Are you an OpenSSF contributor with insights on open source security? Write a guest post for our blog and share your expertise with the community!
OpenSSF Blog
May 8, 2025 |
Announcing the Summer 2025 OpenSSF Mentorship Program
Hands-on experience and contributions to open source software (OSS) projects are a major advantage for obtaining a job in software engineering (SWE) and/or cybersecurity. At the same time, mentoring and coaching experiences are increasingly viewed as important leadership skills in tech jobs. Programs like the LFX Mentorship are one way… Read more.
May 7, 2025 |
In Blog
New Guide on Simplifying Software Component Updates
The Open Source Security Foundation (OpenSSF) Best Practices Working Group has released the new guide Simplifying Software Component Updates. This guide gives software producers and consumers practical steps to simplify component compatibility. Applying the principles in this guide will eliminate many vulnerabilities in software. To understand why, it’s necessary to… Read more.
May 6, 2025 |
In Blog
OpenSSF Tech Talk Recap: Using the OSPS Baseline to Navigate Standards and Regulations
On April 24, the Open Source Security Foundation (OpenSSF) hosted a Tech Talk to help open source maintainers, contributors, and organizations better navigate the growing landscape of security standards and regulations. Read more.
Apr 30, 2025 |
In Blog
Recognizing Academic Excellence in Open Source and Secure Software Education
Modern software demands more than technical know-how—it requires a deep understanding of secure, sustainable, and scalable systems. Recognizing this, the Linux Foundation has launched its Academic Computing Accreditation Program, formally recognizing academic programs that align with industry-approved curricula from both the Open Source Security Foundation (OpenSSF) and the Cloud Native… Read more.
Apr 29, 2025 |
OpenSSF Launches Free Course to Prepare Developers for the EU Cyber Resilience Act
SAN FRANCISCO, CA – April 29, 2025 – The Open Source Security Foundation (OpenSSF), in collaboration with LF Education, announces the general availability of LFEL1001, a free online course designed to help software developers understand and prepare for the requirements of the European Union (EU) Cyber Resilience Act (CRA). In… Read more.
Apr 28, 2025 |
Announcing the Release of “The Memory Safety Continuum”
The OpenSSF's Memory Safety SIG has just released "The Memory Safety Continuum". It was written with software developers, organizations, and security professionals in mind and it provides practical insights and strategies for enhancing software security wherever you are on the memory safety spectrum today. Read more.
Apr 25, 2025 |
Repository Service for The Update Framework (RSTUF) Reaches New Security Milestone with Successful Audit
The Open Source Security Foundation (OpenSSF) is proud to share that the Repository Service for The Update Framework (RSTUF) has completed a successful third-party security audit—marking a key milestone on its path to a stable 1.0.0 release. Read more.
Apr 23, 2025 |
Vulnerability Enumeration Conundrum – an Open Source Perspective on CVE and CWE
In recent days, the vulnerability management ecosystem has experienced shocking news that the de facto standard used throughout industry and upstream, the CVE & CWE Programs, were unexpectedly being defunded and at risk of shuttering its doors. This caused 24 hours of panic up and downstream, but that decision was… Read more.
Apr 16, 2025 |
NEW FREE COURSE: Understanding the EU Cyber Resilience Act (CRA) (LFEL1001)
By Linux Foundation Education, see original blog. Quickly Grasp the Key Requirements of the CRA with this Express Learning Video Course OpenSSF and Linux Foundation Education have announced the launch of Understanding the EU Cyber Resilience Act (CRA) (LFEL1001), a new, free, Express Learning video course that covers: Key requirements of the EU’s Cyber… Read more.
Apr 14, 2025 |
In Blog
Key Takeaways from VulnCon 2025: Insights from the OpenSSF Community
By Christopher Robinson (CRob), Chief Security Architect, OpenSSF VulnCon 2025 has once again proven to be an essential gathering for security professionals, fostering collaboration, innovation, and progress in vulnerability management. This matches well with the OpenSSF continued championing for transparency and best practices in open source security. Practitioners from around… Read more.