OSS Security

Jun 25

The CRA Readiness Reality: What Changed (and What Didn’t) Between 2025 and 2026?

By OpenSSF Blog, EU Cyber Resilience Act, Guest Blog

In 2025, Linux Foundation Research, Linux Foundation Europe, and Open Source Security Foundation (OpenSSF) published Unaware and Uncertain: The Stark Realities of Cyber Resilience Act Readiness in Open Source. It…

Jun 23

Love0

Bridging the Gap Between Code and Research: Why SCORED ’26 Matters for Open Source Security

By OpenSSF Blog, Guest Blog

Let’s be completely honest about how we’ve historically handled security research: academia and open source practitioners have basically been living on two different planets. That’s why we created SCORED (the…

Jun 10

Love0

Mini Shai-Hulud: Where SLSA’s Boundaries Fall

By OpenSSF Blog, Guest Blog

The “Mini Shai-Hulud” attack chained a GitHub Actions workflow misconfiguration, cache poisoning, and OIDC token extraction to publish malicious packages through legitimate CI/CD pipelines.

Jun 05

Love0

The “Skyway” to OSS Security: OpenSSF Community Day North America 2026 Recap

By OpenSSF Blog

The open source community recently gathered in Minneapolis for Open Source Summit North America and OpenSSF Community Day North America 2026. Functioning as a collaborative “Skyway,” the Open Source Security…

Mar 13

Love0

Securing Agentic AI in Practice: From OpenSSF Guidance to Real-World Implementation

By OpenSSF Blog

Agentic AI systems and AI-driven software workflows are evolving quickly, with more people building on top of them. With that shift comes new questions around trust, control, provenance, and secure…

Feb 13

Love0

Security Slam 2026

By OpenSSF Blog, Guest Blog

Security Slam 2026 is a 30-day event that begins February 20 and culminates in an awards ceremony at KubeCon + CloudNativeCon Europe (KCCN EU).

Nov 19

Love0

KubeCon Keynote Recap: “Supply Chain Reaction” and Why the OSPS Baseline Matters More Than Ever

By OpenSSF Blog

At KubeCon+CloudNativeCon North America, Stacey Potter (OpenSSF) and Adolfo García Veytia delivered one of the most memorable and entertaining keynotes of the week: “Supply Chain Reaction: A Cautionary Tale in…

Jun 11

Love0

Maintainers’ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks

By OpenSSF Blog, Guest Blog

CI/CD pipelines are increasingly becoming high-value targets for attackers. With access to secrets, source code, and infrastructure, they offer a direct route to supply chain compromise. The recent breaches involving…

The CRA Readiness Reality: What Changed (and What Didn’t) Between 2025 and 2026?

Bridging the Gap Between Code and Research: Why SCORED ’26 Matters for Open Source Security

Mini Shai-Hulud: Where SLSA’s Boundaries Fall

The “Skyway” to OSS Security: OpenSSF Community Day North America 2026 Recap

Securing Agentic AI in Practice: From OpenSSF Guidance to Real-World Implementation

Security Slam 2026

KubeCon Keynote Recap: “Supply Chain Reaction” and Why the OSPS Baseline Matters More Than Ever

Maintainers’ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox