Skip to main content

đź“Ł Submit your proposal: OpenSSF Community Days: Europe, Korea | Open Source SecurityCon

search
Tag

OpenSource

Mar 25
Love0

OpenSSF Newsletter – March 2025

By Newsletter

Welcome to the March 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.

TL;DR

This month, the OpenSSF invites you to participate in global Community Days and explore new initiatives to strengthen open source security throughout 2025. Tune in to the latest podcast episode highlighting key insights from leaders at Intel and GitHub, learn about the recent Policy Summit in Washington, D.C., and enroll in the new, free cybersecurity course designed specifically for software development managers. Plus, stay informed about exciting project updates and upcoming community events!

Join us at OpenSSF Community Day Events in North America, India, Japan, and Europe!

OpenSSF Community Days bring together security and open source experts to drive innovation in software security.

âś… Secure your spot – Register today!

âś… Have insights to share? Submit to speak before CFP closes!

âś… Support the mission – Become a sponsor!

Join us in shaping a safer and more secure digital world. 

2025 OpenSSF Content Themes: Strengthening Open Source Security Throughout the Year

Content_theme

Cybersecurity is an ongoing challenge, and OpenSSF is leading efforts to strengthen open source security in 2025. This blog outlines the key content themes for the year, from strengthening OSS ecosystems to enhancing security tools and addressing vulnerabilities. Each month, OpenSSF will explore these critical topics through events, expert discussions, and blog contributions. Stay updated on these discussions and learn how you can contribute to OpenSSF’s mission.

What’s in the SOSS? An OpenSSF Podcast is back for Season 2!

In Season 2’s first episode, CRob chats with Arun Gupta (Intel, OpenSSF Governing Board Chair) and Zach Steindler (GitHub, OpenSSF TAC Chair) about lessons learned in open source security from 2024 and what’s ahead for 2025.

  • How the Mission, Vision, Values, Strategy, and Roadmap (MVVSR) framework is shaping OpenSSF’s focus
  • The biggest security challenges faced in 2024, from supply chain attacks to SBOM adoption
  • Exciting initiatives for 2025—including making security more accessible to open source maintainers

Join the conversation and get insights into the future of open source security. Listen now and stay tuned as we announce our new co-host!

OpenSSF Hosts 2025 Policy Summit in Washington, D.C. to Tackle Open Source Security Challenges

The OpenSSF successfully hosted the 2025 Policy Summit in Washington, D.C., bringing together industry leaders and security experts to address open source security challenges. The event featured keynotes, panel discussions, and breakout sessions focused on AI security, software supply chain governance, and policy recommendations for secure OSS consumption. 

“The OpenSSF is committed to tackling the most pressing security challenges facing the consumption of open source software in critical infrastructure and beyond ” said Steve Fernandez, General Manager, OpenSSF. 

Discussions highlighted the importance of industry-led security initiatives, collaboration with policymakers, and the need for standardized security frameworks. Following the summit, OpenSSF will refine security guidance and best practices to enhance open source software security globally. Learn more about the event, key takeaways, OpenSSF’s Vision, and how to get involved in shaping open source security policy. 

NEW FREE COURSE: Security for Software Development Managers (LFD125)

Security for Software Development Managers course

The OpenSSF and Linux Foundation Education have launched a new, free cybersecurity e-Learning course, Security for Software Development Managers (LFD125). Designed for those who manage or aspire to manage developer teams, this course covers critical security concepts needed to build resilient applications. Participants will learn how to identify vulnerabilities, implement proactive security measures, and guide their teams in creating secure software. Security for Software Development Managers (LFD125) is a self-paced, 2-hour course that includes access to a discussion forum for engagement with experts and peers. Upon successful completion, participants receive a digital badge and certificate. 

Enroll today and strengthen your leadership skills in software security!

News from OpenSSF Community Meetings and Projects

In the News

Meet OpenSSF at These Upcoming Events!

You’re invited to…

See You Next Month! 

We want to get you the information you most want to see in your inbox. Have ideas or suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org, and see you next month! 

Regards,

The OpenSSF Team

Jan 29
Love0

Alpha-Omega 2024 Annual Report

By Alpha-Omega, Blog

This post originally appeared on Alpha-Omega and has been revised for the OpenSSF.

By Alpha-Omega

We’re pleased to share our 2024 annual report. In it we try to convey the great progress in securing open source and our joy in seeing the increased security across so many open source ecosystems.

Open source software isn’t just another piece of technology—it’s the digital bedrock that supports everything from major government operations to the smartphone apps we use every day. Its strength lies in the global network of passionate, too-often-unpaid volunteers who pour their time and expertise into writing and maintaining open source projects. Yet, as we rely on these individuals to secure vital infrastructure, we must acknowledge the immense responsibility they carry and ensure we’re not merely shifting more unpaid work onto their shoulders. By investing in resources, offering support, and creating pathways for sustainable contribution, we can protect and strengthen open source software without placing undue burdens on the very people who make it possible.

To everyone who created, maintained, or contributed to an open source project in 2024, thank you.

In 2024, Alpha-Omega issued nearly $6 million in grants to improve security in key open source projects. Notably we:

  • Helped staff security teams at 10 of the most important open source organizations, such as the Python Software Foundation, OpenJS, and RubyGems.
  • Provided grants to harden critical infrastructure, such as the Linux kernel, and Homebrew.
  • Paid for security audits of foundational technologies.
  • Experimented with scaled approaches to finding and fixing vulnerabilities and supported Rust implementations of TLS and the AV1 codec.
  • Hosted four roundtable discussions with grant recipients to cross-pollinate expertise and to shape strategies for 2025.

Alpha-Omega is funded by generous and significant donations from Amazon Web Services (AWS), Google, and Microsoft. These grants made it possible to address longstanding security challenges, improve processes, and harden infrastructure within many of the world’s most important open source projects and ecosystems. More importantly, we’ve been able to establish a sustainable culture of security within the communities we work with.

The combination of Alpha-Omega’s grants and the energy, leadership, and commitment of the recipients is a formula that worked and we will continue applying it in 2025.

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get Involved
Close Menu