Security

Have a Security Lesson Worth Sharing? Submit a Talk at OpenSSF Community Day North America

OpenSSF Community Day North America is happening this year in Minneapolis, and the Call for Proposals (CFP) is open through February 15.

Blog Community Events Open Source Summit OpenSSF Community OpenSSF Community Day Security

AI, Software Development, Security, Tips, and the Future (Part 2)

This is part 2 of a 2-part article where I’ll briefly discuss the impact of Artificial Intelligence (AI) on software development.

Blog AI AI security Community Linux Foundation Open Source Open Source Security Security

KubeCon Keynote Recap: “Supply Chain Reaction” and Why the OSPS Baseline Matters More Than Ever

At KubeCon+CloudNativeCon North America, Stacey Potter (OpenSSF) and Adolfo García Veytia delivered one of the most memorable and entertaining keynotes of the week: “Supply Chain Reaction: A Cautionary Tale in Kubernetes Security.”

Blog Community Linux Foundation Open Source OpenSSF OSPSBaseline OSS Security Security

Recap: Open Source Security Week in Belgium – Highlights from Ghent to Brussels

At the end of October 2025, the Linux Foundation Europe, OpenSSF, and CEPS brought together developers, maintainers, policymakers, and industry leaders for conversations on open source, security, and Europe’s digital future. Through keynotes, workshops, and policy-focused sessions, the week created much-needed clarity around the Cyber Resilience Act (CRA) and, more broadly, the EU cybersecurity policy,…

Blog Communiy CRA Cybersecurity EU Events Linux Foundation OpenSSF Security

What’s in the SOSS? Podcast #43 – S2E20 Building Trust in Open Source: Seth Larson’s Journey from Maintainer to Security Leader

Seth Larson, Security Developer-in-Residence at the Python Software Foundation, joins What’s in the SOSS? to discuss trust, documentation, and the evolution of secure-by-default practices in open source.

Podcast maintainers Open Source OpenSSF Python Security Seth Larson Trust What’s in the SOSS

Recap: OpenSSF Tech Talk on Securing the AI Lifecycle

On September 24, the Open Source Security Foundation (OpenSSF) hosted its latest Tech Talk, bringing together experts from Dell, Google, Intel, and the broader community to discuss how open source tools and practices can secure the fast-evolving AI/ML lifecycle. The recording and slides are now available.

Blog AI AI/ML Community OpenSSF Security Tech Talk Working Group

OpenSSF Community Day Korea 2025 Agenda Live!

We’re excited to announce that the agenda for OpenSSF Community Day Korea is now live! Join the community on November 4, 2025, in Seoul, South Korea, co-located with Open Source...

Blog Events Korea Open Source OpenSSFCommunity Security

What’s in the SOSS? Podcast #33 – S2E10 Bridging DevOps and Security: Tracy Ragan on the Future of Open Source

Podcast Developer Relations DevOps DevRel. Developers Open Source OSS Podcast Security

Maintainers’ Guide: Securing CI/CD Pipelines After the tj-actions and reviewdog Supply Chain Attacks

CI/CD pipelines are increasingly becoming high-value targets for attackers. With access to secrets, source code, and infrastructure, they offer a direct route to supply chain compromise. The recent breaches involving tj-actions/changed-files and reviewdog/action-setup are not just isolated events, they are harbingers of a new generation of CI/CD-targeted supply chain attacks.

Blog Guest Blog CI/CD Community Guest Blog OpenSSF OSS OSS Security Security

OpenSSF Tech Talk Recap: Using the OSPS Baseline to Navigate Standards and Regulations

On April 24, the Open Source Security Foundation (OpenSSF) hosted a Tech Talk to help open source maintainers, contributors, and organizations better navigate the growing landscape of security standards and regulations.

Blog Linux Foundation Open Source OpenSSF OSPS Baseline OSS Security Security Baseline Tech Talk