At the end of October 2025, the Linux Foundation Europe, OpenSSF, and CEPS brought together developers, maintainers, policymakers, and industry leaders for conversations on open source, security, and Europeās digital future. Through keynotes, workshops, and policy-focused sessions, the week created much-needed clarity around the Cyber Resilience Act (CRA) and, more broadly, the EU cybersecurity policy,…
At Open Source SecurityCon in Atlanta, the Open Source Security Foundation (OpenSSF) announced Target Corporation and Thread AI as new general members, OSTIFās upgrade to general membership, and recognized Golden Egg Award winners for their contributions to open source security. The Foundation continues to advance education, collaboration, and tooling to secure the global software supply…
OpenSSF sponsored the Open Source Finance Forum in New York, highlighting how collaboration between open source maintainers and the financial sector drives stronger cybersecurity. Talks covered AI security, the OSPS Baseline, and stabilizing vulnerability data, helping financial institutions build trust and resilience through open source.
By Madalin Neag, Kate Stewart, and David A. Wheeler In our previous blog post, we explored how the Software Bill of Materials (SBOM) should not be a static artifact created...
The Open Source Security Foundation (OpenSSF) has launched a new free course, Secure AI/ML-Driven Software Development (LFEL1012), authored by David A. Wheeler. As AI and machine learning become core to modern software development, this course helps developers understand and mitigate the security risks associated with AI code assistants. In just one hour, learners will gain…
Weāre pleased to announce the creation of a new BigQuery public dataset, rekor. The rekor dataset is an easily-queryable mirror of the public good instance of Sigstoreās transparency log, Rekor.
This blog was originally published on the OSTIF website on October 9, 2025 by Helen Wooste TheĀ Open Source Technology Improvement FundĀ is proud to share the results of our security audit...
Financial services run on open source. With regulations growing and supply chains under pressure, institutions need clear frameworks and reliable data to keep systems secure. At the Open Source in Finance Forum (OSFF) the OpenSSF community is sponsoring and sharing sessions on the OSPS Baseline, vulnerability data, and AI security. These talks demonstrate how our…
Open Source SecurityCon has always been about bringing people together to strengthen trust in open source. From its beginnings within TAG Security to its growth as a standalone conference, and now returning to KubeCon + CloudNativeCon alongside theĀ Open Source Security Foundation (OpenSSF), the event has become a gathering place for anyone passionate about securing our…
On September 24, the Open Source Security Foundation (OpenSSF) hosted its latest Tech Talk, bringing together experts from Dell, Google, Intel, and the broader community to discuss how open source tools and practices can secure the fast-evolving AI/ML lifecycle. The recording and slides are now available.
