OpenSSF

Announcing the Summer 2025 OpenSSF Mentorship Program

Hands-on experience and contributions to open source software (OSS) projects are a major advantage for obtaining a job in software engineering (SWE) and/or cybersecurity. At the same time, mentoring and coaching experiences are increasingly viewed as important leadership skills in tech jobs. Programs like the LFX Mentorship are one way to offer these experiences and…

Blog Guest Blog mentorship OpenSSF OSS Community RSTUF

New Guide on Simplifying Software Component Updates

The Open Source Security Foundation (OpenSSF) Best Practices Working Group has released the new guide Simplifying Software Component Updates. This guide gives software producers and consumers practical steps to simplify component compatibility. Applying the principles in this guide will eliminate many vulnerabilities in software. To understand why, it’s necessary to understand modern software development practices.

Blog Best Practices Working Group OpenSSF OpenSSF Best Practices OpenSSF Policy Summit

OpenSSF Tech Talk Recap: Using the OSPS Baseline to Navigate Standards and Regulations

On April 24, the Open Source Security Foundation (OpenSSF) hosted a Tech Talk to help open source maintainers, contributors, and organizations better navigate the growing landscape of security standards and regulations.

Blog Linux Foundation Open Source OpenSSF OSPS Baseline OSS Security Security Baseline Tech Talk

What’s in the SOSS? Podcast #29 – S2E06 Showing Up Fully: Meet OpenSSF’s new Community Manager, Stacey Potter

Podcast bear Community Management Cybersecurity Open Source OpenSSF Podcast

Recognizing Academic Excellence in Open Source and Secure Software Education

Modern software demands more than technical know-how—it requires a deep understanding of secure, sustainable, and scalable systems. Recognizing this, the Linux Foundation has launched its Academic Computing Accreditation Program, formally recognizing academic programs that align with industry-approved curricula from both the Open Source Security Foundation (OpenSSF) and the Cloud Native Computing Foundation (CNCF).

Blog Academic Accreditation Program CNCF education OpenSSF

OpenSSF Launches Free Course to Prepare Developers for the EU Cyber Resilience Act

SAN FRANCISCO, CA – April 29, 2025 – The Open Source Security Foundation (OpenSSF), in collaboration with LF Education, announces the general availability of LFEL1001, a free online course designed to help software developers understand and prepare for the requirements of the European Union (EU) Cyber Resilience Act (CRA). In just one week, the course…

Blog EU Cyber Resilience Act Global Cyber Policy Press Release CRA EU Cyber Resilience Act Linux Foundation Linux Foundation EU Linux Foundation Europe OpenSSF

Repository Service for The Update Framework (RSTUF) Reaches New Security Milestone with Successful Audit

The Open Source Security Foundation (OpenSSF) is proud to share that the Repository Service for The Update Framework (RSTUF) has completed a successful third-party security audit—marking a key milestone on its path to a stable 1.0.0 release.

Blog Guest Blog Community Linux Foundation OpenSSF RSTUF Tooling

Vulnerability Enumeration Conundrum – an Open Source Perspective on CVE and CWE

In recent days, the vulnerability management ecosystem has experienced shocking news that the de facto standard used throughout industry and upstream, the CVE & CWE Programs, were unexpectedly being defunded and at risk of shuttering its doors. This caused 24 hours of panic up and downstream, but that decision was quickly reversed as CISA stepped…

Blog Guest Blog CVE CWE Open Source Open Source Community OpenSSF

What’s in the SOSS? Podcast #27 – S2E04 Enterprise to Open Source: Steve Fernandez’s Journey to the OpenSSF

Podcast Enterprise Tech Open Source Security OpenSSF Podcast Steve Fernandez

Key Takeaways from VulnCon 2025: Insights from the OpenSSF Community

Blog Cyber Resilience Act Open Source Security OpenSSF VulnCon 2025 vulnerability management