them, dependency management, security configuration, your quality of your code, access control, documentation, if you’re using a CI-CD tool, if you have actions, security practices. And it gives a score for each of those areas to try to define what the… This is the closest we’ll have to compliance in the open source community. Compliance is critical.

Tracy Ragan (08:26.754)
but how do you enforce compliance? But one way is we can evaluate it. So OpenSS Scorecard, I have found to be a very interesting project and as I have pointed out, one of the first of the OpenSSF, which doesn’t mean it was new and it needed extra work. It is about as complete as you can get for doing compliance around open source repos. So…

We at Ortelius, so Ortelius is an open source project incubating at the Continuous Delivery Foundation. We started incubating there before the OpenSSF was formed. And what we do is we gather all that critical DevOps data from the pipeline. Okay, so we like to call us an evidence store. And part of what we gather is the OpenSSF Scorecard.

So if you’re a consumer and you want to know the score of the packages that your application is consuming, Ortelius can provide that information to you. And not only that, what it does is it aggregates. So if you’re working in a decoupled architecture, you’ve got 100 containers that you’re building, and each one of those containers has code, and each one of those containers have an OpenSSF Scorecard, and the packages within them have a scorecard.

We’re aggregating that data up to the logical application level so that you begin seeing what you’re consuming at the time that you consume it. Now there are a lot of tools out there that help manage open source packages. The secure software development framework tells us we should have a repo of the packages that we want to make sure that people are not using and people are the ones that we are approved to be using, but they still need their scorecard. We still need to understand that. And to be quite honest, not every organization out there is using a repo that tracks your open source that you’re using. What can we, you know, the way we looked at the problem was what can we do to, you know, most DevOps engineers don’t have budget.

They have no budget authority. In fact, I’ve seen a t-shirt that says that, no budget authority, right? So what can we do to make open source more secure through open source? Well, OpenSSF scorecard is one of those ways. And one way to see it, because it’s hard to aggregate this information unless you try to dig down to every package and look at their scorecard, is to expose it.

And by exposing it, we are showing people that the packages that they’re consuming, are they trying to be compliant or not? And unfortunately, CRob, most of them are not trying to be compliant yet. And I don’t want to be like, you know, I go to hockey a lot. And one of the things you do at hockey, if you get a penalty, you do shame, shame, shame. But in a way, you know, if you’re looking at Ortelius and you’re seeing all these packages with a zero scorecard value,

We’re kind of exposing it. And I would like to be able to, you know, we could evolve a scorecard to say, you know, let’s highlight the packages that have a seven or a six and above. Because to be quite honest, it’s a test to be able to achieve it. But every single one of those in that test, except for maybe, I think fuzzing can be really, really hard, is totally doable.

And I would encourage any open source community or if you have a package that you’re managing, know, give it a scorecard, go through it. It’s not hard to install. It’s going to start tracking things. But then when you go to have to do all the things that it’s tracking, it’s much more difficult to comply. But we need you to do that at this point in time.

CRob (12:27.64)
So you touched a little bit about your involvement with our DevRel community and it kind of touches into DevOps. Why is DevRel important and how does it help us encourage things like scorecard use?

Well, to be quite honest, I think the person who’s doing the best DevRel right now is Mr. Wheeler with all of his education, right? Education is what we need to do right now. David has done an amazing job of getting his education out on cybersecurity. DevRel has been in OpenSSF for me. It’s been really hard. And one of the reasons is because the tools, this is where I see the disconnect.

The tools that the OpenSSF is creating, and we have created a bunch. There’s SBOM tools. There’s a ton of new open source projects. They need to be consumed by the DevOps professional, because many of them are command line driven. They have to be executed for every workflow, like an SBOM, for example.

But on the flip side, to be quite honest, I talk to DevOps engineers all the time and they haven’t even thought about what it would look like to add a SBOM to the pipeline. We don’t have that big of an adoption of many of the security tools that’s coming out of the OpenSSF and it’s hard to keep track. It’s hard to know what they do. And it’s hard to update DevOps. Jenkins workflows or a CircleCI workflow, whatever tool you’re using, it’s hard to update those workflow files.

Tracy Ragan (14:11.884)
And there’s a lot of them. There’s thousands of them.

So if you’re in a monolithic environment and you want to add an S-bomb to your workflow, that’s fairly easy. But if you’re in a decoupled Kubernetes microservice container environment, you’ve got a lot of work to do to do some simple things like an S-bomb, much less scorecard. So these conversations are really important to the DevOps. We need to educate the DevOps engineer. It’s not necessarily just educating the developer.

We push so much stuff on the developers lap, even though the education that’s coming out of OpenSSF is great. However, we’ve got to do the same thing now for DevOps engineers.

CRob
Absolutely. initiatives like DevRel can help provide that education and give a forum where folks can talk through some of these issues, correct?

Tracy Ragan
Yes, but oftentimes what I have found that in our, in security dev rel, we’re almost, we’re in an echo chamber. So when we talk about security, we get people who are interested in security and they like to talk about SBOMs. It’s probably our favorite thing to do. But the one thing that we’re not doing is getting DevOps engineers to talk about SBOMs and why they’re important.

Tracy Ragan (15:40.524)
So somehow we have to cross the divide and we have to get a handshake between these two organizations. And you know what? It’s not just within the Linux Foundation with the CDF and the OpenSSF. It’s in every single company I have ever spoken to, there is a divide between these two teams.

Tracy Ragan
Well, I look forward to collaborating with you to try to see how we can help adjust that. Let’s move on to the rapid fire part of our interview. Are you ready for rapid rapid fire? Got a couple of wacky questions for you. First off, very contentious. Vi or Emacs.

Yes.

Tracy Ragan (16:12.642)
WRAP

Tracy Ragan (16:24.94)
V.I.

CRob
Excellent. And to be clear, there are no wrong answers. Just some answers are better than others. Like VI.

Tracy Ragan
Yeah, I mean, I wouldn’t even know what to do with anything else except for brief. Remember brief? I used to love brief. wow. Yes.

CRob
Yeah, that’s a blast from the past. Tabs or spaces?

Tracy Ragan
spaces.

CRob (16:51.022)
Very popular answer. What’s your favorite open source mascot?

Tracy Ragan
Well, you know, how could you not love the goose?

CRob
Excellent, and our last question, mild or spicy food?

Tracy Ragan (17:11.937)
You know, when I first moved to New Mexico, I only ate mild food. And now I love spicy. It took me 20 years, but I finally started eating spicy food. So spicy now. That red chili taught me better.

CRob (17:31.49)
Nice. I love green chili. Thank you. And as we wind up for the interview here, do you have a call to action to our audience where they might be able to pick up some of these ideas or participate and collaborate to help move these wonderful projects forward?

Tracy Ragan
You know, I would say if you’re a security professional, to go sit down and talk to a DevOps engineer and really understand how they see the world. And take the time to say, could you show me what it would take to add an SBOM to a single pipeline? And if you’re a DevOps engineer, start taking a look at some of the tooling that’s coming out of the OpenSSF.

The Continuous Delivery Foundation did start a SIG recently called the CI/CD Cybersecurity. And what we’re doing is we’re going through every single, we’re starting with a secure software development framework and we’re going through all the tasks and we’re identifying the task by number that needs to be added to the DevOps workflow. And we’re adding open source tools that you can use to achieve that task. So.

If you’d like to get involved in that as a DevOps engineer and learn more about these things, look up the CD Foundation’s CI/CD Cybersecurity SIG, because it’s becoming an education for all of us to go through that process.

CRob
That sounds amazing. I look forward to checking that out. Tracy, thank you for your time today and thank you for everything you do for developers and DevOps folks and cyber people. We really appreciate all of your contributions to open source and thank you for joining us today.

Tracy Ragan (19:17.08)
Thank you, it’s my pleasure.

CRob
Well, happy open sourcing everybody. That’s a wrap.

Like what you’re hearing? Be sure to subscribe to What’s in the SOSS on Spotify, Apple Podcasts, AntennaPod, Pocket Cast, or wherever you get your podcasts. There’s a lot going on with the OpenSSF and many ways to stay on top of it. Check out the newsletter for open source news, upcoming events, and other happenings. Go to openssf.org/newsletter to subscribe. Connect with us on LinkedIn for the most up-to-date OpenSSF news and insight, and be a part of the OpenSSF community at openssf.org/getinvolved. Thanks for listening, and we’ll talk to you next time on What’s in the SOSS.

Jun 13
Love0

Case Study: OSTIF Improves Security Posture of Critical Open Source Projects Through OpenSSF Membership

By Blog, Case Studies

Organization: Open Source Technology Improvement Fund, Inc. (OSTIF)
Contributor: Amir Montazery, Managing Director
Website: ostif.org

Problem

Critical open source software (OSS) projects—especially those that are long-standing and widely adopted—often lack the resources and systematic support needed to regularly review and improve their security posture. Many of these projects are maintained by small teams with limited bandwidth, making it challenging to conduct comprehensive security audits and implement best practices. The risk of undetected vulnerabilities in these projects presents a growing concern for the broader software ecosystem.

Action

To address this gap, OSTIF leverages its OpenSSF membership to conduct rigorous security audits of critical OSS projects. Using a curated process rooted in industry best practices, OSTIF delivers structured security engagements that improve real-world outcomes for maintainers and users alike.

Through active participation in OpenSSF’s Securing Critical Projects working group and Alpha-Omega initiatives since their inception, and through strategic partnership with organizations like Eclipse Foundation, OSTIF receives targeted funding and support to carry out its mission. These collaborations help prioritize high-impact projects and streamline audit administration—despite the inherent complexity of managing funding approvals and coordination. 

It’s pivotal that these important projects receive customized work. Each open source project is unique and so are its security needs, making standardization of audits difficult. OSTIF is able to invest time and expertise in scoping and organizing engagements to be tailored to the project’s best interests, necessities, and budget to generate effective investment in open source security.

OSTIF also incorporates other OpenSSF tools and services such as the OpenSSF Scorecard and the broader Securing Critical Projects Set, which complement its robust audit methodology and offer additional layers of insight into project health. In an ecosystem that is varied and complex, having security resources that can be applied to all projects contextually to generate impactful and sustainable security outcomes is incredibly valuable to all stakeholders, especially OSTIF.

Results

OSTIF’s work has demonstrated the effectiveness of formal security audits in strengthening OSS project resilience. As a member of OpenSSF, OSTIF has been able to expand its reach, increase audit throughput, and reinforce the security practices of some of the open source community’s most essential projects. Since 2021, OSTIF has facilitated numerous engagements funded by OpenSSF. In March of 2025, OSTIF published the results of the audit of RSTUF with OpenSSF’s funding and support. Additionally, 2 more Alpha-Omega funded engagements will be published later this year.

“OSTIF is grateful for the support from OpenSSF, particularly for funding security audits both directly and via Project Alpha-Omega, to help improve the security of critical OSS projects.”
 — Amir Montazery, Managing Director, OSTIF

In addition to the technical improvements achieved through audits, OSTIF’s OpenSSF membership has fostered valuable connections with project maintainers, security experts, and funders—creating a collaborative ecosystem dedicated to open source security. Building a community around security audits is a goal of OSTIFs; by sharing resources and providing a platform for researchers to present audit findings through meetups, their goal is to grow expertise and access to security knowledge of the average open source user. 

Key Benefits

  • Enhanced security posture of widely-used OSS projects.
  • Strategic collaboration with OpenSSF working groups.
  • Access to funding and expert networks.
  • Improved audit administration through community support.

Biggest Challenge

  • Navigating administrative processes and funding approval cycles for new audit projects.
  • Funding multi-year programs and engagements. 

To learn more about OSTIF’s work, visit their 2024 Annual Report. Visit their website at ostif.org or follow them on LinkedIn to stay up to date with audit releases.