FOSDEM is one of Europe’s most important gatherings for open source communities, and OpenSSF will participate again in 2026. The event brings together developers, maintainers, researchers, and industry contributors for…
Read More
Open Source & Security Africa (OSSAfrica) is a community-led initiative bringing together people who care about open source and security across the continent. We're building connections between contributors, software developers,…
Read More
The Cyber Resilience Act (CRA) represents a significant evolution in the European Union’s approach to product cybersecurity and software supply chain risk. Article 25 explicitly recognizes the unique role of…
Read More
Each year, the Open Source Security Foundation (OpenSSF) focuses its content and engagement on the security topics that matter most to the open source community. In 2026, we are organizing…
Read More
There is a particular feeling that comes with wearing a conference badge that carries more weight than your name. It is the quiet awareness that you are not just attending…
Read More
Abstract: Software security has always been a race between complexity and clarity. The Vulnerability Exploitability eXchange (VEX) aims to bring clarity to that race.
Read More
The Open Source Project Security (OSPS) Baseline is a community-developed catalog of practical security controls that helps open source projects understand what good security looks like and how to improve…
Read More
This is part 2 of a 2-part article where I’ll briefly discuss the impact of Artificial Intelligence (AI) on software development.
Read More
This is part 1 of a 2-part article discussing the impact of Artificial Intelligence (AI) on software development. In this part, I’ll note that AI use during software development is…
Read More
Trail of Bits, with funding from OpenSSF, is improving Sigstore’s rekor-monitor to help maintainers detect malicious package releases, monitor signing identities, and strengthen software supply chain security using transparency logs.
Read More