Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Jan 28, 2026 |
In Blog
OpenSSF at FOSDEM 2026: From Policy to Practical Security
FOSDEM is one of Europe’s most important gatherings for open source communities, and OpenSSF will participate again in 2026. The event brings together developers, maintainers, researchers, and industry contributors for two days of technical talks, hallway discussions, and collaboration. Read more.
Jan 22, 2026 |
In Blog
Strengthening Open Source Security Through Community: Introducing OSSAfrica
Open Source & Security Africa (OSSAfrica) is a community-led initiative bringing together people who care about open source and security across the continent. We're building connections between contributors, software developers, maintainers, researchers, and security professionals. Read more.
Jan 21, 2026 |
Preserving Open Source Sustainability While Advancing Cybersecurity Compliance
The Cyber Resilience Act (CRA) represents a significant evolution in the European Union’s approach to product cybersecurity and software supply chain risk. Article 25 explicitly recognizes the unique role of free and open source software (FOSS) and seeks to facilitate compliance for manufacturers by enabling voluntary security attestation programmes for… Read more.
Jan 15, 2026 |
In Blog
OpenSSF’s 2026 Themes: A Community Roadmap for Securing the Future of Open Source
Each year, the Open Source Security Foundation (OpenSSF) focuses its content and engagement on the security topics that matter most to the open source community. In 2026, we are organizing content around quarterly themes that reflect community priorities, global policy developments, and real-world security needs. Read more.
Jan 9, 2026 |
In Blog
Collecting Badges, Building Bridges: Representing OpenSSF and Linux Foundation Across Europe
There is a particular feeling that comes with wearing a conference badge that carries more weight than your name. It is the quiet awareness that you are not just attending an event; you are representing a global community, its values, and its future direction. Read more.
Jan 8, 2026 |
Signal in the Noise: An Industry-Wide Perspective on the State of VEX
Abstract: Software security has always been a race between complexity and clarity. The Vulnerability Exploitability eXchange (VEX) aims to bring clarity to that race. Read more.
Jan 7, 2026 |
In Blog
Your Guide to the OpenSSF OSPS Baseline for More Secure Open Source Projects
The Open Source Project Security (OSPS) Baseline is a community-developed catalog of practical security controls that helps open source projects understand what good security looks like and how to improve over time. Read more.
Jan 5, 2026 |
In Blog
AI, Software Development, Security, Tips, and the Future (Part 2)
This is part 2 of a 2-part article where I’ll briefly discuss the impact of Artificial Intelligence (AI) on software development. Read more.
Dec 29, 2025 |
In Blog
AI, Software Development, Security, Tips, and the Future (Part 1)
This is part 1 of a 2-part article discussing the impact of Artificial Intelligence (AI) on software development. In this part, I’ll note that AI use during software development is now the norm, despite frequent errors in AI-generated results, because productivity is king. I’ll then discuss its potential security implications. Read more.
Dec 19, 2025 |
Catching Malicious Package Releases Using a Transparency Log
Trail of Bits, with funding from OpenSSF, is improving Sigstore’s rekor-monitor to help maintainers detect malicious package releases, monitor signing identities, and strengthen software supply chain security using transparency logs. Read more.