Blog

Dec 19

Catching Malicious Package Releases Using a Transparency Log

By OpenSSF Blog, Guest Blog

Trail of Bits, with funding from OpenSSF, is improving Sigstore’s rekor-monitor to help maintainers detect malicious package releases, monitor signing identities, and strengthen software supply chain security using transparency logs.

Dec 12

Love0

From Beginner to Builder: Free OpenSSF and Linux Foundation Education Courses

By OpenSSF Blog, Guest Blog

Whether you're just getting started with open source security or want to deepen your knowledge, these free courses from Linux Foundation Education and OpenSSF offer valuable, self-paced learning paths. Each…

Dec 11

Love0

OpenSSF 2025 Annual Report Is Live: A Year of Global Growth, Security Wins, and Community Momentum

By OpenSSF Blog

As the year comes to a close, we’re excited to share the OpenSSF’s 2025 Annual Report, a look at the milestones, momentum, and community-driven achievements that made this year remarkable.…

Dec 05

Love0

Recap: OpenSSF Community Day Korea 2025

By OpenSSF Blog

OpenSSF Community Day Korea took place on November 4, 2025, in Seoul, bringing developers and security engineers together for a day of practical discussions on software security.

Catching Malicious Package Releases Using a Transparency Log

From Beginner to Builder: Free OpenSSF and Linux Foundation Education Courses

OpenSSF 2025 Annual Report Is Live: A Year of Global Growth, Security Wins, and Community Momentum

Recap: OpenSSF Community Day Korea 2025

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox