🎉 2025 OpenSSF Annual Report is now live! Download Report

search

OpenSSF 2025 Annual Report Is Live: A Year of Global Growth, Security Wins, and Community Momentum

By December 11, 2025Blog

As the year comes to a close, we’re excited to share the OpenSSF’s 2025 Annual Report, a look at the milestones, momentum, and community-driven achievements that made this year remarkable. We invite you to celebrate the progress, creativity, and collaboration that continue to shape a safer and more resilient open source community! 

Download the OpenSSF 2025 Annual Report Now

2025 at a Glance

These numbers tell the story:

  • 270+ active contributors across 112 organizations strengthening open source security
  • 10 Working Groups and 32 Technical Initiatives delivering measurable progress
  • Nearly 20,000 course enrollments, including more than 5,700 in the EU Cyber Resilience Act course
  • $663K in Technical Initiative funding awarded by the TAC to advance ecosystem security
  • 60+ speaking engagements across 20+ global events
  • 11 community events hosted worldwide, from Seoul to Brussels to Atlanta

Strengthening Supply Chain Security

From the release of the Open Source Project Security (OSPS) Baseline to continued advances in SLSA, Sigstore, and trusted publishing across npm, PyPI, crates.io, and NuGet, the community made concrete progress in improving the integrity of the open source software supply chain. These efforts delivered practical tools, clearer guidance, and stronger foundations for secure development.

Growing Presence Across Policy and Regulation

2025 was also a year of deeper engagement with governments, standards bodies, and public-sector partners. Our work around the EU Cyber Resilience Act (CRA), along with expanded collaboration with ETSI, BSI, and CEN/CENELEC, helped ensure open source perspectives were included in critical conversations. The Global Cyber Policy Working Group continued to provide guidance, clarity, and resources for developers, maintainers, and organizations navigating a rapidly evolving regulatory landscape.

Education and AI Security Efforts Took Off

Interest in security learning remained strong throughout the year. New courses on secure AI/ML development, CRA readiness, and software security leadership reached thousands of learners. Complementing these were new resources such as the Model Signing specification and the Visualizing Secure MLOps guide, helping teams work more confidently with modern development practices and emerging technologies. 

A Truly Global Community

OpenSSF’s global footprint continued to expand. With members across more than 40 countries and events hosted on multiple continents, the foundation’s work reflected a community that is active, connected, and growing. Whether through in-person events, cross-foundation collaboration, or working group initiatives, this year’s progress was fueled by people showing up, sharing knowledge, and supporting one another.

The Annual Report highlights key projects, contributors, and initiatives, but it can only capture a portion of the conversations, problem-solving, and collaboration that occurred across the OpenSSF community this year. The strength of our community is in its steady, ongoing commitment to making open source security better for everyone, and this report offers a window into that collective effort.

We invite you to explore the full report and take a deeper look at the milestones and stories that shaped our 2025. Download the OpenSSF 2025 Annual Report now.