Trustify joins GUAC
By Ben Cotton and Dejan Bosanac The superpower of open source is multiple people working together on a common goal. That works for projects, too. GUAC and Trustify are two...
Blog
What Not to Miss at Open Source Summit & OpenSSF Community Day Europe
The countdown is on! From August 25 to 28, 2025, the open source security community will gather in Amsterdam for Open Source Summit Europe and OpenSSF Community Day Europe. These two major gatherings will focus on the future of software supply chain security, regulatory readiness, and collaborative innovation.
Case Study: How LFX Insights and OSPS Baseline Validated GUAC’s Security in Under an Hour
Tools: GUAC, OSPS Baseline, LFX Insights Challenge: Demonstrating strong security posture quickly and credibly to stakeholders Solution: Leveraging Linux Foundation Insights (LFX Insights) and the Open Source Security Foundation (OpenSSF) Open Source Project Security Baseline (OSPS Baseline) for instant, standards-aligned validation Result: Saved significant time in verifying security practices, completing an independent standards-based assessment in…
OpenSSF at Black Hat USA 2025 & DEF CON 33: AIxCC Highlights, Big Wins, and the Future of Securing Open Source
The Open Source Security Foundation (OpenSSF) marked a strong presence at two cornerstone cybersecurity events, Black Hat USA 2025 and DEF CON 33, engaging with security leaders, showcasing our initiatives, and fostering collaboration to advance open source security.
Securing AI: The Next Cybersecurity Battleground
The AI wave is here, and it’s only getting bigger. According to a recent report from McKinsey, “over the next three years, 92 percent of companies plan to increase their AI investments.” As this AI wave washes over almost every industry and is integrated deeply and extensively into critical and non-critical operations, it ushers in…
From Beginner to Builder: Understanding OpenSSF Community and Working Groups
The Open Source Security Foundation (OpenSSF) serves as the global hub for collaborative work on securing the software supply chain. Whether you’re an open-source maintainer, a security engineer, a student, or someone passionate about public digital infrastructure, OpenSSF invites you to participate. There are no gatekeepers, no matter where you work. This community is open,…
Visualizing Secure MLOps (MLSecOps): A Practical Guide for Building Robust AI/ML Pipeline Security
By Sarah Evans and Andrey Shorov The world of technology is constantly evolving, and with the rise of Artificial Intelligence (AI) and Machine Learning (ML), the demand for robust security...
🎉 Celebrating Five Years of OpenSSF: A Journey Through Open Source Security
August 2025 marks five years since the official formation of the Open Source Security Foundation (OpenSSF). Born out of a critical need to secure the software supply chains and open...
Blog
AI security
Alpha-Omega
C++
Compiler Hardening
CVEs
Cyber Resilience Act
GUAC
mentorship
MLSecOps
Open Source Community
Open Source Policy
Open Source Security
Open Source Security Foundation
OpenSSF
OSPS Baseline
Scorecard
Secure Software Development
security best practices
sigstore
SLSA
Software Supply Chain
Speaking, Volunteering, Parenting, and Exploring Nature — My Week at OSS Summit NA 2025
Earlier this summer, Eman Abu Ishgair had the privilege of attending the Open Source Summit North America 2025 in Denver — one of the largest gatherings of open source contributors, maintainers, researchers, and advocates. Even more exciting: I participated as a speaker, volunteer, and a new community member during the OpenSSF Community Day, the co-located…