Guest Blog

Why Third-Party Notices Are Breaking at Scale: What the Ecosystem Needs Next

From Noise to Signal: Using Runtime Context to Win the Vulnerability Management Battle

Rethinking Post-Deployment Vulnerability Detection

Kusari Partners with OpenSSF to Strengthen Open Source Software Supply Chain Security

KubeCon + CloudNativeCon Europe 2026 Co-located Event Deep Dive: Open Source SecurityCon

Open Source SecurityCon (evolved from Cloud Native SecurityCon) returns for its second event, co-located with KubeCon + CloudNativeCon Europe 2026. The conference advances innovation and collaboration across open source software security and cloud native security. It brings together creators, maintainers, operators, and consumers who are actively involved in securing the software ecosystem.

First Steps Towards Cyber Resilience Act Conformity: Biking the CRA with Balena at FOSDEM 2026

Recently, I spoke at the Free and Open Source Developers' European Meeting (FOSDEM) 2026 on “First steps towards Cyber Resilience Act (CRA) conformity: A practical introduction to cybersecurity risk management.”

Introducing the Gemara Model

EU Cyber Resilience Act (CRA) in Practice @ FOSDEM 2026: From Awareness to Action

Over the past few years, the free and open source (FOSS) community has engaged deeply with the CRA, highlighting its significance and potential impact.

Security Slam 2026

Security Slam 2026 is a 30-day event that begins February 20 and culminates in an awards ceremony at KubeCon + CloudNativeCon Europe (KCCN EU).

Fill Out All The Margins 📖: OpenSSF Releases Compiler Annotations Guide for C and C++

OpenSSF’s new Compiler Annotations for C and C++ guide helps developers use compiler-specific annotations to communicate code intent to the compiler, improve diagnostics, improve optimizations, and provide stronger security and correctness guarantees.