Skip to main content

Register for OpenSSF Community Day Europe

search
Category

Case Studies

Jul 23
Love0

Case Study: Google Secures Machine Learning Models with sigstore

By Blog, Case Studies

As machine learning (ML) evolves at lightning speed, so do the threats. The rise of large models like LLMs has accelerated innovation—but also introduced serious vulnerabilities. Data poisoning, model tampering, and unverifiable origins are not theoretical—they’re real risks that impact the entire ML supply chain.

Model hubs, platforms for data scientists to share models and datasets, recognized the challenge: How could they ensure the models hosted on their platform were authentic and safe?

That’s where Google’s Open Source Security Team (GOSST), sigstore, and the Open Source Security Foundation (OpenSSF) stepped in. Together, we created the OpenSSF Model Signing (OMS) specification, an industry standard for signing AI models. We then integrated OMS into major model hubs such as NVIDIA’s NGC and Google’s Kaggle.

The Solution: Seamless Model Signing Built into Model Hubs

We partnered with Kaggle to experiment with how to make the model signing easier without disrupting publishing UX.

“The simplest solution to securing models is: sign the model when you train it and verify it every time you use it.”
 — Mihai Maruseac, Staff Software Engineer, Google

Key features of the prototyped implementation:

  • Model authors could use the same model hub upload tools and processes to upload their models, but, behind the scenes, these models would be automatically signed during the upload process.
  • Each model is signed using the uploader’s identity on the model hub, via OpenID Connect (OIDC). Model hubs should become OIDC providers to ensure that they can sign the model during upload.
  • Model hubs use sigstore to obtain a short-lived certificate, sign the model, and store the signature alongside the model.
  • Verification is automatic and transparent—the model hub verifies the signature and displays its status. A “signed” status confirms the model’s authenticity.
  • Users can independently verify signatures by using a notebook hosted on the model hub, or downloading the model and the signature and verifying using the `model_signing` CLI.
  • Model repositories implement access controls (ACLs) to ensure that only authorized users can sign on behalf of specific organizations.
  • All signing events are logged in the sigstore transparency log, providing a complete audit trail.
  • Future plans include GUAC integration for generating AI-BOMs and inspecting ML supply chains for incident response and transparency.

The process dramatically improves trust and provenance while remaining invisible to most users.

The Result: A Blueprint for Securing AI Models

With sigstore integrated, the experiment with Kaggle proved that model hubs can offer a verified ML ecosystem. Users know that what they download hasn’t been tampered with or misattributed. Each model is cryptographically signed and tied to the author’s identity—no more guessing whether a model came from “Meta” or a spoofed account.

“If we reach a state where all claims about ML systems and metadata are tamperproof, tied to identity, and verifiable by the tools ML developers already use—we can inspect the ML supply chain immediately in case of incidents.”
 — Mihai Maruseac, Staff Software Engineer, Google

This solution serves as a model for the broader ecosystem. Platforms hosting datasets and models can adopt similar practices using open tools like sigstore, backed by community-driven standards through OpenSSF.

Get Involved & Learn More

Join the OpenSSF Community
Be part of the movement to secure open source software, including AI/ML systems. → Join the AI/ML Security WG

Explore sigstore
See how sigstore enables secure, transparent signing for software and models. → Visit sigstore

Learn About Google’s Open Source Security Efforts
Discover how Google is advancing supply chain security in open source and machine learning. → Google Open Source Security Team

Learn More about Kaggle
Explore how Kaggle is evolving into a secure hub for trustworthy ML models. → Visit Kaggle

Watch the Talk
Title: Taming the Wild West of ML: Practical Model Signing With sigstore on Kaggle
Speaker: Mihai Maruseac, Google
Event: OpenSSF Community Day North America – June 26, 2025
Watch the talk → YouTube

Jun 13
Love0

Case Study: OSTIF Improves Security Posture of Critical Open Source Projects Through OpenSSF Membership

By Blog, Case Studies

Organization: Open Source Technology Improvement Fund, Inc. (OSTIF)
Contributor: Amir Montazery, Managing Director
Website: ostif.org

Problem

Critical open source software (OSS) projects—especially those that are long-standing and widely adopted—often lack the resources and systematic support needed to regularly review and improve their security posture. Many of these projects are maintained by small teams with limited bandwidth, making it challenging to conduct comprehensive security audits and implement best practices. The risk of undetected vulnerabilities in these projects presents a growing concern for the broader software ecosystem.

Action

To address this gap, OSTIF leverages its OpenSSF membership to conduct rigorous security audits of critical OSS projects. Using a curated process rooted in industry best practices, OSTIF delivers structured security engagements that improve real-world outcomes for maintainers and users alike.

Through active participation in OpenSSF’s Securing Critical Projects working group and Alpha-Omega initiatives since their inception, and through strategic partnership with organizations like Eclipse Foundation, OSTIF receives targeted funding and support to carry out its mission. These collaborations help prioritize high-impact projects and streamline audit administration—despite the inherent complexity of managing funding approvals and coordination. 

It’s pivotal that these important projects receive customized work. Each open source project is unique and so are its security needs, making standardization of audits difficult. OSTIF is able to invest time and expertise in scoping and organizing engagements to be tailored to the project’s best interests, necessities, and budget to generate effective investment in open source security.

OSTIF also incorporates other OpenSSF tools and services such as the OpenSSF Scorecard and the broader Securing Critical Projects Set, which complement its robust audit methodology and offer additional layers of insight into project health. In an ecosystem that is varied and complex, having security resources that can be applied to all projects contextually to generate impactful and sustainable security outcomes is incredibly valuable to all stakeholders, especially OSTIF.

Results

OSTIF’s work has demonstrated the effectiveness of formal security audits in strengthening OSS project resilience. As a member of OpenSSF, OSTIF has been able to expand its reach, increase audit throughput, and reinforce the security practices of some of the open source community’s most essential projects. Since 2021, OSTIF has facilitated numerous engagements funded by OpenSSF. In March of 2025, OSTIF published the results of the audit of RSTUF with OpenSSF’s funding and support. Additionally, 2 more Alpha-Omega funded engagements will be published later this year.

“OSTIF is grateful for the support from OpenSSF, particularly for funding security audits both directly and via Project Alpha-Omega, to help improve the security of critical OSS projects.”
 — Amir Montazery, Managing Director, OSTIF

In addition to the technical improvements achieved through audits, OSTIF’s OpenSSF membership has fostered valuable connections with project maintainers, security experts, and funders—creating a collaborative ecosystem dedicated to open source security. Building a community around security audits is a goal of OSTIFs; by sharing resources and providing a platform for researchers to present audit findings through meetups, their goal is to grow expertise and access to security knowledge of the average open source user. 

Key Benefits

  • Enhanced security posture of widely-used OSS projects.
  • Strategic collaboration with OpenSSF working groups.
  • Access to funding and expert networks.
  • Improved audit administration through community support.

Biggest Challenge

  • Navigating administrative processes and funding approval cycles for new audit projects.
  • Funding multi-year programs and engagements. 

To learn more about OSTIF’s work, visit their 2024 Annual Report. Visit their website at ostif.org or follow them on LinkedIn to stay up to date with audit releases.

May 15
Love0

Case Study: Ericsson’s C/C++ Compiler Options Hardening Guide and OpenSSF Collaboration

By Blog, Case Studies

Ericsson, a global leader in telecommunications and networking, has been deeply engaged in open source and software security for over a decade. Through its Open Source Program Office (OSPO), Ericsson coordinates its participation across multiple foundations and initiatives, including the Open Source Security Foundation (OpenSSF). This case study highlights Ericsson’s collaboration with the OpenSSF, with a specific focus on their C/C++ Compiler Option Hardening Guide, which has served as both an internal resource and a community contribution.

Problem

C++ remains a foundational language in many critical systems, but it’s notoriously difficult to use securely. Given the massive volume of existing C and C++ code underpinning today’s infrastructure, many organizations today face a familiar dilemma: how to improve the security of these systems without the unrealistic burden of rewriting everything in a memory-safe programming language. The team recognized the need for a pragmatic solution that could strengthen existing infrastructure.

Solution

Ericsson, together with partners found through its engagement in the OpenSSF, developed and released the C/C++ Compiler Option Hardening Guide as a practical approach to increasing software security through better compiler configurations. The guide maps out various hardening flags and compiler options, analyzing their implications on performance and security. Originally drafted by Ericsson’s product security team, the initial guide was donated to the OpenSSF and is now jointly developed in the Best Practices Working Group of the OpenSSF.

Open sourcing the guide proved invaluable. By contributing it to the OpenSSF, Ericsson gained access to a wider range of expertise—receiving high-quality feedback from compiler maintainers, Linux distribution contributors, and others across the ecosystem. These external insights not only validated Ericsson’s approach but improved the guide itself.

Results

  • The guide has been promoted internally at Ericsson and adopted or experimented with by community projects and organizations such as Wireshark, Chainguard, and the CPython project.
  • Feedback from community experts helped refine the guide, especially regarding how different compiler flags interact in real-world builds.
  • Ericsson’s work raised broader awareness about the importance of compiler-level hardening and provided a widely usable educational resource.
  • The collaborative development process reinforced the value of community feedback loops and pragmatic security practices.

Secondary Initiatives

In addition to the compiler guide, Ericsson is co-chairing the Best Practices Working Group and leading the development of a Python Secure Coding Guide therein.. The team also benefits from other OpenSSF work, such as threat modeling and participation in the AI/ML security working group.

“We’ve seen tremendous value in contributing our C/C++ Compiler Options Hardening Guide to the OpenSSF. The community feedback significantly improved the guide and validated our approach. It’s a win-win—for our internal teams and the broader open source ecosystem.” — Mikko Karikytö, Head of Product Security & CPSO 

Future Plans

Ericsson plans to continue contributing to and evolving its secure coding practices through collaboration with the OpenSSF. As part of that commitment, Ericsson encourages peers in telecom, networking, and adjacent industries to explore the C/C++ Compiler Options Hardening Guide, apply its recommendations, and contribute to its ongoing improvement.

🔹 Visit Ericsson’s Open Source Program Office (OSPO) page to learn more about their broader open source strategy.

🔹 Get involved with the OpenSSF Best Practices Working Group to shape and support secure software development practices.

About Ericsson and OpenSSF

Ericsson has been a vocal advocate for responsible open source use and software security. Its OSPO leads efforts across multiple standards bodies and open source foundations. The OpenSSF provides a vendor-neutral forum for collaboration on secure software development and supply chain security.

For more case studies, visit: https://openssf.org/case-studies/

Oct 24
Love0

Case Study: Kusari’s Implementation of OpenSSF Tools and Services

By Blog, Case Studies

Challenge

For many years, the software supply chain has suffered from a lack of transparency and inefficient, unsustainable security management methods such as spreadsheets, emails, and word of mouth. The severity of these challenges was highlighted during incidents like Log4Shell, where the limitations of these approaches became evident — organizations struggled to identify where Log4J was used, and many applications continue to use vulnerable versions of this library years later. Meanwhile, the costs and regulatory requirements of attacks and vulnerabilities continue to increase. The founders of Kusari, driven by their passion and personal experiences with these problems, sought to create scalable and robust security solutions for their customers and users.

Solution

To address these challenges, Kusari created and co-developed the tool GUAC (Graph for Understanding Artifact Composition). GUAC integrates data from various OpenSSF tools and specifications to secure Kusari’s platform software and infrastructure. Kusari uses AllStar to enforce best practices for source code repositories and Scorecard to assess repositories for best practice adherence and highlight areas of concern. By adopting SLSA (Supply Chain Levels for Software Artifacts), Kusari follows Level 3 practices for building projects and generating provenance. OpenVEX is used to communicate the vulnerability status of software, while S2C2F (Supply-Chain Levels for Secure Commercial Facilities) ensures rules are followed for safely ingesting open source software. GUAC aggregates data from multiple sources like Scorecard, SLSA, OpenVEX, SBOM, OSV, and deps.dev to analyze supply chain risks and ensure compliance with S2C2F rules.

According to Parth Patel, Co-founder & Chief Product Officer at Kusari, “Working with OpenSSF projects is an invaluable part of building Kusari – both as a company and an enterprise platform. Participating in open source communities allows us to shape the future of software supply chain technology. The work we invest in OpenSSF communities pays off in having reliable software tools to build and integrate with the security ecosystem.”

Results

The implementation of these tools has significantly enhanced Kusari’s ability to manage and mitigate software supply chain risks. The adoption of open specifications like SLSA, S2C2F, and OpenVEX allows Kusari to generate and consume supply chain data that is broadly supported in the community. Tools like AllStar, Scorecard, and Sigstore help enforce best practices in code, build, and delivery processes. GUAC enables Kusari to ingest and analyze standardized metadata from multiple OpenSSF tools, providing a clear understanding of supply chain risks and facilitating quick responses to security incidents.

Engagement with OpenSSF Community

Kusari engages with the OpenSSF community in various capacities, including as maintainers and users of AllStar, GUAC, and SLSA, and as TAC sponsors for GitTUF, SBOMit, and S2C2F. This engagement is a way for us to innovate and give back within the open source community. Kusari is committed to helping shape and develop the future of software supply chain security. You can regularly find us in meetings with the Supply Chain Integrity Working Group; come join in. 

Benefits and Challenges

Open specifications and tools provide flexibility for integration and modification, ensuring better interoperability. Security has a long history of being closed and vendor-centric, but that’s changing. Collaboration is required to protect effectively against current and future threats. That’s why Kusari is passionate about being a creator, maintainer, contributor and user of open source security tools. 

Striking a balance between vendor support and community-driven efforts is crucial for sustainable success in open source projects. Arun Gupta, vice president and general manager of Open Ecosystem Initiatives at Intel and OpenSSF governing board chair emphasizes, “It’s vital that we foster collaboration between vendors and the open source community in a collaborative manner that respects the community. This balance is key to achieving a secure software ecosystem.”

Future Plans

Kusari plans to adopt additional OpenSSF tools such as GitTUF as they mature and looks forward to developments from SBOMit.

Conclusion

Kusari’s integration of OpenSSF tools and specifications has significantly bolstered its software supply chain security, providing scalable and efficient solutions for managing vulnerabilities. Through active participation in the OpenSSF community, Kusari continues to contribute to and benefit from the evolving landscape of open source security.