Guest Blog

Case Study: How LFX Insights and OSPS Baseline Validated GUAC’s Security in Under an Hour

Tools: GUAC, OSPS Baseline, LFX Insights Challenge: Demonstrating strong security posture quickly and credibly to stakeholders Solution: Leveraging Linux Foundation Insights (LFX Insights) and the Open Source Security Foundation (OpenSSF) Open Source Project Security Baseline (OSPS Baseline) for instant, standards-aligned validation Result: Saved significant time in verifying security practices, completing an independent standards-based assessment in…

Blog Case Studies case study Community GUAC Guest Blog LFX Linux Foundation OSPS Baseline

Securing AI: The Next Cybersecurity Battleground

The AI wave is here, and it’s only getting bigger. According to a recent report from McKinsey, “over the next three years, 92 percent of companies plan to increase their AI investments.” As this AI wave washes over almost every industry and is integrated deeply and extensively into critical and non-critical operations, it ushers in…

Blog Guest Blog AI AI/ML security Community Guest Blog Machine Learning Open Source OpenSSF

From Beginner to Builder: Understanding OpenSSF Community and Working Groups

The Open Source Security Foundation (OpenSSF) serves as the global hub for collaborative work on securing the software supply chain. Whether you’re an open-source maintainer, a security engineer, a student, or someone passionate about public digital infrastructure, OpenSSF invites you to participate. There are no gatekeepers, no matter where you work. This community is open,…

Blog Guest Blog Community Guest Blog Linux Foundation open source projects Open Source Security OpenSSF projects Secure Software Repositories WG working groups

Speaking, Volunteering, Parenting, and Exploring Nature — My Week at OSS Summit NA 2025

Earlier this summer, Eman Abu Ishgair had the privilege of attending the Open Source Summit North America 2025 in Denver — one of the largest gatherings of open source contributors, maintainers, researchers, and advocates. Even more exciting: I participated as a speaker, volunteer, and a new community member during the OpenSSF Community Day, the co-located…

Blog Guest Blog Community Guest Blog Linux Foundation

Maintainers’ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks

CI/CD pipelines are increasingly becoming high-value targets for attackers. With access to secrets, source code, and infrastructure, they offer a direct route to supply chain compromise. The recent breaches involving tj-actions/changed-files and reviewdog/action-setup are not just isolated events, they are harbingers of a new generation of CI/CD-targeted supply chain attacks.

Blog Guest Blog CI/CD Community Guest Blog OpenSSF OSS OSS Security Security

Announcing the Release of “The Memory Safety Continuum”

The OpenSSF's Memory Safety SIG has just released "The Memory Safety Continuum". It was written with software developers, organizations, and security professionals in mind and it provides practical insights and strategies for enhancing software security wherever you are on the memory safety spectrum today.

Blog Guest Blog Guest Blog Linux Foundation Security SIG Software Security Software Supply Chain Security Working Group and Project Spotlight Series

2025 OpenSSF Content Themes: Strengthening Open Source Security Throughout the Year

Each year, the Open Source Security Foundation (OpenSSF) is committed to securing the software supply chain through a year-long focus on key themes. Our content calendar aligns with critical security topics, industry events, and cybersecurity awareness initiatives. As we move through 2025, here’s how OpenSSF is strengthening software supply chain security—including what you need to…

Blog Guest Blog Linux Foundation OpenSSF

Predictions for Open Source Security in 2025: AI, State Actors, and Supply Chains

Open source software is everywhere—used in almost every modern application—but the security challenges it faces continue to grow more serious. Relying on the backbone of volunteers, vulnerabilities now make it a prime target for cyberattacks by both malicious hackers and state actors. The close call with the xz Utils backdoor attack highlights just how fragile…

Blog Guest Blog Guest Blog

Accelerating OpenSSF Adoption: Unlocking Scorecard Insights with a Centralized Dashboard

Open source components are consumed by over 90% of modern applications. Their omnipresence stems from their cost-effectiveness, flexibility, and collaborative nature, making them a cornerstone of contemporary software development. However, this widespread use also makes it a critical weak link in software security. Many open source projects are maintained by small teams or individual contributors…

Blog Guest Blog Guest Blog Linux Foundation Open Source OpenSSF Scorecard

Red Hat’s Collaboration with the OpenSSF and OSV.dev Yields Results: Red Hat Security Data Now Available in the OSV Format

OSV is an open format for describing software vulnerabilities. It provides security researchers, vendors, and consumers with an easy to understand format for exchanging vulnerability information. OSV.dev is a database that hosts and aggregates OSV data.