Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Apr 28, 2025 |
Announcing the Release of “The Memory Safety Continuum”
The OpenSSF's Memory Safety SIG has just released "The Memory Safety Continuum". It was written with software developers, organizations, and security professionals in mind and it provides practical insights and strategies for enhancing software security wherever you are on the memory safety spectrum today. Read more.
Apr 25, 2025 |
Repository Service for The Update Framework (RSTUF) Reaches New Security Milestone with Successful Audit
The Open Source Security Foundation (OpenSSF) is proud to share that the Repository Service for The Update Framework (RSTUF) has completed a successful third-party security auditâmarking a key milestone on its path to a stable 1.0.0 release. Read more.
Apr 23, 2025 |
Vulnerability Enumeration Conundrum – an Open Source Perspective on CVE and CWE
In recent days, the vulnerability management ecosystem has experienced shocking news that the de facto standard used throughout industry and upstream, the CVE & CWE Programs, were unexpectedly being defunded and at risk of shuttering its doors. This caused 24 hours of panic up and downstream, but that decision was… Read more.
Apr 16, 2025 |
NEW FREE COURSE: Understanding the EU Cyber Resilience Act (CRA) (LFEL1001)
By Linux Foundation Education, see original blog. Quickly Grasp the Key Requirements of the CRA with this Express Learning Video Course OpenSSF and Linux Foundation Education have announced the launch of Understanding the EU Cyber Resilience Act (CRA) (LFEL1001), a new, free, Express Learning video course that covers: Key requirements of the EUâs Cyber… Read more.
Apr 14, 2025 |
In Blog
Key Takeaways from VulnCon 2025: Insights from the OpenSSF Community
By Christopher Robinson (CRob), Chief Security Architect, OpenSSF VulnCon 2025 has once again proven to be an essential gathering for security professionals, fostering collaboration, innovation, and progress in vulnerability management. This matches well with the OpenSSF continued championing for transparency and best practices in open source security. Practitioners from around… Read more.
Apr 14, 2025 |
Tech Talk Preview: Strengthening Open Source Through Security Standards and Global Policy
Open source is the backbone of todayâs digital infrastructureâbut with great power comes great responsibility. As cybersecurity threats grow in complexity and regulatory landscapes shift globally, open source projects are under increasing pressure to meet stringent security expectations. Read more.
Apr 9, 2025 |
In Blog
OpenSSF Community Day NA 2025 Agenda Live!
Weâre excited to share that the agenda for OpenSSF Community Day North America 2025 is now live! Join us on June 26 in Denver, Colorado, for a day filled with collaboration, technical insights, and future-focused conversations on securing the open source ecosystem. Read more.
Apr 4, 2025 |
Launch of Model Signing v1.0: OpenSSF AI/ML Working Group Secures the Machine Learning Supply Chain
We are pleased to announce the launch of version 1.0 of the model-signing project, an OpenSSF project developed in the past year as part of the OpenSSF AI/ML working group. The aim of the project is to provide a library and CLI for signing and verification of ML models, supporting… Read more.
Mar 28, 2025 |
GuardDog: Strengthening Open Source Security Against Supply Chain Attacks
Datadog is a proud Open Source Security Foundation (OpenSSF) member, and we believe that being a part of this security community will lead us all to a safer place. Attackers are increasingly turning to supply chain attacks to distribute their malicious code, and the Open Source Vulnerabilities (OSV) database, to… Read more.
Mar 25, 2025 |
In Blog
Beyond the Software Bill of Materials (SBOM): Ensuring Integrity with Attestations â Event Recap
On March 5th, the SBOMit community hosted the Beyond the SBOM: Ensuring Integrity with Attestations event at The National Press Club in Washington, D.C. This event, co-located with OpenSSF Policy Summit DC, brought together industry leaders to address the limitations of single SBOMs and even signed SBOMs in ensuring software… Read more.