Community

Preserving Open Source Sustainability While Advancing Cybersecurity Compliance

The Cyber Resilience Act (CRA) represents a significant evolution in the European Union’s approach to product cybersecurity and software supply chain risk. Article 25 explicitly recognizes the unique role of free and open source software (FOSS) and seeks to facilitate compliance for manufacturers by enabling voluntary security attestation programmes for FOSS.

Blog EU Cyber Resilience Act Global Cyber Policy Community CRA Cyber Resilience Act Cybersecurity

OpenSSF’s 2026 Themes: A Community Roadmap for Securing the Future of Open Source

Each year, the Open Source Security Foundation (OpenSSF) focuses its content and engagement on the security topics that matter most to the open source community. In 2026, we are organizing content around quarterly themes that reflect community priorities, global policy developments, and real-world security needs.

Blog Community community events Content themes CRA Events Linux Foundation Open Source Security

AI, Software Development, Security, Tips, and the Future (Part 2)

This is part 2 of a 2-part article where I’ll briefly discuss the impact of Artificial Intelligence (AI) on software development.

Blog AI AI security Community Linux Foundation Open Source Open Source Security Security

OpenSSF Newsletter – December 2025

Newsletter Annual Report Community FOSDEM gemara kubecon Newsletter Open Source SecurityCon security courses SLSA

OpenSSF 2025 Annual Report Is Live: A Year of Global Growth, Security Wins, and Community Momentum

As the year comes to a close, we’re excited to share the OpenSSF’s 2025 Annual Report, a look at the milestones, momentum, and community-driven achievements that made this year remarkable. We invite you to celebrate the progress, creativity, and collaboration that continue to shape a safer and more resilient open source community!

Blog 2025 AI security Annual Report Community community events New members Open Source Security OpenSSF Working Group and Project Spotlight Series

Recap: OpenSSF Community Day Korea 2025

OpenSSF Community Day Korea took place on November 4, 2025, in Seoul, bringing developers and security engineers together for a day of practical discussions on software security.

Blog Community Events Linux Foundation Open Source Open Source Summit OpenSSF Community Day OSSSecurity

OpenSSF Newsletter – November 2025

Newsletter Community Cyber Week education Events Newsletter Open Source Security

KubeCon Keynote Recap: “Supply Chain Reaction” and Why the OSPS Baseline Matters More Than Ever

At KubeCon+CloudNativeCon North America, Stacey Potter (OpenSSF) and Adolfo García Veytia delivered one of the most memorable and entertaining keynotes of the week: “Supply Chain Reaction: A Cautionary Tale in Kubernetes Security.”

Blog Community Linux Foundation Open Source OpenSSF OSPSBaseline OSS Security Security

Tech Talk Recap: Simplifying DevSecOps in Air-Gapped Environments with Zarf

In the latest OpenSSF Tech Talk, we focused on a significant hurdle in software supply chain security: managing software delivery and upkeep within air-gapped and restricted network environments. You can now view the recording on the OpenSSF YouTube channel, and the presentation slides are accessible here.

Blog Community DevSecOps OpenSSF Tech Talk Zarf

Building Security in Open Source for Financial Services: OpenSSF at Open Source in Finance Forum (OSFF)

Financial services run on open source. With regulations growing and supply chains under pressure, institutions need clear frameworks and reliable data to keep systems secure. At the Open Source in Finance Forum (OSFF) the OpenSSF community is sponsoring and sharing sessions on the OSPS Baseline, vulnerability data, and AI security. These talks demonstrate how our…

Blog AI AI security Community Linux Foundation Open Source Open Source Community Open Source Security OpenSSF OSPS Baseline