OpenSSF Scorecard Audit is Complete!
This blog was originally published on the OSTIF website on October 9, 2025 by Helen Wooste The Open Source Technology Improvement Fund is proud to share the results of our security audit...
Blog
Building Security in Open Source for Financial Services: OpenSSF at Open Source in Finance Forum (OSFF)
Financial services run on open source. With regulations growing and supply chains under pressure, institutions need clear frameworks and reliable data to keep systems secure. At the Open Source in Finance Forum (OSFF) the OpenSSF community is sponsoring and sharing sessions on the OSPS Baseline, vulnerability data, and AI security. These talks demonstrate how our…
KubeCon + CloudNativeCon North America 2025 Co-Located Event Deep Dive: Open Source SecurityCon
Open Source SecurityCon has always been about bringing people together to strengthen trust in open source. From its beginnings within TAG Security to its growth as a standalone conference, and now returning to KubeCon + CloudNativeCon alongside the Open Source Security Foundation (OpenSSF), the event has become a gathering place for anyone passionate about securing our…
Recap: OpenSSF Tech Talk on Securing the AI Lifecycle
On September 24, the Open Source Security Foundation (OpenSSF) hosted its latest Tech Talk, bringing together experts from Dell, Google, Intel, and the broader community to discuss how open source tools and practices can secure the fast-evolving AI/ML lifecycle. The recording and slides are now available.
From Beginner to Builder: Your First Code Contribution
Maybe you've used open source before and wondered how it all works, or you're early in your career and heard that open source contributions can boost your growth. Maybe you've witnessed software supply chain attacks and felt an urge to make a difference. Maybe you just started learning about OpenSSF in our last blog: “Understanding…
From Ghent to Brussels: OpenSSF’s Week of Policy and Security in Europe
At the end of October, the Linux Foundation, the Linux Foundation Europe and OpenSSF will gather leaders across industry, government, and open source communities for three impactful events in Belgium. Together, these back-to-back gatherings will advance collaboration, shape policy, and highlight the critical role of open source in Europe’s digital future.
Improving Risk Management Decisions with SBOM Data: A New Whitepaper from the OpenSSF SBOM Everywhere SIG
SBOMs are becoming part of everyday software practice, but many teams still ask the same question: how do we turn SBOM data into decisions we can trust? Our new whitepaper, “Improving Risk Management Decisions with SBOM Data,” answers that by tying SBOM information to concrete risk-management outcomes across engineering, security, legal, and operations.
New OpenSSF Guidance on AI Code Assistant Instructions
AI code assistants are powerful tools. They can speed up development, suggest solutions, and help explore alternatives. But they also create security risks, because the results you get depend heavily on what you ask. These systems’ models are trained on vast amounts of code (much of it insecure), they don’t truly understand context, and they…
Celebrating the Community: OpenSSF at Open Source Summit and OpenSSF Community Day Europe Recap
From August 25 to 28, 2025, the Linux Foundation hosted a high-impact week of open source collaboration and innovation in Amsterdam. OpenSSF’s participation, in both Open Source Summit Europe and OpenSSF Community Day Europe, brought together developers, maintainers, researchers, and policymakers to strengthen software supply chain security and align on global regulations like the EU…