Skip to main content

📣 Submit your proposal: OpenSSF Community Day Korea

search
Tag

New members

Jun 26
Love0

OpenSSF Welcomes New Members and Presents Golden Egg Award

By Blog, Press Release

Foundation furthers mission to enhance the security of open source software 

DENVER – OpenSSF Community Day North America – June 26, 2025 – The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), welcomes six new members from leading technology and security companies. New general members include balena, Buildkite, Canonical, Trace Machina, and Triam Security and associate members include Erlang Ecosystem Foundation (EEF). The Foundation also presents the Golden Egg Award during OpenSSF Community Day NA 2025.

“We are thrilled to welcome six new member companies and honor existing contributors during our annual North America Community Day event this week,” said Steve Fernandez, General Manager at OpenSSF. “As companies expand their global footprint and depend more and more on interconnected technologies, it is vital we work together to advance open source security at every layer – from code to systems to people. With the support of our new members, we can share best practices, push for standards and ensure security is front and center in all development.”

Golden Egg Award Recipients

The OpenSSF continues to shine a light on those who go above and beyond in our community with the Golden Egg Awards. The Golden Egg symbolizes gratitude for awardees’ selfless dedication to securing open source projects through community engagement, engineering, innovation, and thoughtful leadership. This year, we celebrate:

  • Ian Dunbar-Hall (Lockheed Martin) – for contributions to the bomctl and SBOMit projects
  • Hayden Blauzvern (Google) – for leadership in the Sigstore project
  • Marcela Melara (Intel) – for contributions to SLSA and leadership in the BEAR Working Group 
  • Yesenia Yser (Microsoft) – for work as a podcast co-host and leadership in the BEAR Working Group 
  • Zach Steindler (GitHub) – for leadership on the Technical Advisory Committee (TAC) and in the Securing Software Repositories Working Group
  • Munehiro “Muuhh” Ikeda – for work as an LF Japan Evangelist and helping to put together OpenSSF Community Day Japan
  • Adolfo “Puerco” Garcia Veytia – for support on Protobom, OpenVEX and Baseline projects

Their efforts have made a lasting impact on the open source security ecosystem, and we are deeply grateful for their continued contributions.

Project Updates

OpenSSF is supported by more than 3,156 technical contributors across OpenSSF projects – providing a vendor-neutral partner to affiliated open source foundations and projects. Recent project updates include:

  • Gittuf, a platform-agnostic Git security system, has advanced to an incubating project under OpenSSF. This milestone marks the maturity and adoption of the project.
  • OpenBao, a software solution to manage, store, and distribute sensitive data including secrets, certificates, and key, joined OpenSSF as a sandbox project
  • Open Source Project Security Baseline (OSPS Baseline), which provides a structured set of security requirements aligned with international cybersecurity frameworks, standards, and regulations, aiming to bolster the security posture of open source software projects, was released.
  • Model Signing released version 1.0 to secure the machine learning supply chain.
  • GUAC released version 1.0 to bring stability to the core functionality.
  • SLSA released version 1.1 RC2 to enhance the clarity and usability of the original specification.

Events and Gatherings

New and existing OpenSSF members are gathering this week in Denver at the annual OpenSSF Community Day NA 2025. Join the community at upcoming 2025 OpenSSF-hosted events, including OpenSSF Community Day India, OpenSSF Community Day Europe, OpenSSF Community Day Korea, and Open Source SecurityCon 2025.

Additional Resources

Supporting Quotes

“At balena, we understand that securing edge computing and IoT solutions is critical for all companies deploying connected devices. As developers focused on enabling reliable and secure operations with balenaCloud, we’re deeply committed to sharing our knowledge and expertise. We’re proud to join OpenSSF to contribute to open collaboration, believing that together we can build more mature security solutions that truly help companies protect their edge fleets and raise collective awareness across the open-source ecosystem.”

– Harald Fischer, Security Aspect Lead, balena

“Joining OpenSSF is a natural extension of Buildkite’s mission to empower teams with secure, scalable, and resilient software delivery. With Buildkite Package Registries, our customers get SLSA-compliant software provenance built in. There’s no complex setup or extra tooling required. We’ve done the heavy lifting so teams can securely publish trusted artifacts from Buildkite Pipelines with minimal effort. We’re excited to collaborate with the OpenSSF community to raise the bar for open source software supply chain security.”

– Ken Thompson, Vice President of Product Management, Buildkite

“Protecting the security of the open source ecosystem is not an easy feat, nor one that can be tackled by any single industry player. OpenSSF leads projects that are shaping this vast landscape. Canonical is proud to join OpenSSF on its mission to spearhead open source security across the entire market. For over 20 years we have delivered security-focused products and services across a broad spectrum of open source technologies. In today’s world, software security, reliability, and provenance is more important than ever. Together we will write the next chapter for open source security frameworks, processes and tools for the benefit of all users.”

– Luci Stanescu, Security Engineering Manager, Canonical

“Starting in 2024, the EEF’s Security WG focused community resources on improving our supply chain infrastructure and tooling to enable us to comply with present and upcoming cybersecurity laws and directives. This year we achieved OpenChain Certification (ISO/IEC 5230) for the core Erlang and Elixir libraries and tooling, and also became the default CVE Numbering Authority (CNA) for all open-source Erlang, Elixir and Gleam language packages. Joining the OpenSSF has been instrumental in connecting us to experts in the field and facilitating relationships with security practitioners in other open-source projects.” 

– Alistair Woodman, Board Chair, Erlang Ecosystem Foundation

“Trace Machina is a technology company, founded in September 2023, that builds infrastructure software for developers to go faster. Our current core product, NativeLink, is a build caching and remote execution platform that speeds up compute-heavy work. As a company we believe both in building our products open source whenever possible, and in supporting the open source ecosystem and community. We believe open source software is a crucial philosophy in technology, especially in the security space. We’re thrilled to join the OpenSSF as a member organization and to continue being active in this wonderful community.” 

– Tyrone Greenfield, Chief of Staff, Trace Machina

“Triam Security is proud to join the Open-Source Security Foundation to support its mission of strengthening the security posture of critical open source software. As container security vulnerabilities continue to pose significant risks to the software supply chain, our expertise in implementing SLSA Level 3/4 controls and building near-zero CVE solutions through CleanStart aligns perfectly with OpenSSF’s supply chain security initiatives. We look forward to collaborating with the community on advancing SLSA adoption, developing security best practices, improving vulnerability management processes, and promoting standards that enhance the security, transparency, and trust in the open-source ecosystem.”

– Biswajit De, CTO, Triam Security

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry organization at the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org

Media Contact
Natasha Woods
The Linux Foundation

PR@linuxfoundation.org 

Dec 09
Love0

In the Face of Mounting Regulatory Oversight, Honda and Guidewire Join Industry Leaders Securing Software Development at the Open Source Security Foundation (OpenSSF)

By Blog, Press Release

Growing Member Base and Launch of SOSS Community Day India Continue to Advance Open Source Software Security

Delhi, India – December 10, 2024 – The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation, helps individuals and organizations build secure software by providing guidance, tools, and best practices applicable to all software development. Today, the OpenSSF announced new members from the automotive and insurance technology industries at the first-of-its-kind Secure Open Source Software (SOSS) Community Day India. SOSS Community Day India brings together community members from across the security and open source ecosystem to share ideas and advance solutions for sustainably securing the software we all depend on, building a foundation for a more secure and innovative future.

New general member commitments come from Honda Motor Co., Ltd. and Guidewire Software, Inc. With support from these new organizations, the OpenSSF heads into the last month of 2024 with 126 members that together recognize the importance of backing, maintaining, and promoting secure open source software.

“We are excited to welcome our newest members and celebrate this milestone with the launch of the first SOSS Community Day in India,” said Arun Gupta, Vice President and General Manager of Developer Programs at Intel and OpenSSF Governing Board Chair. “India has an incredible open source ecosystem, and this event provides an opportunity to foster collaboration, address shared challenges, and ensure the security of the open source software powering the digital world. Together, we’re building a more secure and innovative future.”

SOSS Community Day India features a packed agenda with sessions led by top experts on topics like education, innovation, tooling, vulnerabilities, and threats. The event not only highlights the OpenSSF community’s ongoing work, but also provides an avenue to expand its reach through new partnerships and memberships, welcoming inquiries from potential collaborators. Participants will see how the OpenSSF community is driving improvements in open source software security and advancing its mission to create a more secure ecosystem for everyone.

General Member Quotes

Honda Motor Co., Ltd.

“Honda is pleased to be able to participate in the OpenSSF project as OSS security becomes increasingly important. In addition to contributing to the OpenSSF community, we look forward to working to strengthen OSS security across the industry in the future.” Yuichi Kusakabe, Chief Architect – IVI software PF/OSPO Tech Lead, Honda Motor Co., Ltd.

Guidewire Software, Inc.

“We’re excited to become a member of OpenSSF,” said Anoop Gopalakrishnan, vice president, Engineering, Guidewire. “This partnership reflects our continued commitment to advancing open source security and collaborating with like-minded innovators to create a more secure and resilient software ecosystem.” 

Additional Resources

  • View the complete list of OpenSSF members.
  • Explore the SOSS Community Day India program schedule to see the lineup of sessions and speakers.
  • To learn more about the OpenSSF community, including information about membership, contribution, project participation, and more, contact us here.

###

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org.

About the Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact
Jennifer Tanner
Look Left Marketing
openssf@lookleftmarketing.com

Nov 26
Love0

OpenSSF Newsletter – November 2024

By Newsletter

Welcome to the November 2024 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.

The SOSS Fusion 2024 Playlist is Live!

Catch up on the highlights from SOSS Fusion 2024, The Conference for Secure Open Source Software with the full YouTube playlist. Explore keynotes, technical sessions, and workshops from industry leaders like Dan Lorenc and Cory Doctorow. Discover actionable insights and tools to secure open source software.

📺 Watch now: SOSS Fusion 2024 YouTube Playlist

Secure Your Software Supply Chain with Abhisek Datta

Join us for an insightful webinar, Policy, Security, and the Software Supply Chain, featuring security expert Abhisek Datta on November 27 from 2:00 PM – 3:00 PM. This event is hosted in the lead-up to SOSS Community Day, India, co-located with KubeCon + CloudNativeCon India 2024.

Mark your calendars and register today!

Join us in Delhi for SOSS Community Day India on December 10, 2024, co-located with KubeCon + CloudNativeCon India

Hosted by the OpenSSF, this event will bring together open source security enthusiasts to connect, collaborate, and share knowledge. Whether you’re an industry leader or a passionate technologist, this is your opportunity to dive deep into the latest open source security trends, learn from experts, and network with the vibrant open source community. Don’t miss out—register today and be part of the conversation on securing open source software!

Learn more

2025 Virtual Tech Talk Call for Proposal (CFP)

We are excited to invite proposals for the 2025 Virtual Tech Talk Series, providing a platform for in-depth discussions on critical initiatives to secure open source software within the OpenSSF community. These tech talks are designed to foster knowledge sharing, highlight innovative technical projects, and showcase efforts driving the future of open source security.

Have a topic or expertise you’d like to share? Submit your Call for Proposals (CFP) by December 13, 2024, to ensure ample time for review and planning. This is your chance to contribute, connect with peers, and inspire others in the field.

Submit your CFP

Case Study: Kusari’s Implementation of OpenSSF Tools and Services


Kusari has tackled software supply chain challenges like transparency and inefficiencies by integrating OpenSSF tools such as AllStar, Scorecard, and GUAC, while adopting open standards like SLSA and OpenVEX. These solutions have enhanced their ability to manage risks and contribute actively to the OpenSSF community.

Participating in open source communities allows us to shape the future of software supply chain technology,” says Parth Patel, Kusari’s Co-founder.

➡️ Read more about Kusari’s journey and the tools they use.

October was Cybersecurity Awareness Month!

CybersecurityMonth
This year, the focus was on collective action across sectors to enhance cybersecurity resilience. Organizations prioritized OSS governance, developers adopted secure coding practices, and academic institutions prepared the next generation of professionals—all contributing to safer digital ecosystems.

OpenSSF supported these efforts with resources like Developing Secure Software (LFD121) and events like SOSS Fusion, which fostered collaboration and knowledge sharing.

➡️ Read more about how we worked together to stay secure and informed.

OpenSSF Adds Minder as a Sandbox Project to Simplify the Integration and Use of Open Source Security Tools

Minder, contributed by Stacklok, simplifies the integration and use of open source security tools through a policy-based approach that spans the entire software development lifecycle. With features like noise reduction, auto-remediation, and integration with OpenSSF tools such as Sigstore, Minder empowers organizations to strengthen their security posture.

➡️ Explore Minder and see how it enhances open source security.

OpenSSF Expands Secure Development Course with Interactive Labs


The Open Source Security Foundation (OpenSSF) has enhanced its free “Developing Secure Software” course (LFD121) with hands-on labs and interactive activities. These new features provide developers with practical techniques to counter modern cyberattacks, improving engagement and knowledge retention.

With over 25,000 enrollments globally, this course offers a comprehensive learning experience covering secure design principles, implementation, and verification techniques. Developers can earn a completion certificate and access optional browser-based labs for an immersive learning experience.

➡️ Enroll in LFD121 and start building secure software today!

OpenSSF Welcomes New Members and Introduces New Initiatives at SOSS Community Day Japan

At SOSS Community Day Japan, OpenSSF celebrated its growing community with the addition of new members, including Arm, embraceable AI, Fujitsu, Ruby Central, and Trifecta Tech, furthering its mission to secure open source software.

In a recent press release, OpenSSF also announced new initiatives: Minder, a sandbox project simplifying security tool integration; bomctl, enhancing SBOM management; and Zarf, enabling secure software delivery in air-gapped environments.

➡️ Read more about our new members and initiatives.

 

Red Hat’s Collaboration with the OpenSSF and OSV.dev Yields Results: Red Hat Security Data Now Available in the OSV Format

RedHat'sCollaborationwithOpenSSF

Red Hat has partnered with OpenSSF and Google’s OSV.dev to make its security data available in the OSV format. This enhances transparency, accessibility, and integration with tools like OSV-Scanner, supporting better vulnerability management.

➡️ Learn more about this collaboration.

 

How We Can Learn from Open Source Software to Address the Challenges of AI

How_We_Can_Learn_from_Open_Source_Software_to_Address_the_Challenges_of_AI

AI models bring transformative potential but also risks like deepfakes, bias, and misuse. Drawing from open source principles, we can address these challenges by fostering collaboration across industry, academia, and government, securing the AI supply chain, and building “secure by default” models.

OpenSSF’s work with agencies like CISA offers a roadmap for leveraging open source security principles to improve the safety and reliability of open foundation models.

➡️ Read how open source lessons can shape a secure AI future.

 

The OpenSSF Armored Goose “Honk”: Advancing Open Source Security

ArmouredGooseHonk

The Open Source Security Foundation’s (OpenSSF) logo features “Honk,” an armored goose holding a shield, embodying the foundation’s mission to protect open source software. Representing adaptability, resilience, and teamwork, Honk symbolizes the innovative approaches OpenSSF employs to enhance security in the open source ecosystem.

Discover the story behind Honk and how OpenSSF champions collaboration and defense in open source security.

➡️ Learn more about Honk and join the mission.

In the News

Meet OpenSSF at These Upcoming Events!

Get Involved in OpenSSF

You’re invited to…

See You Next Month

We want to get you the information you most want to see in your inbox. Have ideas or suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org, and see you next month! 

Regards,

The OpenSSF Team

Oct 29
Love0

OpenSSF Welcomes New Members and Introduces New Initiatives at SOSS Community Day Japan

By Blog, Press Release

Growing Member Base and New Initiatives Continue to Advance Open Source Software Security

TOKYO, JAPAN – October 30, 2024 – The Open Source Security Foundation (OpenSSF), a global cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), is excited to announce new members from leading technology, security, and research firms. The OpenSSF is also thrilled to host Secure Open Source Software (SOSS) Community Day at Open Source Summit Japan 2024, bringing together community members, maintainers, and contributors from across the globe.

New general member commitments from Arm, embraceable AI and Fujitsu along with new associate member commitments from Ruby Central and Trifecta Tech further strengthen the support for open source software security. With backing from these new organizations, the OpenSSF heads into the final quarter of 2024 with a robust member base dedicated to promoting a strong, vibrant, and secure open source software ecosystem.

“The addition of our newest members to the OpenSSF highlights the growing global commitment to strengthening open source software security,” said Arun Gupta, Vice President and General Manager, Developer Programs at Intel and OpenSSF Governing Board Chair. “By joining forces, we can address security challenges, foster innovative solutions, and build a safer digital future for everyone. With the support of these new members, we are further enabled to drive forward our shared mission.”

To celebrate its growing community, the OpenSSF is hosting SOSS Community Day Japan at Open Source Summit Japan 2024. SOSS Community Day Japan is an opportunity for community members from across the open source security ecosystem to come together and share ideas. With an agenda packed with sessions led by industry experts, the event will cover critical topics like education, innovation, tooling, vulnerabilities, and threats, showcasing the ongoing efforts of the OpenSSF community to enhance open source software security.

General Member Quotes

Arm

“At Arm, we recognize that collaboration is key to advancing the security of the global software ecosystem. By joining OpenSSF, we look forward to contributing to its mission of raising the bar on open source software security and underscoring our dedication to fostering standardization across the industry to give developers the confidence and tools they need to innovate.”

— Andrew Wafaa, Senior Director and Fellow, Software Communities, Arm

embraceable AI

“Security in the realm of AI is not just a feature; it’s the foundation of trust. As we empower enterprises with intelligent services, we prioritize safeguarding data and ensuring privacy, so our clients can innovate fearlessly.”  

— Dr.-Ing. Christian Gilcher, General Manager, embraceable AI 

Fujitsu

“Fujitsu is proud to have achieved conformance with OpenChain ISO/IEC 18974, demonstrating our commitment to open source compliance and excellence. Our next step is to join the OpenSSF. We take our dedication a step further to enhance the security and trustworthiness of the global software supply chain. Open source software is a key driver of innovation, and we look forward to collaborating with the OpenSSF community to ensure the resilience and transparency of the technologies shaping our future.”

— Teppei Asaba, Senior Director, Mission Critical System Business Unit, Fujitsu Limited

Associate Member Quotes

Ruby Central

“Joining OpenSSF aligns perfectly with Ruby Central’s commitment to advancing the security of open source ecosystems. By collaborating with OpenSSF and its community of forward-thinking organizations, we’re excited to bring our expertise from the Ruby ecosystem and work together on solutions that enhance the security and sustainability of open source software for all developers.”

— Marty Haught, Interim Open Source Lead, Ruby Central

Trifecta Tech

“We are excited to join the OpenSSF as an associate member as we continue to actively contribute to the security of the open source software we all rely on. Trifecta Tech Foundation is a non-profit working on safer software for the underlying infrastructure of the Internet and vital systems for water, energy, and communication. We develop and maintain open source software and contribute to open standards for these essential systems. Our projects include memory-safe alternatives to critical pieces of software like sudo, the Network Time Protocol, and zlib.”

— Erik Jonkers, Chair, Trifecta Tech Foundation

New Initiatives 

In addition to welcoming new members, OpenSSF is excited to announce several new initiatives aimed at bolstering open source software security.

Minder: contributed by Stacklok, is now a sandbox project within OpenSSF. Minder simplifies the integration and use of powerful security tools like OSV, OpenSSF Scorecard, and Sigstore, allowing developers and security teams to establish policies on code repositories and dependencies, reducing risk before and after code is merged.

bomctl: A format-agnostic Software Bill of Materials (SBOM) tooling project introduced in September 2024, aimed at enhancing SBOM generation and management across various formats.

Zarf: created by Defense Unicorns, launched in July 2024, Zarf is a free, open source tool enabling continuous software delivery on systems disconnected from the internet, facilitating secure software distribution in air-gapped environments.

These new initiatives demonstrate the OpenSSF’s continued dedication to fostering innovation and providing tools to enhance open source software security across diverse use cases.

Additional Resources

  • View the complete list of OpenSSF members.
  • To learn more about the OpenSSF community, including information about membership, contribution, project participation, and more, contact us.

###

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit openssf.org.

About the Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, Zephyr, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page. Linux is a registered trademark of Linus Torvalds.

Media Contact
Jennifer Tanner
Look Left Marketing
openssf@lookleftmarketing.com

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get Involved