Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Jun 27, 2025 |
In Blog
On-Demand Webinar: Cybersecurity Skills, Simplified
A Framework That Works Cybersecurity isn’t just the responsibility of a dedicated team anymore. Whether you’re an engineer, a product owner, or part of the executive suite, your day-to-day decisions have a direct impact on your organization’s security. That was the clear message from the expert panel featured in our… Read more.
Jun 27, 2025 |
In Blog
OpenSSF at UN Open Source Week 2025: Securing the Supply Chain Through Global Collaboration
OpenSSF participated in the 2025 UN Open Source Week, a global gathering of participants hosted by the United Nations Office for Digital and Emerging Technologies, focused on harnessing open source innovation to achieve the Sustainable Development Goals (SDGs). Held in New York City, the event gathered technology leaders, policymakers, and… Read more.
Jun 26, 2025 |
OpenSSF Welcomes New Members and Presents Golden Egg Award
Foundation furthers mission to enhance the security of open source software DENVER – OpenSSF Community Day North America – June 26, 2025 – The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), welcomes six new members from… Read more.
Jun 25, 2025 |
An Introduction to the OpenSSF Model Signing (OMS) Specification: Model Signing for Secure and Trusted AI Supply Chains
By Mihai Maruseac (Google), Eoin Wickens (HiddenLayer), Daniel Major (NVIDIA), Martin Sablotny (NVIDIA) As AI adoption continues to accelerate, so does the need to secure the AI supply chain. Organizations want to be able to verify that the models they build, deploy, or consume are authentic, untampered, and compliant with… Read more.
Jun 18, 2025 |
In Blog
Member Spotlight: Datadog – Powering Open Source Security with Tools, Standards, and Community Leadership
Datadog, a leading cloud-scale observability and security platform, joined the Open Source Security Foundation (OpenSSF) as a Premier Member in July, 2024. With both executive leadership and deep technical involvement, Datadog has rapidly become a force in advancing secure open source practices across the industry. Key Contributions GuardDog: Open Source… Read more.
Jun 17, 2025 |
In Blog
OpenBao Joins the OpenSSF to Advance Secure Secrets Management in Open Source
We’re excited to welcome OpenBao to the Open Source Security Foundation (OpenSSF) as a newly accepted sandbox project! Read more.
Jun 16, 2025 |
In Blog
Tech Talk Recap | CRA-Ready: How Open Source Projects Can Prepare for the EU Cyber Resilience Act
The EU Cyber Resilience Act (CRA) is reshaping the landscape for open source software. Whether you're a maintainer, contributor, or vendor, the CRA introduces new expectations—and new responsibilities. To help the community navigate these changes, the Open Source Security Foundation (OpenSSF) recently hosted a Tech Talk: CRA-Ready: How to Prepare… Read more.
Jun 13, 2025 |
Case Study: OSTIF Improves Security Posture of Critical Open Source Projects Through OpenSSF Membership
Organization: Open Source Technology Improvement Fund, Inc. (OSTIF) Contributor: Amir Montazery, Managing Director Website: ostif.org Problem Critical open source software (OSS) projects—especially those that are long-standing and widely adopted—often lack the resources and systematic support needed to regularly review and improve their security posture. Many of these projects are maintained… Read more.
Jun 12, 2025 |
GUAC 1.0 is Now Available
The GUAC project is proud to announce the release of GUAC 1.0. GUAC — which stands for “Graph for Understanding Artifact Composition” is an OpenSSF incubating project that brings understanding and insights to the software supply chain. Started by Kusari, Google, and Purdue University, GUAC has contributions from over 400… Read more.
Jun 11, 2025 |
Maintainers’ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks
CI/CD pipelines are increasingly becoming high-value targets for attackers. With access to secrets, source code, and infrastructure, they offer a direct route to supply chain compromise. The recent breaches involving tj-actions/changed-files and reviewdog/action-setup are not just isolated events, they are harbingers of a new generation of CI/CD-targeted supply chain attacks. Read more.