Register for the free course: Secure AI/ML-Driven Software Development (LFEL1012)

search
Tag

OpenSSF

Jul 23
Love0

Case Study: Google Secures Machine Learning Models with sigstore

By Blog, Case Studies

As machine learning (ML) evolves at lightning speed, so do the threats. The rise of large models like LLMs has accelerated innovation—but also introduced serious vulnerabilities. Data poisoning, model tampering, and unverifiable origins are not theoretical—they’re real risks that impact the entire ML supply chain.

Model hubs, platforms for data scientists to share models and datasets, recognized the challenge: How could they ensure the models hosted on their platform were authentic and safe?

That’s where Google’s Open Source Security Team (GOSST), sigstore, and the Open Source Security Foundation (OpenSSF) stepped in. Together, we created the OpenSSF Model Signing (OMS) specification, an industry standard for signing AI models. We then integrated OMS into major model hubs such as NVIDIA’s NGC and Google’s Kaggle.

The Solution: Seamless Model Signing Built into Model Hubs

We partnered with Kaggle to experiment with how to make the model signing easier without disrupting publishing UX.

“The simplest solution to securing models is: sign the model when you train it and verify it every time you use it.”
 — Mihai Maruseac, Staff Software Engineer, Google

Key features of the prototyped implementation:

  • Model authors could use the same model hub upload tools and processes to upload their models, but, behind the scenes, these models would be automatically signed during the upload process.
  • Each model is signed using the uploader’s identity on the model hub, via OpenID Connect (OIDC). Model hubs should become OIDC providers to ensure that they can sign the model during upload.
  • Model hubs use sigstore to obtain a short-lived certificate, sign the model, and store the signature alongside the model.
  • Verification is automatic and transparent—the model hub verifies the signature and displays its status. A “signed” status confirms the model’s authenticity.
  • Users can independently verify signatures by using a notebook hosted on the model hub, or downloading the model and the signature and verifying using the `model_signing` CLI.
  • Model repositories implement access controls (ACLs) to ensure that only authorized users can sign on behalf of specific organizations.
  • All signing events are logged in the sigstore transparency log, providing a complete audit trail.
  • Future plans include GUAC integration for generating AI-BOMs and inspecting ML supply chains for incident response and transparency.

The process dramatically improves trust and provenance while remaining invisible to most users.

The Result: A Blueprint for Securing AI Models

With sigstore integrated, the experiment with Kaggle proved that model hubs can offer a verified ML ecosystem. Users know that what they download hasn’t been tampered with or misattributed. Each model is cryptographically signed and tied to the author’s identity—no more guessing whether a model came from “Meta” or a spoofed account.

“If we reach a state where all claims about ML systems and metadata are tamperproof, tied to identity, and verifiable by the tools ML developers already use—we can inspect the ML supply chain immediately in case of incidents.”
 — Mihai Maruseac, Staff Software Engineer, Google

This solution serves as a model for the broader ecosystem. Platforms hosting datasets and models can adopt similar practices using open tools like sigstore, backed by community-driven standards through OpenSSF.

Get Involved & Learn More

Join the OpenSSF Community
Be part of the movement to secure open source software, including AI/ML systems. → Join the AI/ML Security WG

Explore sigstore
See how sigstore enables secure, transparent signing for software and models. → Visit sigstore

Learn About Google’s Open Source Security Efforts
Discover how Google is advancing supply chain security in open source and machine learning. → Google Open Source Security Team

Learn More about Kaggle
Explore how Kaggle is evolving into a secure hub for trustworthy ML models. → Visit Kaggle

Watch the Talk
Title: Taming the Wild West of ML: Practical Model Signing With sigstore on Kaggle
Speaker: Mihai Maruseac, Google
Event: OpenSSF Community Day North America – June 26, 2025
Watch the talk → YouTube

Jul 15
Love0

What’s in the SOSS? Podcast #35 – S2E12 Building India’s Open Source Security Community: From Developer Nation to Security Champions

By Podcast

Summary

Join CRob as he sits down with Ram Iyengar, OpenSSF’s India community representative, to explore the unique challenges and opportunities of promoting open source security in one of the world’s largest developer communities. Ram shares his journey from computer science professor to developer evangelist, discusses the launch of LF India, and reveals why getting developers excited about security tools remains one of his biggest challenges. From spicy food preferences to Star Trek vs. Star Wars debates, this episode offers both insights into global open source security efforts and a glimpse into the passionate community builders making it happen.

Conversation Highlights

  • Meet Ram Iyengar
  • Origin Story – From Professor to Evangelist
  • The Power of Developer Education
  • LF India Launch & Community Building
  • Getting Involved & Video Series
  • Rapid Fire
  • The Security Challenge in India
  • Call to Action & Wrap-up

Transcript

CRob (00:21)
Welcome, welcome, welcome to What’s in the SOSS, the OpenSSF’s podcast where I talk to amazing people that are doing incredibly interesting things with upstream open source security. Today, we have a real friend of the show, one of my teammates, Ram, who helps represent our India community. And I would like to hear Ram, could you maybe give us a little bit of an introduction to yourself for those members that may not know who you are and what you’re doing for us?

Ram Iyengar (00:50)
Thanks for having me on the show, Krobe. It’s such a pleasure to be a guest on a podcast that I’ve been very regular in listening to on several of the platforms.

CRob (01:02)
Yay!

Ram Iyengar (01:03)
So I’ve been working with the OpenSSF for a little over a year now. It’s been a wild ride in terms of learning a lot of things. And it’s been…Honestly fun to represent security in a part of the world that I imagine doesn’t take security very seriously. But I also realized that’s true of many parts of the world.

CRob (01:30)
You’re not alone.

Ram Iyengar (01:33)
Yeah. In a geography that’s known for application development and a lot of software getting written, getting built and an increasing number of open source contributions these days. It’s fun to hold the security placard and remind people about, hey, security is important. Hey, don’t forget about security. Hey, open source folks, you still need to secure your goods. So that’s really what I do. So evangelizing OpenSSF and a lot of the… open source security stuff in the India geo.

CRob (02:12)
Excellent. Well, let’s hear a little bit about your backstory. What is your open source origin story Ram?

Ram Iyengar (02:20)
So I was one of those people fortunate enough to work on open source since the start. And when I say start, my first real job was working on some open source content management systems at work. Android caught on big around the time I finished school. And then in terms of roles, I was born in India in the early 90s. So I guess I was born to be a developer, and write software, but also I went to school trained to be an engineer, but I always wanted to be an educator. So after my first few years of being a software developer, I switched roles to be a computer science teacher full time where I went to school in India. So I went to school in Boston.

Got a master’s in telecommunication, did a lot of Android related stuff. And then went back to India, started as a professor of computer science. But then what I realized was, I love being a teacher and an educator, but I also love the salary in the software industry.

CRob (03:40)
Right?

Ram Iyengar (03:41)
And so, and so, eventually I found my path into technology, evangelism and developer relations. And I found that, you know, software and tools and all of these don’t necessarily suffer from a lack of features as much as they do from a lack of education. And so to me, it was, you know, writing guides and doing trainings and giving talks and writing documentation and contributing a lot of the non-technical stuff, both for products that I work with and open source projects that I love. So, one thing led to another and now it’s been like five years of working with the Linux Foundation full time. And, you know, a good chunk of that with the OpenSSF.

CRob (04:33)
That’s awesome. Yeah, thank you for doing all that. I really agree about the importance of education. That is something that is crucial if we’re going to help solve our mission together, right?

Ram Iyengar (04:45)
Absolutely. I remember one of my earliest OpenSSF community day events and you were on stage talking about the diagrammers and the education working group and all of that and yeah, that’s played a huge part in stuff that I’ve been doing. So thank you too.

CRob (05:06)
Oh, pff. Proud to contribute to helping out. So I’d like you to tell me more about LF India and your work with engaging the community there. What’s it like collaborating with other folks in India?

Ram Iyengar (05:22)
So LF India was announced in December of 2024. We’ve been rolling out the first steps of, know, rather the first invisible and boring steps of any entity, is setting things up and getting some of those initial partnerships and conversations going. But all of that apart, I think thanks in big part to the great work that the LF has been doing all around.

It’s kind of marketed itself, to be honest. We have a whole raft of contributors who participate in a lot of LF initiatives already that are global, obviously. But we’re starting to realize certain flavors of sovereignties coming in, ideas that are specific to the region have to be focused on.

Ram Iyengar (06:19)
So LF India is sort of playing this role of replicating a lot of the good work that’s happening in other parts of the world, specifically for the India Geo. And in the past few months, we’ve had some good conversations from people about what’s potential in terms of projects that can come on, terms of initiatives that we can support, in terms of conversations that we can have in the public sector, in academia, and obviously in the big…organizations and private sector that we’re most used to. So there’s a lot of interest in participating in LF India forums now. And part of it is online events and things like that. And a big part of it is also offline events.

Big thanks to the CNCF and Kubernetes in stewarding a lot of these conversations.

It goes without saying that they’re probably one of the more active open source communities right now. And piggybacking on that success, think LF India is happy to announce the open source summit event that’s sort of its flagship that happens in different parts of the world. And it’s going to be sandwiched between the KubeCon in India and the OpenSSF Community Day in India as well which I’m really excited about.

CRob (07:44)
You’re gonna have a really busy time, huh?

Ram Iyengar (07:47)
Yeah. I mean, it’s all happening. The conversations are there, the partnerships are coming forth, the events are happening. And so I think it’s the whole package. it makes me extremely both proud and privileged to be part of the opening cohort that’s helping herald some of these new changes in this part of the world.

CRob (08:10)
That’s awesome. I know most Linux Foundation entities kind of operate similarly, where we’ll have a webpage and a GitHub repository and then some mailing lists and whatnot. So if someone was curious about whether they wanted to get engaged with either LF India or your direct work with the OpenSSF, how best can someone kind of find out more about you and like what’s going on with that part of the world?

Ram Iyengar (08:38)
So the goal at the moment is to drive more awareness of LF itself. So I guess, you know, just do the individual project website. So CNCF has its website and the Slack and all of these. The OpenSSF has the openssf.org website, the OpenSSF Slack. So get on all of these. I’m accessible through LinkedIn and other things if you wanted to reach out directly. And right now the focus is to get more people to become aware of the LF projects directly. And obviously there’s going to be like an LF India web page and things like that. Like I said, it’s one of those boring pieces that we’re still getting together.

CRob (09:23)
Now I remember that you were doing a series of videos. Could you maybe talk a little bit about that?

Ram Iyengar (09:30)
Mm-hmm, Yeah. Every once in a while, mostly at the frequency of like twice a month, or every fortnightly, I try and identify somebody who’s working in the security space and is based out of India. So they can give us like a picture of what it’s like to be doing security in this geography. You know, I’ve had the good fortune of meeting so many wonderful guests. And we do like a 45 minute session where they do like part of it is something of topical interest, like they’ll pick up an area that either they’re very happy to speak about or they feel that the community needs to be educated and energized about. And then a big chunk of it is also just an open conversation about here’s what I have encountered and help me validate these ideas or help me inform people about how important security is, and especially when they’re working with open source and things like that. So I’ve had like 15, 20 guests up to now and they’re all recorded and available on YouTube. I usually stream them live and then thanks to technology, they’re available for consumption as a long tail for people. And these are on the OpenSSF YouTube channel. So those who are interested in catching any of these episodes in retrospect, you’re welcome to visit the OpenSSF YouTube channel. And there’s also always something that’s going to be up and coming. So if you subscribe to the channel, you can stay updated about what’s coming.

CRob (11:16)
Excellent. Yeah, I’ve really enjoyed some of your interviews over the last year or so. Top notch stuff. Thank you for doing that.

Ram Iyengar (11:23)
Sure. I mean, some of them are, you know, deeply technical, like runtime security, for example, and some of them have been more about how to build a security culture within an organization and what are the missing pieces in security that entry level developers should know and things like that, you know, so stuff that, you know, I feel will strike a good balance. And it’s been wonderful just discovering all this talent that’s always been around and I’ve never looked for security people before, but it’s amazing to see what comes up.

CRob (12:00)
That’s amazing. Now, I love the security community and especially the open source security community. Great folks. I love the fact that everyone’s so willing to kind of share whether they’re educating or kind of bringing a topic that they want to have a conversation about. I love that.

CRob (12:15)
Let’s move on to the rapid fire part of the show. you ready for rapid rapid rapid fire?

Ram Iyengar (12:22)
Ooh, I am.

CRob (12:23)
I have a bunch of silly questions. I just want to hear your first response off the top of your head. We’ll start off easy, mild or spicy food, sir.

Ram Iyengar (12:34)
Spicy.

CRob (12:37)
Oooh that’s spicy. I love spicy food too, although I’m not sure I could hang with you. I do my best.

Ram Iyengar (12:45)
Yeah, sure. I think spicy means something completely different in this part of the world.

CRob (12:51)
Like a different stratosphere. I have mad respect. Uh, VI or Emacs.

Ram Iyengar (12:57)
Oh, I’m a VI person, always happy.

CRob (13:03)
Excellent, excellent. Who’s your favorite open source mascot?

Ram Iyengar (13:06)
I like the Tecton mascot a lot. Closely, but obviously like the tux is a classic, for the recent ones, Tecton has been my favorite. Although, you know, honk, I think deserves a special mention.

CRob (13:24)
We all love honk. Excellent. What’s your favorite vegetable?

Ram Iyengar (13:32)
I love the versatility of an eggplant. Can do a lot with it. Yeah. Yeah.

CRob (13:38)
Yum. I love eggplant parmesan. That’s a delicious choice. And finally, and most importantly, Star Trek or Star Wars?

Ram Iyengar (13:47)
Star Trek Crob.

CRob (13:50)
Hahahaha, There are no wrong answers, but yes, that’s an excellent one.

Ram Iyengar (13:54)
Yeah sure. But also like fun fact, I don’t know if this might get me in trouble, I have never watched any one of the Star Wars movies.

CRob (14:00)
WHAT?!

Ram Iyengar (14:01)
Yes. Yeah. This might alienate a lot of people or help me make new friends but yeah.

CRob (14:11)
[Sad Trombone] Well, I would encourage you to go watch there are many options in the Star Wars universe, but Star Trek is pretty awesome.

Ram Iyengar (14:19)
It is

CRob (14:21)
Well, thank you for sharing a little bit of insight about yourself as we wind down Do you have a call to action or something? You want to you know, ask our audience to maybe look into or do?

Ram Iyengar (14:32)
It’s hard in the region that is India to get people to focus on security, let alone like, especially when they’re working on open source stuff. Even if you look at a lot of the recent AI trends, for example, there’s a bunch of people who are focused on AI agents and MCP and whatever new technology is going to come in a couple of days from now, you’ll find like 15 examples of people developing something, but you don’t see the same kind of enthusiasm around applying security tools. Even for like the container ecosystem, everybody was in on like cloud native. And then when you talk about, did you scan that container as you as you run a build, people are like,

“Why would I even think of doing that?” So it’s a hard problem. And when you have what some of by some of these estimates is going to be the largest developer population in the world or some crazy stuff like that, you really need to help them focus on security and educate them about secure apps are also good quality apps.

There was a lot of cloud-native development and blockchain development and AI development and all of these, but not enough emphasis on the security side of stuff. At the same time, that’s what the OpenSSF is here to help you about. Get a leg up on security stuff. Take a look at the projects and the working groups. It might really be worth your time. And so, let’s come together, help build an informed and educated security community around the wonderful app development community that we already have. so, you know, engage with the OpenSSF, engage with the Linux Foundation, whether it’s through events or meetups or, you know, just read through some of what the working groups are putting out and participate on Slack and throw in a comment or two on social media and just tiny things if you can. It goes a long way in helping open source move forward and build momentum. So if you can do any of those, I’d really be happy.

CRob (17:01)
some great advice and no matter where you live, there’s a ton of great content and please share with your communities. So, Ram, thank you for taking time today. I know you’re gonna be busy with that whole series of events, especially the Open Source Community Day in India, which will be pretty fun. Our second one, correct?

Ram Iyengar (17:23)
That’s right. So first one was in 2024, second one in 2025. I love how there’s a balance of a Linux security talk, security culture talk, some AI security stuff, some container security stuff. And I’m really grateful to the community to have come forward and submitted all these wonderful talks.

CRob (17:48)
Well, thank you for helping lead the community and helping educate them. And thank you for everything you do for us here at the OpenSSF.

Ram Iyengar (17:56)
My absolute pleasure, CRob. Thank you so much for all of that and having me on the show.

CRob (18:01)
You’re very welcome. And to all of our listeners, that’s a wrap. Happy open sourcing.

Jun 27
Love0

On-Demand Webinar: Cybersecurity Skills, Simplified

By Blog

A Framework That Works

Cybersecurity isn’t just the responsibility of a dedicated team anymore. Whether you’re an engineer, a product owner, or part of the executive suite, your day-to-day decisions have a direct impact on your organization’s security. That was the clear message from the expert panel featured in our webinar, Cybersecurity Skills: A Framework That Works — now available to watch on demand.

Leaders from IBM, Intel, Linux Foundation Education and the Open Source Security Foundation (OpenSSF) share real-world insights on how their organizations are tackling one of today’s biggest challenges: upskilling the entire workforce in security. The panelists discussed the new Cybersecurity Skills Framework, an open, flexible tool designed to help teams identify the right skills for the right roles — and actually get started improving them. It’s practical, customizable, and already helping global organizations raise their security posture.

In the webinar, you’ll hear how to:

  • Map skill requirements across teams using security OKRs
  • Operationalize training at scale with integrated learning plans
  • Lead the charge to implement open, accessible pathways for cybersecurity education

The conversation is packed with actionable advice, whether you’re building a security training program or just want to understand where you or your team stands.

🎥Access the Cybersecurity Skills, Simplified Webinar

BONUS: Receive a 30% Discount for any Security-Related Course, Certification or Bundle Just for Watching

Need to Close the Skills Gap Across Your Team or Enterprise?

Get in Touch Today!

Jun 26
Love0

OpenSSF Welcomes New Members and Presents Golden Egg Award

By Blog, Press Release

Foundation furthers mission to enhance the security of open source software 

DENVER – OpenSSF Community Day North America – June 26, 2025 – The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), welcomes six new members from leading technology and security companies. New general members include balena, Buildkite, Canonical, Trace Machina, and Triam Security and associate members include Erlang Ecosystem Foundation (EEF). The Foundation also presents the Golden Egg Award during OpenSSF Community Day NA 2025.

“We are thrilled to welcome six new member companies and honor existing contributors during our annual North America Community Day event this week,” said Steve Fernandez, General Manager at OpenSSF. “As companies expand their global footprint and depend more and more on interconnected technologies, it is vital we work together to advance open source security at every layer – from code to systems to people. With the support of our new members, we can share best practices, push for standards and ensure security is front and center in all development.”

Golden Egg Award Recipients

The OpenSSF continues to shine a light on those who go above and beyond in our community with the Golden Egg Awards. The Golden Egg symbolizes gratitude for awardees’ selfless dedication to securing open source projects through community engagement, engineering, innovation, and thoughtful leadership. This year, we celebrate:

  • Ian Dunbar-Hall (Lockheed Martin) – for contributions to the bomctl and SBOMit projects
  • Hayden Blauzvern (Google) – for leadership in the Sigstore project
  • Marcela Melara (Intel) – for contributions to SLSA and leadership in the BEAR Working Group 
  • Yesenia Yser (Microsoft) – for work as a podcast co-host and leadership in the BEAR Working Group 
  • Zach Steindler (GitHub) – for leadership on the Technical Advisory Committee (TAC) and in the Securing Software Repositories Working Group
  • Munehiro “Muuhh” Ikeda – for work as an LF Japan Evangelist and helping to put together OpenSSF Community Day Japan
  • Adolfo “Puerco” Garcia Veytia – for support on Protobom, OpenVEX and Baseline projects

Their efforts have made a lasting impact on the open source security ecosystem, and we are deeply grateful for their continued contributions.

Project Updates

OpenSSF is supported by more than 3,156 technical contributors across OpenSSF projects – providing a vendor-neutral partner to affiliated open source foundations and projects. Recent project updates include:

  • Gittuf, a platform-agnostic Git security system, has advanced to an incubating project under OpenSSF. This milestone marks the maturity and adoption of the project.
  • OpenBao, a software solution to manage, store, and distribute sensitive data including secrets, certificates, and key, joined OpenSSF as a sandbox project
  • Open Source Project Security Baseline (OSPS Baseline), which provides a structured set of security requirements aligned with international cybersecurity frameworks, standards, and regulations, aiming to bolster the security posture of open source software projects, was released.
  • Model Signing released version 1.0 to secure the machine learning supply chain.
  • GUAC released version 1.0 to bring stability to the core functionality.
  • SLSA released version 1.1 RC2 to enhance the clarity and usability of the original specification.

Events and Gatherings

New and existing OpenSSF members are gathering this week in Denver at the annual OpenSSF Community Day NA 2025. Join the community at upcoming 2025 OpenSSF-hosted events, including OpenSSF Community Day India, OpenSSF Community Day Europe, OpenSSF Community Day Korea, and Open Source SecurityCon 2025.

Additional Resources

Supporting Quotes

“At balena, we understand that securing edge computing and IoT solutions is critical for all companies deploying connected devices. As developers focused on enabling reliable and secure operations with balenaCloud, we’re deeply committed to sharing our knowledge and expertise. We’re proud to join OpenSSF to contribute to open collaboration, believing that together we can build more mature security solutions that truly help companies protect their edge fleets and raise collective awareness across the open-source ecosystem.”

– Harald Fischer, Security Aspect Lead, balena

“Joining OpenSSF is a natural extension of Buildkite’s mission to empower teams with secure, scalable, and resilient software delivery. With Buildkite Package Registries, our customers get SLSA-compliant software provenance built in. There’s no complex setup or extra tooling required. We’ve done the heavy lifting so teams can securely publish trusted artifacts from Buildkite Pipelines with minimal effort. We’re excited to collaborate with the OpenSSF community to raise the bar for open source software supply chain security.”

– Ken Thompson, Vice President of Product Management, Buildkite

“Protecting the security of the open source ecosystem is not an easy feat, nor one that can be tackled by any single industry player. OpenSSF leads projects that are shaping this vast landscape. Canonical is proud to join OpenSSF on its mission to spearhead open source security across the entire market. For over 20 years we have delivered security-focused products and services across a broad spectrum of open source technologies. In today’s world, software security, reliability, and provenance is more important than ever. Together we will write the next chapter for open source security frameworks, processes and tools for the benefit of all users.”

– Luci Stanescu, Security Engineering Manager, Canonical

“Starting in 2024, the EEF’s Security WG focused community resources on improving our supply chain infrastructure and tooling to enable us to comply with present and upcoming cybersecurity laws and directives. This year we achieved OpenChain Certification (ISO/IEC 5230) for the core Erlang and Elixir libraries and tooling, and also became the default CVE Numbering Authority (CNA) for all open-source Erlang, Elixir and Gleam language packages. Joining the OpenSSF has been instrumental in connecting us to experts in the field and facilitating relationships with security practitioners in other open-source projects.” 

– Alistair Woodman, Board Chair, Erlang Ecosystem Foundation

“Trace Machina is a technology company, founded in September 2023, that builds infrastructure software for developers to go faster. Our current core product, NativeLink, is a build caching and remote execution platform that speeds up compute-heavy work. As a company we believe both in building our products open source whenever possible, and in supporting the open source ecosystem and community. We believe open source software is a crucial philosophy in technology, especially in the security space. We’re thrilled to join the OpenSSF as a member organization and to continue being active in this wonderful community.” 

– Tyrone Greenfield, Chief of Staff, Trace Machina

“Triam Security is proud to join the Open-Source Security Foundation to support its mission of strengthening the security posture of critical open source software. As container security vulnerabilities continue to pose significant risks to the software supply chain, our expertise in implementing SLSA Level 3/4 controls and building near-zero CVE solutions through CleanStart aligns perfectly with OpenSSF’s supply chain security initiatives. We look forward to collaborating with the community on advancing SLSA adoption, developing security best practices, improving vulnerability management processes, and promoting standards that enhance the security, transparency, and trust in the open-source ecosystem.”

– Biswajit De, CTO, Triam Security

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry organization at the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org

Media Contact
Natasha Woods
The Linux Foundation

PR@linuxfoundation.org 

Jun 25
Love0

OpenSSF Newsletter – June 2025

By Newsletter

Welcome to the June 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.

TL;DR:

Tech Talk: CRA-Ready: How to Prepare Your Open Source Project for EU Cybersecurity Regulations

The recent Tech Talk, “CRA-Ready: How to Prepare Your Open Source Project for EU Cybersecurity Regulations,” brought together open source leaders to explore the practical impact of the EU’s Cyber Resilience Act (CRA). With growing pressure on OSS developers, maintainers, and vendors to meet new security requirements, the session provided a clear, jargon-free overview of what CRA compliance involves. 

Speakers included CRob (OpenSSF), Adrienn Lawson (Linux Foundation), Dave Russo (Red Hat), and David A. Wheeler (OpenSSF), who shared real-world examples of how organizations are preparing for the regulation, even with limited resources. The discussion also highlighted the LFEL1001 CRA course, designed to help OSS contributors move from confusion to clarity with actionable guidance. 

Watch the session here.

Case Study: OSTIF Improves Security Posture of Critical Open Source Projects Through OpenSSF Membership

The Open Source Technology Improvement Fund (OSTIF) addresses a critical gap in open source security by conducting tailored audits for high-impact OSS projects often maintained by small, under-resourced teams. Through its active role in OpenSSF initiatives and strategic partnerships, OSTIF delivers structured, effective security engagements that strengthen project resilience. By leveraging tools like the OpenSSF Scorecard and prioritizing context-specific approaches, OSTIF enhances audit outcomes and fosters a collaborative security community. Read the full case study to explore how OSTIF is scaling impact, overcoming funding hurdles, and shaping the future of OSS security.

Blogs:

✨GUAC 1.0 is Now Available

Discover how GUAC 1.0 transforms the way you manage SBOMs and secure your software supply chain. This first stable release of the “Graph for Understanding Artifact Composition” platform moves beyond isolated bills of materials to aggregate and enrich data from file systems, registries, and repositories into a powerful graph database. Instantly tap into vulnerability insights, license checks, end-of-life notifications, OpenSSF Scorecard metrics, and more. Read the blog to learn more.

✨Maintainers’ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks

CI/CD pipelines are now prime targets for supply chain attacks. Just look at the recent breaches of reviewdog and tj-actions, where chained compromises and log-based exfiltration let attackers harvest secrets without raising alarms. In this Maintainers’ Guide, Ashish Kurmi breaks down exactly how those exploits happened and offers a defense-in-depth blueprint from pinning actions to full commit SHAs and enforcing MFA, to monitoring for tag tampering and isolating sensitive secrets that every open source project needs today. Read the full blog to learn practical steps for locking down your workflows before attackers do.

✨From Sandbox to Incubating: gittuf’s Next Step in Open Source Security

gittuf, a platform-agnostic Git security framework, has officially progressed to the Incubating Project stage under the OpenSSF marking a major milestone in its development, community growth, and mission to strengthen the open source software supply chain. By adding cryptographic access controls, tamper-evident logging, and enforceable policies directly into Git repositories without requiring developers to abandon familiar workflows, gittuf secures version control at its core. Read the full post to see how this incubation will accelerate gittuf’s impact and how you can get involved.

✨Choosing an SBOM Generation Tool

With so many tools to build SBOMs, single-language tools like npm-sbom and CycloneDX’s language-specific generators or multi‐language options such as cdxgen, syft, and Tern, how do you know which one to pick? Nathan Naveen helps you decide by comparing each tool’s dependency analysis, ecosystem support, and CI/CD integration, and reminds us that “imperfect SBOMs are better than no SBOMs.” Read the blog to learn more.

✨OSS and the CRA: Am I a Manufacturer or a Steward?

The EU Cyber Resilience Act (CRA) introduces critical distinctions for those involved in open source software particularly between manufacturers and a newly defined role: open source software stewards. In this blog, Mike Bursell of OpenSSF breaks down what these terms mean, why most open source contributors won’t fall under either category, and how the CRA acknowledges the unique structure of open source ecosystems. If you’re wondering whether the CRA applies to your project or your role this post offers clear insights and guidance. Read the full blog to understand your position in the new regulatory landscape.

What’s in the SOSS? An OpenSSF Podcast:

#33 – S2E10 “Bridging DevOps and Security: Tracy Ragan on the Future of Open Source”: In this episode of What’s in the SOSS, host CRob sits down with longtime open source leader and DevOps champion Tracy Ragan to trace her journey from the Eclipse Foundation to her work with Ortelius, the Continuous Delivery Foundation, and the OpenSSF. CRob and Tracy dig into the importance of configuration management, DevSecOps, and projects like the OpenSSF Scorecard and Ortelius in making software supply chains more transparent and secure, plus strategies to bridge the education gap between security professionals and DevOps engineers.

 

#32 – S2E09 “Yoda, Inclusive Strategies, and the Jedi Council: A Conversation with Dr. Eden-Reneé Hayes”: In this episode of What’s in the SOSS, host Yesenia Yser sits down with DEI strategist, social psychologist, and Star Wars superfan Dr. Eden-Reneé Hayes to discuss the myths around DEIA and why unlearning old beliefs is key to progress. Plus, stay for the rapid-fire questions and discover if Dr. Hayes is more Marvel or DC.

Education:

The Open Source Security Foundation (OpenSSF), together with Linux Foundation Education, provides a selection of free e-learning courses to help the open source community build stronger software security expertise. Learners can earn digital badges by completing offerings such as:

These are just a few of the many courses available for developers, managers, and decision-makers aiming to integrate security throughout the software development lifecycle.

News from OpenSSF Community Meetings and Projects:

In the News:

  • ITOpsTimes – “Linux Foundation and OpenSSF launch Cybersecurity Skills Framework”
  • HelpNetSecurity – “Cybersecurity Skills Framework connects the dots between IT job roles and the practical skills needed”
  • SiliconAngle“Linux Foundation debuts Cybersecurity Skills Framework to address enterprise talent gaps”
  • Security Boulevard – Linux Foundation Shares Framework for Building Effective Cybersecurity Teams
  • IT Daily – “Linux Foundation Launches Global Cybersecurity Skills Framework”
  • SC World – “New Cybersecurity Skills Framework seeks to bolster enterprise talent readiness”

Meet OpenSSF at These Upcoming Events!

Join us at OpenSSF Community Day Events in North America, India, Japan, Korea and Europe!

OpenSSF Community Days bring together security and open source experts to drive innovation in software security.

Connect with the OpenSSF Community at these key events:

Ways to Participate:

There are a number of ways for individuals and organizations to participate in OpenSSF. Learn more here.

You’re invited to…

See You Next Month! 

We want to get you the information you most want to see in your inbox. Missed our previous newsletters? Read here!

Have ideas or suggestions for next month’s newsletter about the OpenSSF? Let us know at marketing@openssf.org, and see you next month! 

Regards,

The OpenSSF Team

Jun 25
Love0

An Introduction to the OpenSSF Model Signing (OMS) Specification: Model Signing for Secure and Trusted AI Supply Chains

By Blog, Guest Blog

By Mihai Maruseac (Google), Eoin Wickens (HiddenLayer), Daniel Major (NVIDIA), Martin Sablotny (NVIDIA)

As AI adoption continues to accelerate, so does the need to secure the AI supply chain. Organizations want to be able to verify that the models they build, deploy, or consume are authentic, untampered, and compliant with internal policies and external regulations. From tampered models to poisoned datasets, the risks facing production AI systems are growing — and the industry is responding.

In collaboration with industry partners, the Open Source Security Foundation (OpenSSF)’s AI/ML Working Group recently delivered a model signing solution. Today, we are formalizing the signature format as OpenSSF Model Signing (OMS): a flexible and implementation-agnostic standard for model signing, purpose-built for the unique requirements of AI workflows.

What is Model Signing

Model signing is a cryptographic process that creates a verifiable record of the origin and integrity of machine learning models.  Recipients can verify that a model was published by the expected source, and has not subsequently been tampered with.  

Signing AI artifacts is an essential step in building trust and accountability across the AI supply chain.  For projects that depend on open source foundational models, project teams can verify the models they are building upon are the ones they trust.  Organizations can trace the integrity of models — whether models are developed in-house, shared between teams, or deployed into production.  

Key stakeholders that benefit from model signing:

  • End users gain confidence that the models they are running are legitimate and unmodified.
  • Compliance and governance teams benefit from traceable metadata that supports audits and regulatory reporting.
  • Developers and MLOps teams are equipped to trace issues, improve incident response, and ensure reproducibility across experiments and deployments.

How does Model Signing Work

Model signing uses cryptographic keys to ensure the integrity and authenticity of an AI model. A signing program uses a private key to generate a digital signature for the model. This signature can then be verified by anyone using the corresponding public key. These keys can be generated a-priori, obtained from signing certificates, or generated transparently during the Sigstore signing flow.If verification succeeds, the model is confirmed as untampered and authentic; if it fails, the model may have been altered or is untrusted.

Figure 1:  Model Signing Diagram

How Does OMS Work

OMS Signature Format

OMS is designed to handle the complexity of modern AI systems, supporting any type of model format and models of any size. Instead of treating each file independently, OMS uses a detached OMS Signature Format that can represent multiple related artifacts—such as model weights, configuration files, tokenizers, and datasets—in a single, verifiable unit.

The OMS Signature Format includes: 

  • A list of all files in the bundle, each referenced by its cryptographic hash (e.g., SHA256)
  • An optional annotations section for custom, domain-specific fields (future support coming)
  • A digital signature that covers the entire manifest, ensuring tamper-evidence

The OMS Signature File follows the Sigstore Bundle Format, ensuring maximum compatibility with existing Sigstore (a graduated OpenSSF project) ecosystem tooling.  This detached format allows verification without modifying or repackaging the original content, making it easier to integrate into existing workflows and distribution systems.

OMS is PKI-agnostic, supporting a wide range of signing options, including:

  • Private or enterprise PKI systems
  • Self-signed certificates
  • Bare keys
  • Keyless signing with public or private Sigstore instances 

This flexibility enables organizations to adopt OMS without changing their existing key management or trust models.

Figure 1. OMS Signature Format

Signing and Verifying with OMS

As reference implementations to speed adoption, OMS offers both a command-line interface (CLI) for lightweight operational use and a Python library for deep integration into CI/CD pipelines, automated publishing flows, and model hubs. Other library integrations are planned.

Signing and Verifying with Sigstore

Shell
# install model-signing package
$ pip install model-signing

# signing the model with Sigstore
$ model_signing sign <MODEL_PATH>

# verification if the model is signed with Sigstore
$ model_signing verify \
  <MODEL_PATH> \
  --signature <OMS_SIG_FILE> \
  --identity "<IDENTITY>" \
  --identity_provider "<OIDC_PROVIDER>"

 

Signing and Verifying with PKI Certificates

Shell
# install model-signing package
$ pip install model-signing

# signing the model with a PKI certificate
$ model_signing sign  \
  --certificate_chain  \
  --private_key 

# verification if the model is signed with a PKI certificate
$ model_signing verify \
 <MODEL_PATH> \
  --signature <OMS_SIG_FILE> \
  --certificate_chain <ROOT_CERT>


 

Other examples, including signing using PKCS#11, can be found in the model-signing documentation.

This design enables better interoperability across tools and vendors, reduces manual steps in model validation, and helps establish a consistent trust foundation across the AI lifecycle.

Looking Ahead

The release of OMS marks a major step forward in securing the AI supply chain. By enabling organizations to verify the integrity, provenance, and trustworthiness of machine learning artifacts, OMS lays the foundation for safer, more transparent AI development and deployment.

Backed by broad industry collaboration and designed with real-world workflows in mind, OMS is ready for adoption today. Whether integrating model signing into CI/CD pipelines, enforcing provenance policies, or distributing models at scale, OMS provides the tools and flexibility to meet enterprise needs.

This is just the first step towards a future of secure AI supply chains. The OpenSSF AI/ML Working Group is engaging with the Coalition for Secure AI to incorporate other AI metadata into the OMS Signature Format, such as embedding rich metadata such as training data sources, model version, hardware used, and compliance attributes.  

To get started, explore the OMS specification, try the CLI and library, and join the OpenSSF AI/ML Working Group to help shape the future of trusted AI.

Special thanks to the contributors driving this effort forward, including Laurent Simon, Rich Harang, and the many others at Google, HiddenLayer, NVIDIA, Red Hat, Intel, Meta, IBM, Microsoft, and in the Sigstore, Coalition for Secure AI, and OpenSSF communities.

Mihai Maruseac is a member of the Google Open Source Security Team (GOSST), working on Supply Chain Security for ML. He is a co-lead on a Secure AI Framework (SAIF) workstream from Google. Under OpenSSF, Mihai chairs the AI/ML working group and the model signing project. Mihai is also a GUAC maintainer. Before joining GOSST, Mihai created the TensorFlow Security team and prior to Google, he worked on adding Differential Privacy to Machine Learning algorithms. Mihai has a PhD in Differential Privacy from UMass Boston.

Eoin Wickens, Director of Threat Intelligence at HiddenLayer, specializes in AI security, threat research, and malware reverse engineering. He has authored numerous articles on AI security, co-authored a book on cyber threat intelligence, and spoken at conferences such as SANS AI Cybersecurity Summit, BSides SF, LABSCON, and 44CON, and delivered the 2024 ACM SCORED opening keynote.

Daniel Major is a Distinguished Security Architect at NVIDIA, where he provides security leadership in areas such as code signing, device PKI, ML deployments and mobile operating systems. Previously, as Principal Security Architect at BlackBerry, he played a key role in leading the mobile phone division’s transition from BlackBerry 10 OS to Android. When not working, Daniel can be found planning his next travel adventure.

Martin Sablotny is a security architect for AI/ML at NVIDIA working on identifying existing gaps in AI security and researching solutions. He received his Ph.D. in computing science from the University of Glasgow in 2023. Before joining NVIDIA, he worked as a security researcher in the German military and conducted research in using AI for security at Google.

Jun 18
Love0

Member Spotlight: Datadog – Powering Open Source Security with Tools, Standards, and Community Leadership

By Blog

Datadog, a leading cloud-scale observability and security platform, joined the Open Source Security Foundation (OpenSSF) as a Premier Member in July, 2024. With both executive leadership and deep technical involvement, Datadog has rapidly become a force in advancing secure open source practices across the industry.

Key Contributions

GuardDog: Open Source Threat Detection

In early 2025, Datadog launched GuardDog, a Python-based open source tool that scans package ecosystems like npm, PyPI, and Go for signs of malicious behavior. GuardDog is backed by a publicly available threat dataset, giving developers and organizations real-time visibility into emerging supply chain risks.

This contribution directly supports OpenSSF’s mission to provide practical tools that harden open source ecosystems against common attack vectors—while promoting transparency and shared defense.

Datadog actively supports the open source security ecosystem through its engineering efforts, tooling contributions, and participation in the OpenSSF community:

  • SBOM Generation and Runtime Insights
    Datadog enhances the usability and value of Software Bills of Materials (SBOMs) through tools and educational content. Their blog, Enhance SBOMs with runtime security context, outlines how they combine SBOM data with runtime intelligence to identify real-world risks and vulnerabilities more effectively.
  • Open Source Tools Supporting SBOM Adoption
    Datadog maintains the SBOM Generator, an open source tool based on CycloneDX, which scans codebases to produce high-quality SBOMs. They also released the datadog-sca-github-action, a GitHub Action that automates SBOM generation and integrates results into the Datadog platform for improved visibility.
  • Sigstore and Software Signing
    As part of the OpenSSF ecosystem, Datadog supports efforts like Sigstore to bring cryptographic signing and verification to the software supply chain. These efforts align with Datadog’s broader commitment to improving software provenance and integrity, especially as part of secure build and deployment practices.
  • OpenSSF Membership
    As a Premier Member of OpenSSF, Datadog collaborates with industry leaders to advance best practices, contribute to strategic initiatives, and help shape the future of secure open source software.

These collaborations demonstrate Datadog’s investment in long-term, community-driven approaches to open source security.

What’s Next

Datadog takes the stage at OpenSSF Community Day North America on Thursday, June 26, 2025, in Denver, CO, co-located with Open Source Summit North America.

They’ll be presenting alongside Intel Labs in the session:

Talk Title: Harnessing In-toto Attestations for Security and Compliance With Next-gen Policies
Time: 3:10–3:30 PM MDT
Location: Bluebird Ballroom 3A
Speakers:

  • Trishank Karthik Kuppusamy, Staff Engineer, Datadog
  • Marcela Melara, Research Scientist, Intel Labs

This session dives into the evolution of the in-toto Attestation Framework, spotlighting new policy standards that make it easier for consumers and auditors to derive meaningful insights from authenticated metadata—such as SBOMs and SLSA Build Provenance. Attendees will see how the latest policy framework bridges gaps in compatibility and usability with a flexible, real-world-ready approach to securing complex software supply chains.

Register now and connect with Datadog, Intel Labs, and fellow open source security leaders in Denver.

Why It Matters

By contributing to secure development frameworks, creating open source tooling, and educating the broader community, Datadog exemplifies what it means to be an OpenSSF Premier Member. Their work is hands-on, standards-driven, and deeply collaborative—helping make open source safer for everyone.

Learn More