Skip to main content

Are you an OpenSSF contributor and have something to say about security that would be of interest to the open source community?

Write a guest post for our blog!

About the OpenSSF Blog

The primary goal of the OpenSSF Blog is to provide informative and educational content about open source software security to the wider open source community, demonstrate thought leadership, share important milestones, and highlight the value of getting involved in the work of OpenSSF.

Blog Guidelines

We aim to keep OpenSSF blog posts short and focused on what’s newsworthy, what’s cool, and what’s important to our community. We encourage links to source material for longer descriptions and deeper dives. Content should be presented in a conversational way that provides insight from the author’s expertise and perspective.

Topic Area: Stick to topics directly relevant to open source software security and the OpenSSF.

Tone: Friendly, yet authoritative with a preference for first person voice.

Word Count: For summaries and updates – 500+ words. For technical deep-dives – 1,500+ words

Style: Focus on readability. Write for the non-expert. Spell out acronyms upon first use. Break content into easily digestible parts with headings.

Attribution: Identify author(s) and affiliations. When possible, try to have authors from multiple organizations to demonstrate breadth of support and collaboration.

Intent: No sales pitches or product marketing pieces please. While it is ok to highlight the work of an individual company when it ties into the overall theme of the blog, any company or product mentions must be directly related to OpenSSF work, remain balanced, and not be at the expense of others. Blogs exclusively or primarily about a for-profit-company’s products or services will not be accepted.

Images: Relevant graphics like charts, graphs, and photos are encouraged.

Submission Process

If you’d like to suggest a topic area or volunteer to write a post, send an email to blog@openssf.org with your name, topic, and few lines describing the post you’d like to write. We’ll let you know if we think your topic would be a good fit for our blog. You may use the template below to get started.

Topic Proposal Template:

  • Topic:
  • Objective:
  • Headline:
  • Author(s) (Name, Title, Organization, short <60 word bio):
  • 1-3 Key Points:
  • Call to Action:
  • Value to Community:
  • Target Publish Date:
  • Graphic(s):

Next Steps:

Once topic is approved, draft and submit the blog post. The review process for blog posts is generally 2-3 weeks using a shared Google document to capture inputs and make suggestions. The OpenSSF Editorial Review Panel will review the blog and make publication decisions. Once the author has approved the final post, OpenSSF will schedule and publish the blog; provide author with the link; share with members and on OpenSSF social media channels. Don’t forget to share with your own networks too!

Contribute a Blog Topic Idea

2024 OpenSSF Editorial Calendar

This calendar gives a high-level overview of our priority areas of focus for the blog throughout the year. This is not an exhaustive or exclusive list, and we are always happy to accept submissions on these and other topics throughout the year. We’d love to hear your ideas!

January Alpha-Omega

  • Critical open source software projects and ecosystems
  • Alpha-Omega grant recipients
February Scorecard

  • Case studies
  • Secure development best practices
March AI / ML

  • Role of AI / ML in security
  • Role of security in AI / ML programs
  • Skills and development for security and AI professionals
April Being an OpenSSF contributor

  • Participation in the OpenSSF
  • Impact assessment
May Software Supply Chain Security

  • SLSA
  • FRSCA
  • Attestation
June Security Tooling

  • SBOMs
  • Fuzzing
July Addressing Vulnerabilities
August Securing Software Repositories

  • OpenSSF Scorecard
  • Best practices for software developers
  • Security fundamentals/tutorials
September Securing Critical Projects

  • Project spotlights
October Identifying Security Threats

  • Security metrics
  • Cybersecurity Awareness Month
November Sigstore

  • Cosign/Rekor/Gitsign/Fulcio
December End Users

  • Best practices for consuming open source software
  • OSS Security predictions for next year