Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Jun 12, 2025 |
GUAC 1.0 is Now Available
The GUAC project is proud to announce the release of GUAC 1.0. GUAC â which stands for âGraph for Understanding Artifact Compositionâ is an OpenSSF incubating project that brings understanding and insights to the software supply chain. Started by Kusari, Google, and Purdue University, GUAC has contributions from over 400… Read more.
Jun 11, 2025 |
Maintainersâ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks
CI/CD pipelines are increasingly becoming high-value targets for attackers. With access to secrets, source code, and infrastructure, they offer a direct route to supply chain compromise. The recent breaches involving tj-actions/changed-files and reviewdog/action-setup are not just isolated events, they are harbingers of a new generation of CI/CD-targeted supply chain attacks. Read more.
Jun 6, 2025 |
From Sandbox to Incubating: gittufâs Next Step in Open Source Security
Weâre pleased to share that gittuf, a platform-agnostic Git security framework, has officially progressed to the Incubating Project stage under the Open Source Security Foundation (OpenSSF). This marks a major milestone in gittufâs development and recognizes the projectâs technical progress, community growth, and alignment with the broader mission of strengthening… Read more.
Jun 5, 2025 |
Choosing an SBOM Generation Tool
Software Bills of Materials (SBOMs) are the foundational piece of understanding your software supply chain. By listing the components that go into your application, SBOMs give you a starting point for understanding risks â including vulnerabilities, license issues, and other supply chain risks. But how do you create those SBOMs? Read more.
Jun 2, 2025 |
OSS and the CRA: am I a Manufacturer or a Steward?
The European Unionâs Cyber Resilience Act (CRA) is a piece of legislation that covers all countries within the EU and the EEA and entered into force on 10th December 2024. It covers many types of devices and applications that are either sold or otherwise made commercially available on the European… Read more.
May 30, 2025 |
In Blog
Member Spotlight: Trail of Bits â Driving Open Source Security Through Standards, Prototypes, and Policy
Trail of Bits is a leading cybersecurity research, engineering, and consulting firm that works with some of the most security-conscious organizations in the worldâincluding Facebook, government agencies like DARPA, and prominent cryptocurrency protocols. Founded in 2012, each part of the company focused on open sourcing their work- tools,research, and audits… Read more.
May 21, 2025 |
In Blog
Call for Proposals Now Open for Open Source SecurityCon 2025
Weâre thrilled to announce that the Call for Proposals is now open for Open Source SecurityCon, a brand new event hosted by OpenSSF and CNCF, taking place on November 10, 2025, in Atlanta, Georgia. Read more.
May 15, 2025 |
Case Study: Ericsson’s C/C++ Compiler Options Hardening Guide and OpenSSF Collaboration
Ericsson, a global leader in telecommunications and networking, has been deeply engaged in open source and software security for over a decade. Through its Open Source Program Office (OSPO), Ericsson coordinates its participation across multiple foundations and initiatives, including the Open Source Security Foundation (OpenSSF). This case study highlights Ericsson's… Read more.
May 14, 2025 |
Linux Foundation and OpenSSF Release Cybersecurity Skills Framework to Strengthen Enterprise Readiness
New Customizable Global Framework Aligns IT Job Roles with Practical Cybersecurity Skills SAN FRANCISCO, CA â May 14, 2025 â The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and… Read more.
May 9, 2025 |
In Blog
Call for Proposals for OpenSSF Community Day Europe Open Through 26 May, 2025
Submit your proposal by 26 May, 2025 to Join the Conversation on Open Source Security. The Open Source Security Foundation (OpenSSF) invites you to be part of our upcoming OpenSSF Community Day Europe, happening on Thursday, 28 August in Amsterdam, Netherlands and co-located with Open Source Summit EU! This event… Read more.