OpenSSF

What’s in the SOSS? Podcast #50 – S3E2 Demystifying the CFP Process with KubeCon North America Keynote Speakers

Podcast call for proposals CFP community speaking conference CFP tips conference speaking developer advocacy first time speakers imposter syndrome keynote speakers kubecon Open Source Community open source conferences open source leadership Open Source Summit OpenSSF public speaking technical talks

OpenSSF Newsletter – January 2026

Newsletter OpenSSF OpenSSF Community Day OSPS Baseline OSSSecurity Podcast Working Group and Project Spotlight Series

OpenSSF at FOSDEM 2026: From Policy to Practical Security

FOSDEM is one of Europe’s most important gatherings for open source communities, and OpenSSF will participate again in 2026. The event brings together developers, maintainers, researchers, and industry contributors for two days of technical talks, hallway discussions, and collaboration.

Blog Community CRA Europe FOSDEM LF Europe OpenSSF OSSSecurity

What’s in the SOSS? Podcast #49 – S3E1 Why Marketing Matters in Open Source: Introducing Co-Host Sally Cooper

Podcast Open Source Community open source marketing OpenSSF personal branding personas

Signal in the Noise: An Industry-Wide Perspective on the State of VEX

Abstract: Software security has always been a race between complexity and clarity. The Vulnerability Exploitability eXchange (VEX) aims to bring clarity to that race.

Blog Guest Blog Open Source Security OpenSSF OpenSSF Community OSSSecurity VEX

Your Guide to the OpenSSF OSPS Baseline for More Secure Open Source Projects

The Open Source Project Security (OSPS) Baseline is a community-developed catalog of practical security controls that helps open source projects understand what good security looks like and how to improve over time.

Blog developer best practices Open Source Security OpenSSF OSPS Baseline Software Supply Chain Security

Catching Malicious Package Releases Using a Transparency Log

Trail of Bits, with funding from OpenSSF, is improving Sigstore’s rekor-monitor to help maintainers detect malicious package releases, monitor signing identities, and strengthen software supply chain security using transparency logs.

Blog Guest Blog attestations ecosystem security identity signing Open Source Security OpenSSF package security rekor sigstore Software Supply Chain Security Trail of Bits transparency logs TUF

What’s in the SOSS? Podcast #47 – S2E24 Teaching the Next Generation: Software Supply Chain Security in Academia with Justin Cappos

NYU professor Justin Cappos joins the OpenSSF podcast to discuss why software supply chain security is missing from most university curricula -- and how hands-on, open source-first education can change that.

Podcast academia code signing higher education Linux Foundation Open Source Community Open Source Security OpenSSF Podcast SBOM Secure Software Development security education Software Supply Chain Security What’s in the SOSS

OpenSSF 2025 Annual Report Is Live: A Year of Global Growth, Security Wins, and Community Momentum

As the year comes to a close, we’re excited to share the OpenSSF’s 2025 Annual Report, a look at the milestones, momentum, and community-driven achievements that made this year remarkable. We invite you to celebrate the progress, creativity, and collaboration that continue to shape a safer and more resilient open source community!

Blog 2025 AI security Annual Report Community community events New members Open Source Security OpenSSF Working Group and Project Spotlight Series

What’s in the SOSS? Podcast #46 – S2E23 Securing the Future: AI, Open Source, and Collaboration with Jay White (Microsoft)

Jay White from Microsoft joins What’s in the SOSS to talk about his journey into open source, AI and ML security, model signing, and the importance of community collaboration. Hear how standardization, transparency, and community involvement can strengthen AI supply chain security.

Podcast AI ML Working Group AI security CoSAI Jay White Machine Learning Model Signing Open Source Security OpenSSF Supply Chain Security