Help Measure CRA Awareness: Take the 2026 Cyber Resiliency Survey

OpenSSF’s 2026 Themes: A Community Roadmap for Securing the Future of Open Source

By January 15, 2026Blog

Each year, the Open Source Security Foundation (OpenSSF) focuses its content and engagement on the security topics that matter most to the open source community. In 2026, we are organizing content around quarterly themes that reflect community priorities, global policy developments, and real-world security needs.

This roadmap outlines OpenSSF’s 2026 themes, how they align with major industry events, and how the community can contribute throughout the year as priorities evolve.

Q1: AI and ML Security

Advancing secure AI practices, education, and responsible model development

January: AI and ML Security
Focus on AI and ML security, including secure development practices.

February: Developer Enablement and Secure Practices
Content on secure AI development workflows, Baseline integrations, and developer-focused resources.

March: Securing Emerging Technologies
Guidance on securing ML models, integrating AI into secure supply chains, and promoting developer learning.

You can connect with OpenSSF at:

Q2: CVE and Vulnerability Transparency

Strengthening vulnerability coordination and disclosure

April: Vulnerability Management and Collaboration
Content highlighting OSV, disclosure coordination, and community best practices.

May: Securing the Software Supply Chain
Guidance on CVE data integration with SLSA, SBOM tools, and Sigstore.

June: Community Collaboration and Transparency
Recaps, podcasts, and community initiatives focused on transparency and collaboration.

You can connect with OpenSSF at:

Q3: Policy and Cyber Resilience Act (CRA) Alignment 

Preparing open source projects and communities for global regulatory frameworks

July: Global Policy and CRA Readiness
Guidance on CRA readiness and global regulation.

August: Industry Collaboration
Policy discussions and partner engagement.

September: Government Engagement
Content focused on public sector collaboration.

You can connect with OpenSSF at:

Q4: Baseline and Security Best Practices

Driving consistent and measurable adoption of secure development practices

October: Baseline Adoption and Best Practices
Spotlights on Baseline pilot programs and Working Group case studies.

November: Training and Implementation
Resources and success stories from developers applying Baseline guidance.

December: Reflection and Looking Ahead
Annual reporting on Baseline adoption metrics and future roadmap priorities.

You can connect with OpenSSF at:

  • Open Source Summit and OpenSSF Community Day Europe in Prague
  • All Things Open in Raleigh
  • OSSCon and KubeCon North America in Los Angeles
  • Policy Summit North America in Washington, DC

How to Get Involved

OpenSSF is a community-first foundation and there are many ways to participate.

For Members

If your organization is an OpenSSF member, you can:

  • Join the Marketing Advisory Council meetings
  • Help shape content priorities and campaign themes
  • Be part of blog submissions, podcasts, tech talks, case studies, and thought leadership

Submit ideas or content proposals to marketing@openssf.org

Learn more about OpenSSF membership at https://openssf.org/join/

For Non Members

OpenSSF is open by design and everyone is welcome.

You can:

Planning Your Content Contributions

OpenSSF welcomes community contributions throughout the year. To support thoughtful planning and timely publishing, we encourage contributors to use the guidance below when preparing submissions.

Recommended planning lead times:

OpenSSF 2026 Calendar Themes

  • Guest blog: 2 to 3 weeks
  • Case study: 1 to 2 weeks
  • Podcast participation: 1 month
  • Webinars, whitepapers, and tech talks: 6 weeks
  • Newsletter additions: 3 weeks
  • Social media content: 2 to 5 days

We encourage contributors to begin early outreach and planning if you hope to align submissions with specific months or major events.

Submission guidelines and details.