SBOM

Why Third-Party Notices Are Breaking at Scale: What the Ecosystem Needs Next

Blog Guest Blog Open Source Compliance SBOM Software Supply Chain Security Third-Party Notices vulnerability management

Rethinking Post-Deployment Vulnerability Detection

Blog Guest Blog Continuous Delivery CVE Digital Twin Open Source Security OpenSSF OSV.dev Post-Deployment Security SBOM Supply Chain Security vulnerability management

What’s in the SOSS? Podcast #47 – S2E24 Teaching the Next Generation: Software Supply Chain Security in Academia with Justin Cappos

NYU professor Justin Cappos joins the OpenSSF podcast to discuss why software supply chain security is missing from most university curricula -- and how hands-on, open source-first education can change that.

Podcast academia code signing higher education Linux Foundation Open Source Community Open Source Security OpenSSF Podcast SBOM Secure Software Development security education Software Supply Chain Security What’s in the SOSS

What’s in the SOSS? Podcast #45 – S2E22 SBOM Chaos and Software Sovereignty: The Hidden Challenges Facing Open Source with Stephanie Domas (Canonical)

Podcast EU CRA memory safety OpenSSF SBOM software sovereignty

OpenSSF Newsletter – October 2025

Discover the latest updates across the OpenSSF community including new learning offerings, AI/ML security advancements, SBOM evolution under the CRA, Scorecard improvements, Sigstore research, upcoming events, and fresh podcast episodes helping secure the future of open source.

Newsletter AI security community events EU Cyber Resilience Act Open Source Security OpenSSF Newsletter OpenSSF projects SBOM Scorecard Secure Software Development sigstore Software Supply Chain Security Tech Talks

Improving Risk Management Decisions with SBOM Data: A New Whitepaper from the OpenSSF SBOM Everywhere SIG

SBOMs are becoming part of everyday software practice, but many teams still ask the same question: how do we turn SBOM data into decisions we can trust? Our new whitepaper, “Improving Risk Management Decisions with SBOM Data,” answers that by tying SBOM information to concrete risk-management outcomes across engineering, security, legal, and operations.

Blog research SBOM SBOM Meetings (SBOM) Software Bill of Materials whitpaper

Trustify joins GUAC

By Ben Cotton and Dejan Bosanac The superpower of open source is multiple people working together on a common goal. That works for projects, too. GUAC and Trustify are two...

Blog Guest Blog GUAC OpenSSF SBOM Supply Chain Security Trustify

Member Spotlight: Datadog – Powering Open Source Security with Tools, Standards, and Community Leadership

Blog Datadog DevSecOps GuardDog in-toto observability Open Source Security OpenSSF OpenSSF Community Day SBOM sigstore SLSA Software Supply Chain

Choosing an SBOM Generation Tool

Software Bills of Materials (SBOMs) are the foundational piece of understanding your software supply chain. By listing the components that go into your application, SBOMs give you a starting point for understanding risks — including vulnerabilities, license issues, and other supply chain risks. But how do you create those SBOMs?

Blog Guest Blog Multi-language tools SBOM Single-language tools Software Bills of Materials vulnerabilities