Skip to main content

📣 Submit your proposal: OpenSSF Community Day Korea | Open Source SecurityCon

OpenSSF Blog

Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.

Spotlight on Vincent Danen, Vice President of Product Security, Red Hat

Feb 14, 2023 | jbly

In Blog

Spotlight on OpenSSF Board Member: Vincent Danen, Vice President of Product Security, Red Hat

Join us for a conversation with OpenSSF Board Member, Vincent Danen. In this series, we are shining the spotlight on individuals who play a pivotal leadership role in setting the course for how we secure the open source software supply chain. Read more.
OSS Security Meetup in Tokyo Japan on Feb 23 2023

Feb 5, 2023 | OpenSSF

In Blog

Join Us at the First OSS Security Meetup in Tokyo, Japan

We are excited to present at the first ever OSS Security Meetup in Japan, on February 28 in Tokyo, hosted by Open Source Security Foundation (OpenSSF) Members. We aim to create a place where people with the same awareness and challenges related to OSS security can gather, share information mainly… Read more.
Independent Security Audit Report

Feb 1, 2023 | OpenSSF

In Blog

Independent Security Audit Impact Report

Security audits are an extremely effective tool for improving the security of critical projects. In 2022, OpenSSF and Google sponsored a number of security audits and associated work via strategic partner Open Source Technology Improvement Fund (OSTIF). Today OSTIF released its Independent Security Audit Impact Report. Read more.
OSS Security

Jan 26, 2023 | amartin

In Blog

Talking OSS Security in Europe this February

This February, along with many others, we'll be discussing Open Source Software (OSS) Security in Europe - first in Brussels during the Open Source Policy Summit and then at FOSDEM, followed by the State of OpenCon in London. Read more.
CloudNativeSecurityCo 2023

Jan 25, 2023 | jbly

In Blog

10 Sessions Not to Miss at CloudNativeSecurityCon

Next week we’re heading to the first ever standalone CloudNativeSecurityCon North America put on by the Cloud Native Computing Foundation (CNCF) in Seattle, WA that brings together application developers and security experts to propose solutions to security challenges, to explore cutting edge projects, and to discuss advances in modern security… Read more.
OpenSSF Board Member Spotlight Tracy Ragan

Jan 18, 2023 | jbly

In Blog

Spotlight on OpenSSF Board Member: Tracy Ragan, CEO, DeployHub

Join us for a conversation with OpenSSF Board Member, Tracy Ragan. In this new series, we are shining the spotlight on individuals who play a pivotal leadership role in setting the course for how we secure the open source software supply chain. Read more.
OpenSSF Year in Review 2022

Dec 29, 2022 | amartin

In Blog

OpenSSF Year in Review

The OpenSSF is a thriving, diverse, nonstop community. Across more than 30 different active software projects and other technical initiatives, we’ve been able to have the kind of reach and impact we need to put a dent in the global software security challenges we all know are only getting more… Read more.
Open Source Software Security

Dec 28, 2022 | OpenSSF

In Blog

Engaging Policy Makers and the Ecosystem on Open Source Software Globally

Throughout 2022, the Linux Foundation and OpenSSF in particular have been at the heart of a number of important conversations concerning the open source software (OSS) community and sustainability of the ecosystem. A large part of our global engagement efforts have been focused on collaborating with leaders in the public… Read more.
OpenSSF Day Japan December 5

Dec 22, 2022 | OpenSSF

In Blog

Takeaways from OpenSSF Day Japan

On December 5th during Open Source Summit Japan, the Open Source Security Foundation (OpenSSF) hosted OpenSSF Day Japan 2022, a half-day event dedicated to exploring ongoing efforts to improve the security of open source software (OSS). Throughout the day, contributors and thought leaders shared their ideas and experiences with OSS… Read more.
Log4Shell Retrospective

Dec 15, 2022 | amartin

In Blog

Avoiding the Next Log4Shell: Learning from the Log4j Event, One Year Later

Log4Shell, a vulnerability in the widely-used open source Java logging library Log4j, was disclosed in December 2021, roughly two months after I took the helm of the Open Source Security Foundation (OpenSSF). As I said back then, open source software (OSS) foundations must work together to prevent the next Log4Shell… Read more.