OpenSSF Community Day Korea took place on November 4, 2025, in Seoul, bringing developers and security engineers together for a day of practical discussions on software security. Ram Iyengar (Community Manager, OpenSSF) opened the event by welcoming attendees and emphasizing that open source security depends on community participation. His message set the tone for the day: improving software security is something we do together, and Korea is becoming an active part of that effort.
The first keynote, delivered by Professor Yunseong Choi, highlighted how rising vulnerability volume and new global regulations, including the EU Cyber Resilience Act, are putting more pressure on developers. Choi explained that software transparency and open source stewardship can reduce this burden, but only if developers and security professionals collaborate directly. He noted past concerns about the difficulty of building an open source security community in Korea, and announced that one will be launched soon, outlining a shared vision: “Software Supply Chain Security for OSS, OpenSSF for the Global Community.”
Following the welcome, Sowan Kim, delivered a brief congratulatory address recognizing the importance of open source security collaboration and the growing role of Korea’s developer community in global initiatives.
From there, sessions moved quickly into hands-on technical content. Aditya Soni walked through securing CI/CD pipelines, demonstrating how tools like in-toto, Notary, and OpenSSF Scorecard help enforce verification and protect against supply chain attacks. Akshansh Jaiswal introduced DepConfuse, an SBOM-first tool for detecting dependency confusion by scanning CycloneDX metadata instead of build systems, showing how this approach scales across languages. Shung-Hsi Yu (SUSE) and Yunseong Kim delivered a well received session which tackled Linux kernel testing, covering traditional methods, property-based testing, modern fuzzers like Buzzer and Agony, and work on formal verification, including the eBPF verifier and LKMM.
Later in the afternoon, Tony Chen (Keyfactor) explained what preparing for post-quantum cryptography looks like, demonstrating hybrid PKI setups using open source tools such as EJBCA, Bouncy Castle, and OpenSSL. Aroma Rodrigues led an interactive and intense walkthrough of an NLP pipeline, showing participants how licensing, dataset provenance, model reuse, and attribution can introduce compliance risks in modern ML systems. Jessy Ayala shared empirical data on AI/ML vulnerabilities, detailing how these issues differ from traditional OSS bugs and why gaps in disclosure pipelines make them harder to track and fix.
The final talks focused on emerging standards for AI supply chain security. Prasanth Baskar introduced ModelSpec and KitOps, which apply OCI-based packaging, signing, and provenance to AI models, enabling reproducibility and secure distribution using the same infrastructure that supports containers today. Yonggil Choi closed the day with ManaTEE, an open source framework that uses confidential computing to run secure and verifiable AI model evaluations. His demo showed how TEEs, combined with a notebook-based workflow, can produce cryptographically verifiable results even when models remain closed source.
Two aspects of the event particularly stood out. First, OpenSSF’s focus on its four strategic pillars: Education, Policy, Projects, and Community was unmistakable throughout. Second, the comprehensive participation of stakeholders from the public sector, private industry, and academia made the event truly complete. While achieving this balance has been a challenge in the past, it materialized naturally here. This success is a testament to the strong sense of community among Korean software developers and their solid open source foundations. Notably, the work of KOSSA deserves special recognition for its exceptional role in fostering public-private partnerships.
Videos, slides, and photos from the event are now available to learn more about the sessions in depth. This event marks a strong beginning for a growing OpenSSF community in Korea. Developers from across the region contributed deeply to the conversations, and the message was consistent throughout the day: securing open source is shared work, and Korea is ready to play a larger role. Stay tuned to the OpenSSF events calendar to connect with the community.