Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Mar 17, 2026 |
In Blog
Leading Tech Coalition Invests $12.5 Million Through OpenSSF and Alpha-Omega to Strengthen Open Source Security
Securing the open source software that underlies our digital infrastructure is a persistent and complex challenge that continues to evolve. The Linux Foundation announced a $12.5 million collective investment to be managed by Alpha-Omega and The Open Source Security Foundation (OpenSSF). This funding comes from key partners including Anthropic, Amazon… Read more.
Mar 17, 2026 |
Linux Foundation Announces $12.5 Million in Grant Funding from Leading Organizations to Advance Open Source Security
Anthropic, Amazon Web Services (AWS), GitHub, Google, Google DeepMind, Microsoft, and OpenAI Join Forces with the Foundation to Invest in Sustainable Security Solutions for the Open Source Ecosystem SAN FRANCISCO – March 17, 2026 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced $12.5… Read more.
Mar 16, 2026 |
KubeCon + CloudNativeCon Europe 2026 Co-located Event Deep Dive: Open Source SecurityCon
Open Source SecurityCon (evolved from Cloud Native SecurityCon) returns for its second event, co-located with KubeCon + CloudNativeCon Europe 2026. The conference advances innovation and collaboration across open source software security and cloud native security. It brings together creators, maintainers, operators, and consumers who are actively involved in securing the… Read more.
Mar 13, 2026 |
In Blog
Securing Agentic AI in Practice: From OpenSSF Guidance to Real-World Implementation
Agentic AI systems and AI-driven software workflows are evolving quickly, with more people building on top of them. With that shift comes new questions around trust, control, provenance, and secure interaction between models, tools, and users. Traditional cybersecurity models are being pushed to their limits, and the security stakes have… Read more.
Mar 11, 2026 |
First Steps Towards Cyber Resilience Act Conformity: Biking the CRA with Balena at FOSDEM 2026
Recently, I spoke at the Free and Open Source Developers' European Meeting (FOSDEM) 2026 on “First steps towards Cyber Resilience Act (CRA) conformity: A practical introduction to cybersecurity risk management.” Read more.
Mar 9, 2026 |
Introducing the Gemara Model
By Eddie Knight, Hannah Braswell, and Jenn Power Software development has reached a point where traditional Governance, Risk, and Compliance (GRC) can no longer keep up. Compliance activities often exist only as a separate administrative layer, making it difficult for organizations to prove that security measures are in place long… Read more.
Mar 5, 2026 |
In Blog
Your Voice Belongs Here: How to Get Involved in the OpenSSF Community
One of the most common misconceptions we hear in the OpenSSF community is that you need special permission to contribute. You do not. Read more.
Mar 2, 2026 |
Case Study: Defending the Open Source Supply Chain in a New Regulatory Era
How Red Hat and OpenSSF are translating regulatory mandates into scalable open source community practices Challenge The European Union Cyber Resilience Act (CRA) introduces legally binding cybersecurity requirements for products with digital elements (including software) placed on the EU market. While designed to bolster digital safety, these requirements relied on… Read more.
Feb 25, 2026 |
In Blog
Getting an OpenSSF Baseline Badge with the Best Practices Badge System
By David A. Wheeler Many open source software (OSS) projects aim to securely develop software and have an easy way to communicate their security posture to others. Overview The OpenSSF developed the Open Source Project Security Baseline (OSPS Baseline) to act as a “minimum definition of requirements for a project… Read more.
Feb 19, 2026 |
In Blog
Advancing Package Repository Security Through Collaboration
On February 2nd, the Open Source Security Foundation (OpenSSF) convened the OpenSSF Package Manager Security Forum, a cross-ecosystem working session focused on one of the most critical and complex challenges facing open source today: package repository security. Read more.