Guest blog opportunities are open to members, working groups in collaboration, and with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
May 21, 2026 |
OpenSSF Notes Quarter of Growth with New Members, Added AI Security Resources, and Growing Community
Foundation celebrates five additional members, new cyber reasoning sandbox project, and release of v1.0.0 Python Secure Coding Guide to support open source security globally MINNEAPOLIS – OpenSSF Community Day North America – May 21, 2026 – The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation focused… Read more.
May 21, 2026 |
In Blog
Introducing the First Cohort of the OpenSSF Ambassador Program
Securing the open source software ecosystem is a monumental task, and it is not one we can tackle alone. It requires collaboration, education, and passionate advocates who are willing to share their knowledge across the globe. Today, at OpenSSF Community Day, we are beyond excited to announce the launch of… Read more.
May 20, 2026 |
Detecting Malicious Packages using the OSV API
By Nigel Douglas By now a bunch of people in the OpenSSF community might already be aware of the Malicious Packages repository, but are you using it as part of your day-to-day software supply chain security? The OpenSSF Malicious Packages repo is the first open source system for collecting and… Read more.
May 18, 2026 |
Taking Stock of the State of European Cyber Resilience Act (CRA) Compliance: An Urgent Wake-up Call for the Open Source Ecosystem
By Christopher (CRob) Robinson, OpenSSF For the better part of two years, discussions surrounding the European Cyber Resilience Act (CRA) have been somewhat theoretical: mapping requirements, debating definitions, and analyzing how the requirements will impact our amazing ecosystem. But folks, it’s mid-2026, and the CRA is live. Theory is officially… Read more.
May 12, 2026 |
Secure Coding Guide for Python (pyscg) First Release
New developers require a single, framework-independent resource to establish a baseline in secure coding practices. Python is one of the most widely adopted programming languages in the world, powering everything from web applications and data pipelines to AI/ML systems and cloud infrastructure. Read more.
May 12, 2026 |
Hack to the Future: The Impact and Legacy of the DARPA AIxCC Challenge
By Helen Woeste AIxCC Competition Background & Results:Â In 2023, DARPA announced a two-year long competition called the Artificial Intelligence Cyber Challenge (AIxCC) with the goal to safeguard open source software used in critical infrastructure throughout America. The intent is to hasten the development of open source AI tooling that… Read more.
May 7, 2026 |
The Road to Gold: How CPS Set a New Standard for Security and Quality in Open Source
In the world of open source, trust is our most valuable currency. ONAP is a “collection of individual, semi-standalone network automation functions that provide design, orchestration, observability, and automation of network and edge services for operators, cloud providers, and enterprises” (per ONAP). Read more.
May 6, 2026 |
In Blog
Open Infrastructure Is Not Free, Part II: The Hidden Cost of Running Package Registries
The September 2025 Working Together Towards Sustainable Open Source open letter raised the alarm about the economic sustainability of open source package registries, highlighting how rising adoption and the pace of innovation are placing new and growing pressures on open source package registries. Those pressures have only accelerated in the… Read more.
Apr 20, 2026 |
In Blog
Secure Your Spot: The OpenSSF Community Day North America 2026 Agenda is Live!
The 2026 OpenSSF Community Day North America agenda is live, and we invite the open source community to join us on Thursday, May 21, in Minneapolis, MN. Co-located with Open Source Summit North America, this event will serve as a collaborative space for maintainers, security researchers, and industry leaders to… Read more.
Apr 17, 2026 |
Why Third-Party Notices Are Breaking at Scale: What the Ecosystem Needs Next
By Devashri Datta, Independent Researcher, Software Supply Chain Security Third-party notices (TPNs) are documents distributed to users that list open source third-party software components included in the product and key licensing information. Every time you buy a TV or router, you’ve probably seen them. Yet TPNs were never designed for… Read more.