Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Mar 11, 2026 |
First Steps Towards Cyber Resilience Act Conformity: Biking the CRA with Balena at FOSDEM 2026
Recently, I spoke at the Free and Open Source Developers' European Meeting (FOSDEM) 2026 on “First steps towards Cyber Resilience Act (CRA) conformity: A practical introduction to cybersecurity risk management.” Read more.
Mar 9, 2026 |
Introducing the Gemara Model
By Eddie Knight, Hannah Braswell, and Jenn Power Software development has reached a point where traditional Governance, Risk, and Compliance (GRC) can no longer keep up. Compliance activities often exist only as a separate administrative layer, making it difficult for organizations to prove that security measures are in place long… Read more.
Mar 5, 2026 |
In Blog
Your Voice Belongs Here: How to Get Involved in the OpenSSF Community
One of the most common misconceptions we hear in the OpenSSF community is that you need special permission to contribute. You do not. Read more.
Mar 2, 2026 |
Case Study: Defending the Open Source Supply Chain in a New Regulatory Era
How Red Hat and OpenSSF are translating regulatory mandates into scalable open source community practices Challenge The European Union Cyber Resilience Act (CRA) introduces legally binding cybersecurity requirements for products with digital elements (including software) placed on the EU market. While designed to bolster digital safety, these requirements relied on… Read more.
Feb 25, 2026 |
In Blog
Getting an OpenSSF Baseline Badge with the Best Practices Badge System
By David A. Wheeler Many open source software (OSS) projects aim to securely develop software and have an easy way to communicate their security posture to others. Overview The OpenSSF developed the Open Source Project Security Baseline (OSPS Baseline) to act as a “minimum definition of requirements for a project… Read more.
Feb 19, 2026 |
In Blog
Advancing Package Repository Security Through Collaboration
On February 2nd, the Open Source Security Foundation (OpenSSF) convened the OpenSSF Package Manager Security Forum, a cross-ecosystem working session focused on one of the most critical and complex challenges facing open source today: package repository security. Read more.
Feb 17, 2026 |
EU Cyber Resilience Act (CRA) in Practice @ FOSDEM 2026: From Awareness to Action
Over the past few years, the free and open source (FOSS) community has engaged deeply with the CRA, highlighting its significance and potential impact. Read more.
Feb 13, 2026 |
Security Slam 2026
Security Slam 2026 is a 30-day event that begins February 20 and culminates in an awards ceremony at KubeCon + CloudNativeCon Europe (KCCN EU). Read more.
Feb 12, 2026 |
Fill Out All The Margins 📖: OpenSSF Releases Compiler Annotations Guide for C and C++
OpenSSF’s new Compiler Annotations for C and C++ guide helps developers use compiler-specific annotations to communicate code intent to the compiler, improve diagnostics, improve optimizations, and provide stronger security and correctness guarantees. Read more.
Feb 10, 2026 |
In Blog
Have a Security Lesson Worth Sharing? Submit a Talk at OpenSSF Community Day North America
OpenSSF Community Day North America is happening this year in Minneapolis, and the Call for Proposals (CFP) is open through February 15. Read more.