Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Nov 19, 2025 |
In Blog
KubeCon Keynote Recap: “Supply Chain Reaction” and Why the OSPS Baseline Matters More Than Ever
At KubeCon+CloudNativeCon North America, Stacey Potter (OpenSSF) and Adolfo GarcĂa Veytia delivered one of the most memorable and entertaining keynotes of the week: “Supply Chain Reaction: A Cautionary Tale in Kubernetes Security.” Read more.
Nov 18, 2025 |
In Blog
Tech Talk Recap: Simplifying DevSecOps in Air-Gapped Environments with Zarf
In the latest OpenSSF Tech Talk, we focused on a significant hurdle in software supply chain security: managing software delivery and upkeep within air-gapped and restricted network environments. You can now view the recording on the OpenSSF YouTube channel, and the presentation slides are accessible here. Read more.
Nov 17, 2025 |
In Blog
Recap: Open Source Security Week in Belgium – Highlights from Ghent to Brussels
At the end of October 2025, the Linux Foundation Europe, OpenSSF, and CEPS brought together developers, maintainers, policymakers, and industry leaders for conversations on open source, security, and Europe’s digital future. Through keynotes, workshops, and policy-focused sessions, the week created much-needed clarity around the Cyber Resilience Act (CRA) and, more… Read more.
Nov 10, 2025 |
OpenSSF Announces Key Membership Growth and Golden Egg Award Winners at Open Source SecurityCon North America
At Open Source SecurityCon in Atlanta, the Open Source Security Foundation (OpenSSF) announced Target Corporation and Thread AI as new general members, OSTIF’s upgrade to general membership, and recognized Golden Egg Award winners for their contributions to open source security. The Foundation continues to advance education, collaboration, and tooling to… Read more.
Nov 9, 2025 |
In Blog
Building Security in Open Source for Financial Services: OpenSSF at Open Source Finance Forum (OSFF) NYC
OpenSSF sponsored the Open Source Finance Forum in New York, highlighting how collaboration between open source maintainers and the financial sector drives stronger cybersecurity. Talks covered AI security, the OSPS Baseline, and stabilizing vulnerability data, helping financial institutions build trust and resilience through open source. Read more.
Oct 22, 2025 |
SBOMs in the Era of the CRA: Toward a Unified and Actionable Framework
By Madalin Neag, Kate Stewart, and David A. Wheeler In our previous blog post, we explored how the Software Bill of Materials (SBOM) should not be a static artifact created only to comply with some regulation, but should be a decision ready tool. In particular, SBOMs can support risk management.… Read more.
Oct 16, 2025 |
In Blog
A New Course on Secure AI/ML-Driven Software Development
The Open Source Security Foundation (OpenSSF) has launched a new free course, Secure AI/ML-Driven Software Development (LFEL1012), authored by David A. Wheeler. As AI and machine learning become core to modern software development, this course helps developers understand and mitigate the security risks associated with AI code assistants. In just… Read more.
Oct 15, 2025 |
Announcing the Sigstore Transparency Log Research Dataset
We’re pleased to announce the creation of a new BigQuery public dataset, rekor. The rekor dataset is an easily-queryable mirror of the public good instance of Sigstore’s transparency log, Rekor. Read more.
Oct 10, 2025 |
OpenSSF Scorecard Audit is Complete!
This blog was originally published on the OSTIF website on October 9, 2025 by Helen Wooste The Open Source Technology Improvement Fund is proud to share the results of our security audit of OpenSSF Scorecard. OpenSSF Scorecard is an open source automated testing resource to help projects continually assess security risks. With the help… Read more.
Oct 9, 2025 |
In Blog
Building Security in Open Source for Financial Services: OpenSSF at Open Source in Finance Forum (OSFF)
Financial services run on open source. With regulations growing and supply chains under pressure, institutions need clear frameworks and reliable data to keep systems secure. At the Open Source in Finance Forum (OSFF) the OpenSSF community is sponsoring and sharing sessions on the OSPS Baseline, vulnerability data, and AI security.… Read more.