Skip to main content

OpenSSF Newsletter – June 2024

By June 18, 2024
June Newsletter

Welcome to the June 2024 edition of the OpenSSF Newsletter, with our latest information on what’s been happening lately and what’s on our radar.


Call for Proposals: Submit to Speak at SOSS Fusion

We’re looking for proposals in the form of session presentations, panels, keynote sessions, and lightning talks. Submit to speak on any one of the following topics:

    • OSPO: Security and Open Source Program Offices
    • Maintainer Roles: Maintainer and Contributor roles in Securing Open Source Software
    • Dev: Secure Open Source Software Integration in the Software Development Lifecycle
    • Public Policy: Regulations to Improve the Security of Open Source Software
    • End Users: Secure Open Source Software Supply Chains
    • Dependencies: Understanding the OSS in Your Stack
    • AI for Security: Leveraging AI to Secure Open Source Software
    • Security for AI: Starting with Security for Open Source AI

The Call for Proposals closes Friday, July 12, at 11:59 PM EDT. 


OpenSSF Joins Open Source Consortium To Define E.U. CRA Security Specifications

The Open Source Security Foundation (OpenSSF), a project of the Linux Foundation focused on improving the security of open source software, is proud to announce its collaboration with the Eclipse Foundation and a leading open source consortium to work on the European Union’s (E.U.) Cyber Resilience Act (CRA).

Read More

Introducing Artifact Attestations—Now in Public Beta

There’s an increasing need across enterprises and the open source ecosystem to have a verifiable way to link software artifacts back to their source code and build instructions. And with more than 100 million developers building on GitHub, we want to ensure that developers have the tools needed to help.

Read More

The Opportunity for DEI Participation in the Security Industry (And OpenSSF)

At Secure Open Source Software (SOSS) Community Day North America 2024, we held a panel discussion on DEI (Diversity, Equity and Inclusion) at Open Source Security Foundation (OpenSSF). In preparing for this discussion we had a lot of conversations and realized we each had diverse perspectives.

Read More

Beyond the OpenSSF: An Introduction to Other Security Efforts Across the Linux Foundation

The Open Source Security Foundation (OpenSSF)’s mission is to strengthen the open source software ecosystem through a collaborative initiative across industry. But did you know about the other initiatives focusing on strengthening open source security, happening across the Linux Foundation?

Read More


The OSS Security Adventure: Exploring the Frontlines of OSS Security through SOSS Policy Summit, RSA Conference, and Japan Meetup

OpenSSF is making waves globally, with our footprint evident in discussions and events across continents. Join us on an “OSS Security Adventure” as we delve into our impactful presence at the SOSS Policy Summit in Brussels, the RSA Conference in San Francisco, and our engaging meetup in Tokyo.

Read More

What’s in the SOSS? Podcast #6 – A Man Called CRob: Introducing the Newest Co-host of What’s in the SOSS?

Introducing our new co-host for “What’s in the SOSS?” podcast, Christopher Robinson (CRob). As the Director of Security Communications at Intel Corporation and Chair of OpenSSF’s Technical Advisory Committee, CRob’s 25 years of experience in various sectors will enrich our podcast discussions. The latest episode features his day-to-day activities, podcast vision, and advice for those entering cybersecurity. 

Listen Here


OpenSSF Case Study: Enhancing Open Source Security with Sigstore at Stacklok

Stacklok Case Study

Stacklok, founded by Kubernetes co-creator Craig McLuckie and Sigstore creator Luke Hinds, enhances open source software security using Sigstore. By integrating Sigstore into their products, Trusty and Minder, Stacklok helps developers and maintainers secure their software supply chains with tools for artifact signing and verification. This case study highlights Stacklok’s commitment to making open source software safer and their contributions to the OpenSSF community.

Read More


Ubuntu Security Notices Now Available in OSV

In today’s rapidly evolving open source ecosystem, managing vulnerabilities efficiently is crucial. That’s why we’re excited to share that Canonical is now issuing Ubuntu Security Notices (USNs) in the open source OSV format. This collaboration aims to simplify vulnerability management and enhance security for our users.

Read More


OpenSSF Tech Talk: Proactive Supply Chain Security with GUAC


In this Tech Talk, you will meet the GUAC maintainers as they cover the project and its recent release, roadmap plans, and how you can contribute. Cybersecurity threats are constantly and quickly changing, but GUAC can help you stay ahead.

Check out this blog for a summary of the tech talk highlights and watch experts discuss its benefits & real-world uses. Slides & recording are available.

Watch Now

Enhance Your Software Development Skills with OpenSSF’s Free Courses

OpenSSF offers two comprehensive, free courses designed to help software developers improve their skills in secure software development and supply chain security.

Developing Secure Software (LFD121)

This course covers the fundamentals of developing secure software and is available on the Linux Foundation Training & Certification platform. It is entirely online, self-paced, and takes about 14-18 hours to complete. Both the course and the certificate of completion are free. Upon finishing the course and passing the final exam, participants will earn a certificate valid for two years.

Securing Your Software Supply Chain with Sigstore (LFS182)

This course teaches software developers, DevOps engineers, security engineers, and software maintainers how to use Sigstore’s toolkit to enhance software supply chain security. It covers the use of Cosign, Fulcio, and Rekor tools and is available on the Linux Foundation Training & Certification platform. The course is free, online, self-paced, and takes about 8 hours to complete. Familiarity with Linux terminals, command line tools, and intermediate cloud computing and DevOps concepts is recommended. 

Learn More

In the News

Meet OpenSSF at These Upcoming Events!

Get Involved in OpenSSF

You’re invited to…

See You Next Month

We want to get you the information you most want to see in your inbox. Have suggestions for next month’s newsletter about the OpenSSF? Let us know at and see you next month! 


The OpenSSF Team