Blog

Join us in Minnesota on May 21, 2026 for OpenSSF Community Day!

Feb 03

Join Us at Open Source SecurityCon Europe 2026 in Amsterdam

By OpenSSF Blog

Open Source SecurityCon Europe is approaching, which means we’ll be gathering again in Amsterdam this spring for one of the most focused, practitioner-driven events in open source security. Save your…

Jan 28

Love0

OpenSSF at FOSDEM 2026: From Policy to Practical Security

By OpenSSF Blog

FOSDEM is one of Europe’s most important gatherings for open source communities, and OpenSSF will participate again in 2026. The event brings together developers, maintainers, researchers, and industry contributors for…

Jan 21

Love0

Preserving Open Source Sustainability While Advancing Cybersecurity Compliance

By OpenSSF Blog, EU Cyber Resilience Act, Global Cyber Policy

The Cyber Resilience Act (CRA) represents a significant evolution in the European Union’s approach to product cybersecurity and software supply chain risk. Article 25 explicitly recognizes the unique role of…

Jan 15

Love0

OpenSSF’s 2026 Themes: A Community Roadmap for Securing the Future of Open Source

By OpenSSF Blog

Each year, the Open Source Security Foundation (OpenSSF) focuses its content and engagement on the security topics that matter most to the open source community. In 2026, we are organizing…

Jan 09

Love0

Collecting Badges, Building Bridges: Representing OpenSSF and Linux Foundation Across Europe

By OpenSSF Blog

There is a particular feeling that comes with wearing a conference badge that carries more weight than your name. It is the quiet awareness that you are not just attending…

Jan 08

Love0

Signal in the Noise: An Industry-Wide Perspective on the State of VEX

By OpenSSF Blog, Guest Blog

Abstract: Software security has always been a race between complexity and clarity. The Vulnerability Exploitability eXchange (VEX) aims to bring clarity to that race.

Jan 07

Love0

Your Guide to the OpenSSF OSPS Baseline for More Secure Open Source Projects

By OpenSSF Blog

The Open Source Project Security (OSPS) Baseline is a community-developed catalog of practical security controls that helps open source projects understand what good security looks like and how to improve…

Jan 05

Love0

AI, Software Development, Security, Tips, and the Future (Part 2)

By OpenSSF Blog

This is part 2 of a 2-part article where I’ll briefly discuss the impact of Artificial Intelligence (AI) on software development.

Dec 29

Love0

AI, Software Development, Security, Tips, and the Future (Part 1)

By OpenSSF Blog

This is part 1 of a 2-part article discussing the impact of Artificial Intelligence (AI) on software development. In this part, I’ll note that AI use during software development is…

Dec 19

Love0

Catching Malicious Package Releases Using a Transparency Log

By OpenSSF Blog, Guest Blog

Trail of Bits, with funding from OpenSSF, is improving Sigstore’s rekor-monitor to help maintainers detect malicious package releases, monitor signing identities, and strengthen software supply chain security using transparency logs.

Join Us at Open Source SecurityCon Europe 2026 in Amsterdam

OpenSSF at FOSDEM 2026: From Policy to Practical Security

Preserving Open Source Sustainability While Advancing Cybersecurity Compliance

OpenSSF’s 2026 Themes: A Community Roadmap for Securing the Future of Open Source

Collecting Badges, Building Bridges: Representing OpenSSF and Linux Foundation Across Europe

Signal in the Noise: An Industry-Wide Perspective on the State of VEX

Your Guide to the OpenSSF OSPS Baseline for More Secure Open Source Projects

AI, Software Development, Security, Tips, and the Future (Part 2)

AI, Software Development, Security, Tips, and the Future (Part 1)

Catching Malicious Package Releases Using a Transparency Log

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox