The Open Source Security Foundation (OpenSSF) serves as the global hub for collaborative work on securing the software supply chain. Whether you’re an open-source maintainer, a security engineer, a student, or someone passionate about public digital infrastructure, OpenSSF invites you to participate. There are no gatekeepers, no matter where you work. This community is open,…
By Sarah Evans and Andrey Shorov The world of technology is constantly evolving, and with the rise of Artificial Intelligence (AI) and Machine Learning (ML), the demand for robust security...
Earlier this summer, Eman Abu Ishgair had the privilege of attending the Open Source Summit North America 2025 in Denver — one of the largest gatherings of open source contributors, maintainers, researchers, and advocates. Even more exciting: I participated as a speaker, volunteer, and a new community member during the OpenSSF Community Day, the co-located…
By Mihai Maruseac (Google), Eoin Wickens (HiddenLayer), Daniel Major (NVIDIA), Martin Sablotny (NVIDIA) As AI adoption continues to accelerate, so does the need to secure the AI supply chain. Organizations...
The GUAC project is proud to announce the release of GUAC 1.0. GUAC — which stands for “Graph for Understanding Artifact Composition” is an OpenSSF incubating project that brings understanding and insights to the software supply chain. Started by Kusari, Google, and Purdue University, GUAC has contributions from over 400 people representing more than 90…
CI/CD pipelines are increasingly becoming high-value targets for attackers. With access to secrets, source code, and infrastructure, they offer a direct route to supply chain compromise. The recent breaches involving tj-actions/changed-files and reviewdog/action-setup are not just isolated events, they are harbingers of a new generation of CI/CD-targeted supply chain attacks.Â
We’re pleased to share that gittuf, a platform-agnostic Git security framework, has officially progressed to the Incubating Project stage under the Open Source Security Foundation (OpenSSF). This marks a major milestone in gittuf’s development and recognizes the project’s technical progress, community growth, and alignment with the broader mission of strengthening the open source software supply…
Software Bills of Materials (SBOMs) are the foundational piece of understanding your software supply chain. By listing the components that go into your application, SBOMs give you a starting point for understanding risks — including vulnerabilities, license issues, and other supply chain risks. But how do you create those SBOMs?
Hands-on experience and contributions to open source software (OSS) projects are a major advantage for obtaining a job in software engineering (SWE) and/or cybersecurity. At the same time, mentoring and coaching experiences are increasingly viewed as important leadership skills in tech jobs. Programs like the LFX Mentorship are one way to offer these experiences and…
The OpenSSF's Memory Safety SIG has just released "The Memory Safety Continuum". It was written with software developers, organizations, and security professionals in mind and it provides practical insights and strategies for enhancing software security wherever you are on the memory safety spectrum today.
