Blog

From AIxCC to OpenSSF: Welcoming OSS-CRS to Advance AI Driven Open Source Security

AI Blog Global Cyber Policy AI security AI/ML Security Working Group AIxCC Automated Patching Bug Hunting Cyber Reasoning Systems DARPA LLM security Open Source Security OpenSSF OSS-CRS Software Security

Introducing the OpenSSF Ambassador Program

We're excited to launch the OpenSSF Ambassador Program - a global community of advocates who will help us promote secure open source development practices worldwide.

Blog Community Open Source OpenSSF OSSSecurity

Kusari Partners with OpenSSF to Strengthen Open Source Software Supply Chain Security

Blog Guest Blog AI security Cybersecurity DevOps GUAC Kusari Kusari Inspector Open Source Security OpenSSF SLSA Software Dependencies Software Supply Chain vulnerability management

OpenSSF Celebrates New Members, No-Cost Tooling, and Project Milestones

Blog Press Release AI security Cyber Resilience Act Gemara Project Helvethink Kusari Inspector Open Source Security Open Source SecurityCon Europe OpenSSF Quantrexion SLSA Spectro Cloud

Leading Tech Coalition Invests $12.5 Million Through OpenSSF and Alpha-Omega to Strengthen Open Source Security

Blog AI security Alpha-Omega Artificial Intelligence Cybersecurity Investment Linux Foundation Maintainer Support Open Source Security OpenSSF Software Supply Chain vulnerability management

Linux Foundation Announces $12.5 Million in Grant Funding from Leading Organizations to Advance Open Source Security

Blog Press Release AI Alpha-Omega Amazon Web Services (AWS) Anthropic Cybersecurity GitHub Google Google DeepMind Grant Funding Linux Foundation Microsoft Open Source Security OpenAI OpenSSF

KubeCon + CloudNativeCon Europe 2026 Co-located Event Deep Dive: Open Source SecurityCon

Open Source SecurityCon (evolved from Cloud Native SecurityCon) returns for its second event, co-located with KubeCon + CloudNativeCon Europe 2026. The conference advances innovation and collaboration across open source software security and cloud native security. It brings together creators, maintainers, operators, and consumers who are actively involved in securing the software ecosystem.

Blog Guest Blog Community community events Cyber Resilience Act Linux Foundation Open Source

Securing Agentic AI in Practice: From OpenSSF Guidance to Real-World Implementation

Agentic AI systems and AI-driven software workflows are evolving quickly, with more people building on top of them. With that shift comes new questions around trust, control, provenance, and secure interaction between models, tools, and users. Traditional cybersecurity models are being pushed to their limits, and the security stakes have never been higher.

Blog agentic AI AI/ML OpenSSF OSS Community OSS Security Tech Talk

First Steps Towards Cyber Resilience Act Conformity: Biking the CRA with Balena at FOSDEM 2026

Recently, I spoke at the Free and Open Source Developers' European Meeting (FOSDEM) 2026 on “First steps towards Cyber Resilience Act (CRA) conformity: A practical introduction to cybersecurity risk management.”

Blog EU Cyber Resilience Act Global Cyber Policy Guest Blog Community CRA Cyber Resilience Act FOSDEM OpenSSF

Introducing the Gemara Model

Blog Guest Blog Automated Governance Compliance-as-Code GRC Engineering Open Source Security