Trail of Bits, with funding from OpenSSF, is improving Sigstore’s rekor-monitor to help maintainers detect malicious package releases, monitor signing identities, and strengthen software supply chain security using transparency logs.
NYU professor Justin Cappos joins the OpenSSF podcast to discuss why software supply chain security is missing from most university curricula -- and how hands-on, open source-first education can change that.
Whether you're just getting started with open source security or want to deepen your knowledge, these free courses from Linux Foundation Education and OpenSSF offer valuable, self-paced learning paths. Each is available online and designed to help contributors understand both the technical and community aspects of secure open source development.
As the year comes to a close, we’re excited to share the OpenSSF’s 2025 Annual Report, a look at the milestones, momentum, and community-driven achievements that made this year remarkable. We invite you to celebrate the progress, creativity, and collaboration that continue to shape a safer and more resilient open source community!
OpenSSF Community Day Korea took place on November 4, 2025, in Seoul, bringing developers and security engineers together for a day of practical discussions on software security.
Jay White from Microsoft joins What’s in the SOSS to talk about his journey into open source, AI and ML security, model signing, and the importance of community collaboration. Hear how standardization, transparency, and community involvement can strengthen AI supply chain security.
At KubeCon+CloudNativeCon North America, Stacey Potter (OpenSSF) and Adolfo García Veytia delivered one of the most memorable and entertaining keynotes of the week: “Supply Chain Reaction: A Cautionary Tale in Kubernetes Security.”
