Skip to main content

Register for Open Source SecurityCon 2025

search
Tag

Golden Egg Award

Aug 28
Love0

OpenSSF Celebrates Global Momentum, AI/ML Security Initiatives and Golden Egg Award Winners at Community Day Europe

By Blog, Press Release

Foundation honors community achievements and strategic efforts to secure ML pipeline during community event in Amsterdam

AMSTERDAM – OpenSSF Community Day Europe – August 28, 2025 – The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), presents the Golden Egg Award during OpenSSF Community Day Europe and celebrates notable momentum across the security industry. The Foundation’s milestones include achievements in AI/ML security, policy education, and global community engagement.

Golden Egg Award Recipients

OpenSSF continues to shine a light on those who go above and beyond in our community with the Golden Egg Awards. The Golden Egg symbolizes gratitude for recipients’ selfless dedication to securing open source projects through community engagement, engineering, innovation, and thoughtful leadership. This year, we celebrate:

  • Ben Cotton (Kusari) – for work on GUAC and the Open Source Project Security Baseline (OSPS Baseline)
  • Kairo de Araujo (Eclipse Foundation) – for maintaining RSTUF and participation in the Securing Software Repositories Working Group
  • Katherine Druckman (Independent) – for dedication to community growth and developer relations (DevRel)
  • Eddie Knight (Sonatype) – for advancing OSPS Baseline and creating project courses that strengthen open source security education
  • Georg Kunz (Ericsson) – for leadership and contributions within the Best Practices Working Group

Achievements and Milestones

OpenSSF is supported by more than 118 member organizations and 1,519 technical contributors across OpenSSF projects, serving as a vendor-neutral partner to affiliated open source foundations and projects. As securing the global technology infrastructure continues to get more complex, OpenSSF will remain a trusted home to further the reliability, security, and universal trust of open source software.

Over the past quarter, OpenSSF has made several key achievements in its mission to sustainably secure open source software, including:

  • The release of a whitepaper by the AI/ML Security Working Group on securing the AI lifecycle, which maps OWASP ML Top 10 threats to MLOps stages and highlights tools like Sigstore and OpenSSF Scorecard.
  • Success at the AI Cyber Challenge (AIxCC) at DEF CON. OpenSSF participated as a challenge advisor and will be working with DARPA and ARPA-H to open source the winning systems, infrastructure, and data from the competition.
  • Co-launching the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families.
  • Publishing the Cyber Resilience Act (CRA) Brief Guide for OSS Developers, a practical overview to help open source maintainers and contributors understand when CRA requirements apply, what obligations exist, and how to prepare — paired with the free express course Understanding the EU Cyber Resilience Act (CRA) (LFEL1001) for those who want deeper learning and a digital badge.
  • Co-launching the Global Cyber Policy Working Group to collaborate on global cybersecurity-related legislation, frameworks, and standards which facilitate conformance to regulatory requirements by open source projects and their consumers; with initial focus on EU’s CRA legislation.

“Securing the AI and ML landscape requires a coordinated approach across the entire pipeline,” said Steve Fernandez, General Manager at OpenSSF. “Through our MLSecOps initiatives with OpenSSF members and policy education with our communities, we’re giving practitioners and their organizations actionable guidance to identify vulnerabilities, understand their role in the global regulatory ecosystem, and build a tapestry of trust from data to deployment.”

Global Community Engagement

OpenSSF continues to expand its influence on the international stage. OpenSSF Community Days drew record attendance globally, including standing-room-only participation in India, strong engagement in Japan, and sustained presence in North America.

Supporting Quotes

“As AI and ML adoption grows, so do the security risks. Visualizing Secure MLOps (MLSecOps): A Practical Guide for Building Robust AI/ML Pipeline Security is a practical guide that bridges the gap between ML innovation and security using open-source DevOps tools. It’s a valuable resource for anyone building and securing AI/ML pipelines.” Sarah Evans, Distinguished Engineer, Dell Technologies 

“The whitepaper distills our collective expertise into a pragmatic roadmap, pairing open source controls with ML-security threats. Collaborating through the AI/ML Security WG proved that open, vendor-neutral teamwork can significantly accelerate the adoption of secure AI systems.” Andrey Shorov, Senior Security Technology Specialist at Product Security, Ericsson

“The Cybersecurity Skills Framework is more than a checklist — it’s a practical roadmap for embedding security into every layer of enterprise readiness, open source development, and workforce culture across international borders. By aligning skills with real-world global threats, it empowers teams worldwide to build secure software from the start.” Jamie Thomas, Chief Client Innovation Officer and the Enterprise Security Executive, IBM 

“Open source is global by design, and so are the challenges we face with new regulations like the EU Cyber Resilience Act,” said Christopher “CRob” Robinson, Chief Security Architect, OpenSSF. “The Global Cyber Policy Working Group helps policymakers understand how open source is built and supports maintainers and manufacturers as they prepare for compliance.”

“The OpenSSF’s brief guide to the Cyber Resilience Act is a critical resource for the open source community, helping developers and contributors understand how the new EU law applies to their projects. It clarifies legal obligations and provides a roadmap for proactively enhancing their code’s security.” Dave Russo, Senior Principal Program Manager, Red Hat Product Security

Events and Gatherings

New and existing OpenSSF members are gathering this week in Amsterdam at the annual OpenSSF Community Day Europe. 

OpenSSF will continue its engagement across Europe this fall with participation in the Linux Foundation Europe Member Summit (October 28) and the Linux Foundation Europe Roadshow (October 29), both in Ghent, Belgium. At the Roadshow, OpenSSF will sponsor and host the CRA in Practice: Secure Maintenance track, building on last year’s standing-room-only CRA workshop. On October 30, OpenSSF will co-host the European Open Source Security Forum with CEPS in Brussels, bringing together open source leaders, European policymakers, and security experts to collaborate on the future of open source security policy. A landing page for this event will be available soon, check the OpenSSF events calendar for updates and registration details.

Additional Resources

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry organization at the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org. 

Media Contact
Grace Lucier
The Linux Foundation

pr@linuxfoundation.org 

Jun 26
Love0

OpenSSF Welcomes New Members and Presents Golden Egg Award

By Blog, Press Release

Foundation furthers mission to enhance the security of open source software 

DENVER – OpenSSF Community Day North America – June 26, 2025 – The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), welcomes six new members from leading technology and security companies. New general members include balena, Buildkite, Canonical, Trace Machina, and Triam Security and associate members include Erlang Ecosystem Foundation (EEF). The Foundation also presents the Golden Egg Award during OpenSSF Community Day NA 2025.

“We are thrilled to welcome six new member companies and honor existing contributors during our annual North America Community Day event this week,” said Steve Fernandez, General Manager at OpenSSF. “As companies expand their global footprint and depend more and more on interconnected technologies, it is vital we work together to advance open source security at every layer – from code to systems to people. With the support of our new members, we can share best practices, push for standards and ensure security is front and center in all development.”

Golden Egg Award Recipients

The OpenSSF continues to shine a light on those who go above and beyond in our community with the Golden Egg Awards. The Golden Egg symbolizes gratitude for awardees’ selfless dedication to securing open source projects through community engagement, engineering, innovation, and thoughtful leadership. This year, we celebrate:

  • Ian Dunbar-Hall (Lockheed Martin) – for contributions to the bomctl and SBOMit projects
  • Hayden Blauzvern (Google) – for leadership in the Sigstore project
  • Marcela Melara (Intel) – for contributions to SLSA and leadership in the BEAR Working Group 
  • Yesenia Yser (Microsoft) – for work as a podcast co-host and leadership in the BEAR Working Group 
  • Zach Steindler (GitHub) – for leadership on the Technical Advisory Committee (TAC) and in the Securing Software Repositories Working Group
  • Munehiro “Muuhh” Ikeda – for work as an LF Japan Evangelist and helping to put together OpenSSF Community Day Japan
  • Adolfo “Puerco” Garcia Veytia – for support on Protobom, OpenVEX and Baseline projects

Their efforts have made a lasting impact on the open source security ecosystem, and we are deeply grateful for their continued contributions.

Project Updates

OpenSSF is supported by more than 3,156 technical contributors across OpenSSF projects – providing a vendor-neutral partner to affiliated open source foundations and projects. Recent project updates include:

  • Gittuf, a platform-agnostic Git security system, has advanced to an incubating project under OpenSSF. This milestone marks the maturity and adoption of the project.
  • OpenBao, a software solution to manage, store, and distribute sensitive data including secrets, certificates, and key, joined OpenSSF as a sandbox project
  • Open Source Project Security Baseline (OSPS Baseline), which provides a structured set of security requirements aligned with international cybersecurity frameworks, standards, and regulations, aiming to bolster the security posture of open source software projects, was released.
  • Model Signing released version 1.0 to secure the machine learning supply chain.
  • GUAC released version 1.0 to bring stability to the core functionality.
  • SLSA released version 1.1 RC2 to enhance the clarity and usability of the original specification.

Events and Gatherings

New and existing OpenSSF members are gathering this week in Denver at the annual OpenSSF Community Day NA 2025. Join the community at upcoming 2025 OpenSSF-hosted events, including OpenSSF Community Day India, OpenSSF Community Day Europe, OpenSSF Community Day Korea, and Open Source SecurityCon 2025.

Additional Resources

Supporting Quotes

“At balena, we understand that securing edge computing and IoT solutions is critical for all companies deploying connected devices. As developers focused on enabling reliable and secure operations with balenaCloud, we’re deeply committed to sharing our knowledge and expertise. We’re proud to join OpenSSF to contribute to open collaboration, believing that together we can build more mature security solutions that truly help companies protect their edge fleets and raise collective awareness across the open-source ecosystem.”

– Harald Fischer, Security Aspect Lead, balena

“Joining OpenSSF is a natural extension of Buildkite’s mission to empower teams with secure, scalable, and resilient software delivery. With Buildkite Package Registries, our customers get SLSA-compliant software provenance built in. There’s no complex setup or extra tooling required. We’ve done the heavy lifting so teams can securely publish trusted artifacts from Buildkite Pipelines with minimal effort. We’re excited to collaborate with the OpenSSF community to raise the bar for open source software supply chain security.”

– Ken Thompson, Vice President of Product Management, Buildkite

“Protecting the security of the open source ecosystem is not an easy feat, nor one that can be tackled by any single industry player. OpenSSF leads projects that are shaping this vast landscape. Canonical is proud to join OpenSSF on its mission to spearhead open source security across the entire market. For over 20 years we have delivered security-focused products and services across a broad spectrum of open source technologies. In today’s world, software security, reliability, and provenance is more important than ever. Together we will write the next chapter for open source security frameworks, processes and tools for the benefit of all users.”

– Luci Stanescu, Security Engineering Manager, Canonical

“Starting in 2024, the EEF’s Security WG focused community resources on improving our supply chain infrastructure and tooling to enable us to comply with present and upcoming cybersecurity laws and directives. This year we achieved OpenChain Certification (ISO/IEC 5230) for the core Erlang and Elixir libraries and tooling, and also became the default CVE Numbering Authority (CNA) for all open-source Erlang, Elixir and Gleam language packages. Joining the OpenSSF has been instrumental in connecting us to experts in the field and facilitating relationships with security practitioners in other open-source projects.” 

– Alistair Woodman, Board Chair, Erlang Ecosystem Foundation

“Trace Machina is a technology company, founded in September 2023, that builds infrastructure software for developers to go faster. Our current core product, NativeLink, is a build caching and remote execution platform that speeds up compute-heavy work. As a company we believe both in building our products open source whenever possible, and in supporting the open source ecosystem and community. We believe open source software is a crucial philosophy in technology, especially in the security space. We’re thrilled to join the OpenSSF as a member organization and to continue being active in this wonderful community.” 

– Tyrone Greenfield, Chief of Staff, Trace Machina

“Triam Security is proud to join the Open-Source Security Foundation to support its mission of strengthening the security posture of critical open source software. As container security vulnerabilities continue to pose significant risks to the software supply chain, our expertise in implementing SLSA Level 3/4 controls and building near-zero CVE solutions through CleanStart aligns perfectly with OpenSSF’s supply chain security initiatives. We look forward to collaborating with the community on advancing SLSA adoption, developing security best practices, improving vulnerability management processes, and promoting standards that enhance the security, transparency, and trust in the open-source ecosystem.”

– Biswajit De, CTO, Triam Security

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry organization at the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org. 

Media Contact
Natasha Woods
The Linux Foundation

PR@linuxfoundation.orgÂ