Welcome to the July 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.
TL;DR:
Submit Your Proposal: OpenSSF Community Day Korea
The Call for Proposals for OpenSSF Community Day Korea is closing Aug 3! If you have insights, tools, research, or community stories to share around open source software security, now is the time to submit your talk. The event takes place on November 4, 2025, in Seoul, South Korea, and brings together developers, researchers, and security professionals from across the open source and security ecosystems.
Whether your focus is on AI and security, vulnerability management, education, or tooling, we welcome submissions in a variety of formats, from quick 5-minute talks to extended 20-minute sessions. Deadline to submit: August 3, 2025, at 23:59 KST / 06:59 PST.
Share your expertise and help shape the future of open source security. We look forward to seeing you in Seoul!
Blogs:
New: Cyber Resilience Act (CRA) Brief Guide for OSS Developers
In our recent blog post, David A. Wheeler introduces the Cyber Resilience Act (CRA) Brief Guide for OSS Developers, a practical overview created by the OpenSSF to help open source developers understand and prepare for the EU’s new cybersecurity regulation. Although the CRA officially applies only within the EU, its global impact is significant due to the international nature of software distribution. The blog clarifies when the CRA does or does not apply to OSS, outlines potential risks for non-compliance, and highlights available resources including free training and community support to help developers build secure, compliant software. Read the full blog.
Recap: OpenSSF Community Day Japan 2025
OpenSSF Community Day Japan 2025 brought together developers, researchers, government, and industry leaders in Tokyo to advance open source software security. The event featured keynotes, technical sessions, and a live incident response exercise focused on secure development, tool adoption, and supply chain integrity.
Read the full blog for session videos, slides, and key takeaways.
Recap: OpenSSF Community Day North America 2025
OpenSSF Community Day NA 2025 brought together a diverse open source security community in Denver for a packed day of insights, tools, and collaboration. From real-world deployments of SBOM, Sigstore, and GUAC to securing AI pipelines and exploring the new AStRA control plane framework, sessions moved beyond awareness into action.Â
Read the full blog for recordings, slides, key takeaways and ways to get involved.
On-Demand Webinar: Cybersecurity Skills, Simplified
The on-demand webinar Cybersecurity Skills, Simplified: A Framework That Works brings together experts from IBM, Intel, Linux Foundation Education, and OpenSSF to address a critical challenge: making cybersecurity a shared responsibility across all roles. The panel introduces the Cybersecurity Skills Framework, an open, flexible tool that helps teams identify, map, and improve security skills organization-wide. With insights on setting security OKRs, scaling training, and creating accessible learning pathways, this webinar offers practical guidance for anyone looking to strengthen their team’s security posture. Learn more.
What’s in the SOSS? An OpenSSF Podcast:
#35 – S2E12 Building India’s Open Source Security Community: From Developer Nation to Security Champions
In this episode of What’s in the SOSS?, host CRob sits down with Ram Iyengar, OpenSSF’s India community representative, to explore the evolving landscape of open source security in India. Ram shares his journey from professor to evangelist, the launch of LF India, and the challenges of inspiring a security-first mindset in one of the world’s largest developer populations. The episode covers everything from building local community momentum to hosting regional events and video series, offering listeners both practical insights and a personal look at the passionate effort behind India’s growing open source security movement.
#34 – S2E11 From Lockpicking to Leadership: Tabatha DiDomenico on Security, Open Source, and Building Community
In this episode of What’s in the SOSS? host Yesenia Yser sits down with Tabatha DiDomenico, open source security engineer, community leader, and president of BSides Orlando for a compelling conversation about her unconventional path into open source, the power of community, and the often-overlooked impact of DevRel. From her first experience with Netscape to shaping security strategy at G-Research and OpenSSF, Tabatha reflects on how curiosity, volunteering, and intentional advocacy have fueled her journey. Whether you are new to open source or a longtime contributor, this episode offers heartfelt insights, practical advice, and a powerful reminder: community is everything.
Education:
The Open Source Security Foundation (OpenSSF), together with Linux Foundation Education, provides a selection of free e-learning courses to help the open source community build stronger software security expertise. Learners can earn digital badges by completing offerings such as:
These are just a few of the many courses available for developers, managers, and decision-makers aiming to integrate security throughout the software development lifecycle.
News from OpenSSF Community Meetings and Projects:
- The Security-Focused Guide for AI Code Assistant Instructions that is being developed by the Best practices and the AI/ML WGs is now in final draft, under PR here.
- Zarf released version v0.58.0 including image push & pull and SDK enhancements.
- OpenBao recently released v2.3.1 with support for namespaces, CEL for JWT authentication and PKI issuance, and SSH multi-issuer support. The community is making progress on per-namespace sealing, HSM/KMS backed key material, and horizontal scalability, and just kicked off a UI working group.
In the News:
- SC Media: Application Security Weekly Podcast, Getting Started with Security Basics on the Way to Finding a Specialization – ASW #339
- Techstrong.ai, Navigating Software Supply Chain Security Challenges with Christopher (CRob) Robinson | Open Source Summit NA 2025
- Techstrong.ai, Techstrong TV June 30, 2025
- SiliconANGLE, Code, community and the future: 13 takeaways from Open Source Summit NA
- SiliconANGLE, How open-source developers can meet global cybersecurity laws — before it’s too late
- Infosecurity Magazine, NSA and CISA Urge Adoption of Memory Safe Languages for Safety
- theCUBE, CRob, OpenSSF | Open Source Summit 2025
- Linux Insider, Is a Security Baseline Enough for Open-Source Software?
Meet OpenSSF at These Upcoming Events!
Join us at OpenSSF Community Day Events in India, Japan, Korea and Europe!
OpenSSF Community Days bring together security and open source experts to drive innovation in software security.
Connect with the OpenSSF Community at these key events:
Ways to Participate:
There are a number of ways for individuals and organizations to participate in OpenSSF. Learn more here.
You’re invited to…
See You Next Month!Â
We want to get you the information you most want to see in your inbox. Missed our previous newsletters? Read here! Have ideas or suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org, and see you next month!Â
Regards,
The OpenSSF Team
