Blog
Advancing Package Repository Security Through Collaboration
On February 2nd, the Open Source Security Foundation (OpenSSF) convened the OpenSSF Package Manager Security Forum, a cross-ecosystem working session focused on one of the most critical and complex challenges facing open source today: package repository security.
EU Cyber Resilience Act (CRA) in Practice @ FOSDEM 2026: From Awareness to Action
Over the past few years, the free and open source (FOSS) community has engaged deeply with the CRA, highlighting its significance and potential impact.
Security Slam 2026
Security Slam 2026 is a 30-day event that begins February 20 and culminates in an awards ceremony at KubeCon + CloudNativeCon Europe (KCCN EU).
Fill Out All The Margins 📖: OpenSSF Releases Compiler Annotations Guide for C and C++
OpenSSF’s new Compiler Annotations for C and C++ guide helps developers use compiler-specific annotations to communicate code intent to the compiler, improve diagnostics, improve optimizations, and provide stronger security and correctness guarantees.
Have a Security Lesson Worth Sharing? Submit a Talk at OpenSSF Community Day North America
OpenSSF Community Day North America is happening this year in Minneapolis, and the Call for Proposals (CFP) is open through February 15.
Join Us at Open Source SecurityCon Europe 2026 in Amsterdam
Open Source SecurityCon Europe is approaching, which means we’ll be gathering again in Amsterdam this spring for one of the most focused, practitioner-driven events in open source security. Save your spot, register now, and add your favorite sessions to your calendar from the agenda.
OpenSSF at FOSDEM 2026: From Policy to Practical Security
FOSDEM is one of Europe’s most important gatherings for open source communities, and OpenSSF will participate again in 2026. The event brings together developers, maintainers, researchers, and industry contributors for two days of technical talks, hallway discussions, and collaboration.
Strengthening Open Source Security Through Community: Introducing OSSAfrica
Open Source & Security Africa (OSSAfrica) is a community-led initiative bringing together people who care about open source and security across the continent. We're building connections between contributors, software developers, maintainers, researchers, and security professionals.
Preserving Open Source Sustainability While Advancing Cybersecurity Compliance
The Cyber Resilience Act (CRA) represents a significant evolution in the European Union’s approach to product cybersecurity and software supply chain risk. Article 25 explicitly recognizes the unique role of free and open source software (FOSS) and seeks to facilitate compliance for manufacturers by enabling voluntary security attestation programmes for FOSS.