Welcome to the March 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.
TL;DR
This month, the OpenSSF invites you to participate in global Community Days and explore new initiatives to strengthen open source security throughout 2025. Tune in to the latest podcast episode highlighting key insights from leaders at Intel and GitHub, learn about the recent Policy Summit in Washington, D.C., and enroll in the new, free cybersecurity course designed specifically for software development managers. Plus, stay informed about exciting project updates and upcoming community events!
Join us at OpenSSF Community Day Events in North America, India, Japan, and Europe!
OpenSSF Community Days bring together security and open source experts to drive innovation in software security.
- Denver, Colorado – June 26, 2025
- Tokyo, Japan – June 18, 2025
- Hyderabad, India – August 4, 2025
- Amsterdam, Netherlands – August 28, 2025
✅ Secure your spot – Register today!
✅ Have insights to share? Submit to speak before CFP closes!
✅ Support the mission – Become a sponsor!
Join us in shaping a safer and more secure digital world.
2025 OpenSSF Content Themes: Strengthening Open Source Security Throughout the Year
Cybersecurity is an ongoing challenge, and OpenSSF is leading efforts to strengthen open source security in 2025. This blog outlines the key content themes for the year, from strengthening OSS ecosystems to enhancing security tools and addressing vulnerabilities. Each month, OpenSSF will explore these critical topics through events, expert discussions, and blog contributions. Stay updated on these discussions and learn how you can contribute to OpenSSF’s mission.
What’s in the SOSS? An OpenSSF Podcast is back for Season 2!
In Season 2’s first episode, CRob chats with Arun Gupta (Intel, OpenSSF Governing Board Chair) and Zach Steindler (GitHub, OpenSSF TAC Chair) about lessons learned in open source security from 2024 and what’s ahead for 2025.
- How the Mission, Vision, Values, Strategy, and Roadmap (MVVSR) framework is shaping OpenSSF’s focus
- The biggest security challenges faced in 2024, from supply chain attacks to SBOM adoption
- Exciting initiatives for 2025—including making security more accessible to open source maintainers
Join the conversation and get insights into the future of open source security. Listen now and stay tuned as we announce our new co-host!
OpenSSF Hosts 2025 Policy Summit in Washington, D.C. to Tackle Open Source Security Challenges
The OpenSSF successfully hosted the 2025 Policy Summit in Washington, D.C., bringing together industry leaders and security experts to address open source security challenges. The event featured keynotes, panel discussions, and breakout sessions focused on AI security, software supply chain governance, and policy recommendations for secure OSS consumption.
“The OpenSSF is committed to tackling the most pressing security challenges facing the consumption of open source software in critical infrastructure and beyond ” said Steve Fernandez, General Manager, OpenSSF.
Discussions highlighted the importance of industry-led security initiatives, collaboration with policymakers, and the need for standardized security frameworks. Following the summit, OpenSSF will refine security guidance and best practices to enhance open source software security globally. Learn more about the event, key takeaways, OpenSSF’s Vision, and how to get involved in shaping open source security policy.
NEW FREE COURSE: Security for Software Development Managers (LFD125)
The OpenSSF and Linux Foundation Education have launched a new, free cybersecurity e-Learning course, Security for Software Development Managers (LFD125). Designed for those who manage or aspire to manage developer teams, this course covers critical security concepts needed to build resilient applications. Participants will learn how to identify vulnerabilities, implement proactive security measures, and guide their teams in creating secure software. Security for Software Development Managers (LFD125) is a self-paced, 2-hour course that includes access to a discussion forum for engagement with experts and peers. Upon successful completion, participants receive a digital badge and certificate.
Enroll today and strengthen your leadership skills in software security!
News from OpenSSF Community Meetings and Projects
- Zarf released version v0.49.1 including bug fixes and enhanced logging.
- Security Tooling WG had a discussion about the possibility of OpenBao becoming an OpenSSF project.
- Global Cyber Policy WG is working to establish a “steward.md” file for OSS projects to declare what organization is the steward of the project.
- Security Baseline has added an FAQ page to the website.
- Securing Software Repositories WG is working on package yanking guidance for repositories.
- Vulnerability Disclosure WG will host a purl + CPE workshop at VulnCon.
- Model Signing project is working toward a v1 release.
- Memory Safety SIG completed a PR for OpenSSF Scorecard that checks if the code uses non memory safe practices for the repository languages.
- SLSA has published onboarding instructions for the SLSA Source PoC and invites any feedback via GitHub issues.
In the News
- OpenSSF Publishes Security Baseline for Open-Source Projects
- OpenSSF Publishes Security Framework for Open Source Software
- OpenSSF creates Project Security Baseline
- OpenSSF Hosts 2025 Policy Summit in Washington, D.C. to Tackle Open Source Security Challenges
- Linux Foundation Research Reports Reveal Wide Spectrum for Cyber Resilience Act Readiness and Compliance
Meet OpenSSF at These Upcoming Events!
- FIRST VulnCon 2025: April 7-10, 2025
- RSA Conference: April 28 – May 1, 2025
- OpenSSF Community Day Japan: June 18, 2025
- OpenSSF Community Day North America 2025: June 26, 2025
- OpenSSF Community Day India 2025: August 4, 2025
- DefCon 2025: August 7-10, 2025
- OpenSSF Community Day Europe 2025: August 28, 2025
You’re invited to…
- Join a Working Group or Project
- Chat with us on Slack
- Follow us on X, Mastodon, Bluesky, and LinkedIn
See You Next Month!
We want to get you the information you most want to see in your inbox. Have ideas or suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org, and see you next month!
Regards,
The OpenSSF Team