Each year, the Open Source Security Foundation (OpenSSF) is committed to securing the software supply chain through a year-long focus on key themes. Our content calendar aligns with critical security topics, industry events, and cybersecurity awareness initiatives. As we move through 2025, here’s how OpenSSF is strengthening software supply chain security—including what you need to know about key themes, how to submit your blog ideas, and event dates throughout the year.
January – Strengthening OSS Ecosystems
Focus Areas:
- 2024 Annual Report
- Supporting critical OSS projects and ecosystems.
- Alpha-Omega (Annual Report, project updates).
- Reducing risk and strengthening trust, what you need to know about the EU Cyber Resilience Act (CRA).
Event Engagement:
- OpenSSF Community Day NA 2025: Call for Proposals (CFP Closes: Sunday, March 23 at 11:59 PM MDT/10:59 PM PDT).
- OpenSSF Community Day EU 2025: Call for Proposals (CFP Closes: Sunday, May 26 at 23:59 CEST / 1:59 PM PDT).
February – Secure Development Practices
Focus Areas:
- Enhancements to OpenSSF Scorecard.
- Security Baseline.
- Best practices for secure software development.
Event Engagement:
- FOSDEM, Brussels – Engaging our community through global cybersecurity initiatives.
March – Securing Emerging Technologies (AI/ML)
Focus Areas:
- The role of AI/ML in software security.
- Security challenges in AI/ML-based systems.
- Skills development for security and AI professionals.
Event Engagement:
- OpenSSF Policy Summit DC 2025, March 4, National Press Club, Washington, D.C.
- Linux Foundation Member Summit, March 18-20, Napa, CA.
April – Public Sector Collaboration & Cyber Resilience
Focus Areas:
- CRA’s role in shaping OSS security standards.
- Government engagement in OSS security initiatives.
- Participation in OpenSSF efforts like SLSA and SBOMs.
Event Engagement:
- Security Baseline Tech Talk.
- 2025 Vulnerability Management Ecosystem Collaboration, Ideation, and Action Conference (2025 VulnCon), April 7 – 10, Raleigh, NC.
- RSA Conference, April 28 – May 1, San Francisco, CA.
May – Securing the Software Supply Chain
Focus Areas:
- Updates on SLSA, S2C2F, and attestation practices.
- SBOMs’ role in improving OSS security.
- Cybersecurity Skills Framework.
Event Engagement:
- EU Cyber Resilience Act (CRA) Tech Talk.Â
June – Enhancing Security Tools
Focus Areas:
- Innovations in fuzzing and vulnerability scanning.
- Practical SBOM implementation.
- AI and ML applications in security.
Event Engagement:
- OpenSSF Community Day Japan, June 18.
- Open Source Summit: North America, June 23 – 25, Denver. CO.
- OpenSSF Community Day NA 2025, June 26, Denver, CO.
July – Addressing Vulnerabilities
Focus Areas:
- Effective vulnerability identification and remediation strategies.
- Tools and techniques for mitigating OSS security risks.
Event Engagement:
- Vulnerability Disclosure Working Group Tech Talk.
August – Empowering OSS Developers
Focus Areas:
- OpenSSF Scorecard insights for developers.
- Best practices and tutorials for secure software development.
Event Engagement:
- Blackhat USA 2025, August 2-5, Las Vegas, NV.
- DEF CON 2025, August 7 – 10, Las Vegas, NV.Â
- OpenSSF Community Day India, August 6, Hyderabad.
- Open Source Summit Europe, August 25 – 27, Amsterdam.Â
- OpenSSF Community Day Europe, August 28, Amsterdam.
September – Securing Critical Projects
Focus Areas:
- Spotlight on high-impact OSS projects.
- Updates from OpenSSF critical project workstreams.
October – Raising Cybersecurity Awareness
Focus Areas:
- Cybersecurity Awareness Month initiatives.
- Threat identification and mitigation strategies using OpenSSF tools.
Event Engagement:
November – OSS Signatures and Verification
Focus Areas:
- Advancements in Sigstore tools: Cosign, Rekor, Gitsign, and Fulcio.
- Enhancing artifact verification and authentication practices.
Event Engagement:
December – End User Security Practices
Focus Areas:
- Best practices for secure OSS consumption.
- Predictions for OSS security trends in 2026.
Cybersecurity Holidays to Watch in 2025
In addition to OpenSSF’s thematic focus, we will also highlight key cybersecurity holidays to raise awareness and promote best practices:
- Data Privacy Week: January 27 – 31
- Change Your Password Day: February 1
- Safer Internet Day: February 11
- World Backup Day: March 31
- Identity Management Day: April 8
- World Password Day: May 1
- National Cybersecurity Awareness Month: October
- International Fraud Awareness Week: November 16 – 22
- Computer Security Day: November 30
(Source: https://bitwarden.com/blog/cybersecurity-awareness-holidays/)
Join Us in Securing the Supply Chain in 2025
From critical software supply chain security to AI-driven security advancements, OpenSSF is dedicated to improving open source software security. Follow along as we explore these themes throughout the year and engage with the community through events, research, and collaboration.
These monthly content themes provide a roadmap for the discussions and insights OpenSSF will focus on throughout 2025. We encourage community members to contribute blogs that align with these topics.
Want to contribute to the OpenSSF blog? We invite OpenSSF members and security experts to submit non-promotional blog posts that provide valuable insights on these themes. Check out our blog guidelines to learn more about submission criteria and submit your blog idea.