Guest Blog

📣 Submit your proposal: OpenSSF Community Day Korea | Open Source SecurityCon

Jun 12

GUAC 1.0 is Now Available

By OpenSSF Blog, Guest Blog

The GUAC project is proud to announce the release of GUAC 1.0. GUAC — which stands for “Graph for Understanding Artifact Composition” is an OpenSSF incubating project that brings understanding…

Jun 11

Love0

Maintainers’ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks

By OpenSSF Blog, Guest Blog

CI/CD pipelines are increasingly becoming high-value targets for attackers. With access to secrets, source code, and infrastructure, they offer a direct route to supply chain compromise. The recent breaches involving…

Jun 06

Love0

From Sandbox to Incubating: gittuf’s Next Step in Open Source Security

By OpenSSF Blog, Guest Blog

We’re pleased to share that gittuf, a platform-agnostic Git security framework, has officially progressed to the Incubating Project stage under the Open Source Security Foundation (OpenSSF). This marks a major…

Jun 05

Love0

Choosing an SBOM Generation Tool

By OpenSSF Blog, Guest Blog

Software Bills of Materials (SBOMs) are the foundational piece of understanding your software supply chain. By listing the components that go into your application, SBOMs give you a starting point…

May 08

Love0

Announcing the Summer 2025 OpenSSF Mentorship Program

By OpenSSF Blog, Guest Blog

Hands-on experience and contributions to open source software (OSS) projects are a major advantage for obtaining a job in software engineering (SWE) and/or cybersecurity. At the same time, mentoring and…

Apr 28

Love0

Announcing the Release of “The Memory Safety Continuum”

By OpenSSF Blog, Guest Blog

The OpenSSF's Memory Safety SIG has just released "The Memory Safety Continuum". It was written with software developers, organizations, and security professionals in mind and it provides practical insights and…

Apr 25

Love0

Repository Service for The Update Framework (RSTUF) Reaches New Security Milestone with Successful Audit

By OpenSSF Blog, Guest Blog

The Open Source Security Foundation (OpenSSF) is proud to share that the Repository Service for The Update Framework (RSTUF) has completed a successful third-party security audit—marking a key milestone on…

Apr 23

Love0

Vulnerability Enumeration Conundrum – an Open Source Perspective on CVE and CWE

By OpenSSF Blog, Guest Blog

In recent days, the vulnerability management ecosystem has experienced shocking news that the de facto standard used throughout industry and upstream, the CVE & CWE Programs, were unexpectedly being defunded…

Apr 04

Love0

Launch of Model Signing v1.0: OpenSSF AI/ML Working Group Secures the Machine Learning Supply Chain

By OpenSSF Blog, Guest Blog

We are pleased to announce the launch of version 1.0 of the model-signing project, an OpenSSF project developed in the past year as part of the OpenSSF AI/ML working group.…

Mar 28

Love0

GuardDog: Strengthening Open Source Security Against Supply Chain Attacks

By OpenSSF Blog, Guest Blog

Datadog is a proud Open Source Security Foundation (OpenSSF) member, and we believe that being a part of this security community will lead us all to a safer place. Attackers…

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

GUAC 1.0 is Now Available

Maintainers’ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks

From Sandbox to Incubating: gittuf’s Next Step in Open Source Security

Choosing an SBOM Generation Tool

Announcing the Summer 2025 OpenSSF Mentorship Program

Announcing the Release of “The Memory Safety Continuum”

Repository Service for The Update Framework (RSTUF) Reaches New Security Milestone with Successful Audit

Vulnerability Enumeration Conundrum – an Open Source Perspective on CVE and CWE

Launch of Model Signing v1.0: OpenSSF AI/ML Working Group Secures the Machine Learning Supply Chain

GuardDog: Strengthening Open Source Security Against Supply Chain Attacks

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

Guest Blog

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox