Blog

Leading Tech Coalition Invests $12.5 Million Through OpenSSF and Alpha-Omega to Strengthen Open Source Security

Blog AI security Alpha-Omega Artificial Intelligence Cybersecurity Investment Linux Foundation Maintainer Support Open Source Security OpenSSF Software Supply Chain vulnerability management

Linux Foundation Announces $12.5 Million in Grant Funding from Leading Organizations to Advance Open Source Security

Blog Press Release AI Alpha-Omega Amazon Web Services (AWS) Anthropic Cybersecurity GitHub Google Google DeepMind Grant Funding Linux Foundation Microsoft Open Source Security OpenAI OpenSSF

KubeCon + CloudNativeCon Europe 2026 Co-located Event Deep Dive: Open Source SecurityCon

Open Source SecurityCon (evolved from Cloud Native SecurityCon) returns for its second event, co-located with KubeCon + CloudNativeCon Europe 2026. The conference advances innovation and collaboration across open source software security and cloud native security. It brings together creators, maintainers, operators, and consumers who are actively involved in securing the software ecosystem.

Blog Guest Blog Community community events Cyber Resilience Act Linux Foundation Open Source

Securing Agentic AI in Practice: From OpenSSF Guidance to Real-World Implementation

Agentic AI systems and AI-driven software workflows are evolving quickly, with more people building on top of them. With that shift comes new questions around trust, control, provenance, and secure interaction between models, tools, and users. Traditional cybersecurity models are being pushed to their limits, and the security stakes have never been higher.

Blog agentic AI AI/ML OpenSSF OSS Community OSS Security Tech Talk

First Steps Towards Cyber Resilience Act Conformity: Biking the CRA with Balena at FOSDEM 2026

Recently, I spoke at the Free and Open Source Developers' European Meeting (FOSDEM) 2026 on “First steps towards Cyber Resilience Act (CRA) conformity: A practical introduction to cybersecurity risk management.”

Blog EU Cyber Resilience Act Global Cyber Policy Guest Blog Community CRA Cyber Resilience Act FOSDEM OpenSSF

Introducing the Gemara Model

Blog Guest Blog Automated Governance Compliance-as-Code GRC Engineering Open Source Security

Your Voice Belongs Here: How to Get Involved in the OpenSSF Community

One of the most common misconceptions we hear in the OpenSSF community is that you need special permission to contribute. You do not.

Blog Community Contributors DevRel Marketing Membership Open Source OpenSSF OSSSecurity

Case Study: Defending the Open Source Supply Chain in a New Regulatory Era

Blog Case Studies EU Cyber Resilience Act Compliance CRA Open Source Security Red Hat Supply Chain Integrity

Getting an OpenSSF Baseline Badge with the Best Practices Badge System

Blog Best Practices Badge Cybersecurity Requirements Open Source Security OpenSSF OSPS Baseline

Advancing Package Repository Security Through Collaboration

On February 2nd, the Open Source Security Foundation (OpenSSF) convened the OpenSSF Package Manager Security Forum, a cross-ecosystem working session focused on one of the most critical and complex challenges facing open source today: package repository security.

Blog OpenSSF OSSSecurity Package Manager Security Forum Package Repository Security