OpenSSF
@openssf.org
Open Source Security Foundation (OpenSSF)
Together, we're securing the open source ecosystem
http://openssf.org
#OSSSecurity #OpenSSFCommunity
Together, we're securing the open source ecosystem
http://openssf.org
#OSSSecurity #OpenSSFCommunity
🧑🌾 bomctl makes SBOMs easier to work with by handling format and version differences for you. Convert between SPDX and CycloneDX, upgrade spec versions, and link #SBOMs across suppliers and systems.
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
Inside the bomctl Project: Bridging SBOM Generation & Analysis | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 22, 2025 at 9:33 PM
🧑🌾 bomctl makes SBOMs easier to work with by handling format and version differences for you. Convert between SPDX and CycloneDX, upgrade spec versions, and link #SBOMs across suppliers and systems.
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
OpenSSF-funded improvements to sigstore’s rekor-monitor are making transparency logs easier to monitor for malicious package releases and identity misuse.
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
December 19, 2025 at 6:19 PM
OpenSSF-funded improvements to sigstore’s rekor-monitor are making transparency logs easier to monitor for malicious package releases and identity misuse.
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
As 2025 comes to a close, we’re grateful for the people behind open source security.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
December 19, 2025 at 5:24 PM
As 2025 comes to a close, we’re grateful for the people behind open source security.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
The December 2025 #OpenSSF Newsletter is live 🎉
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
December 18, 2025 at 3:54 PM
The December 2025 #OpenSSF Newsletter is live 🎉
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
🛡️ #gittuf brings supply chain security to the source itself - applying portable, policy-based attestations directly to Git repositories. From two-party reviews to test enforcement, gittuf makes GitOps & repo-driven workflows more trustworthy by default.
🎥 : youtu.be/bQ-GHyHJcbc?...
🎥 : youtu.be/bQ-GHyHJcbc?...
Inside the gittuf Project: Platform-Agnostic Git Security | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 17, 2025 at 9:33 PM
🛡️ #gittuf brings supply chain security to the source itself - applying portable, policy-based attestations directly to Git repositories. From two-party reviews to test enforcement, gittuf makes GitOps & repo-driven workflows more trustworthy by default.
🎥 : youtu.be/bQ-GHyHJcbc?...
🎥 : youtu.be/bQ-GHyHJcbc?...
🎙️ New episode of What’s in the SOSS is live!
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
December 16, 2025 at 2:46 PM
🎙️ New episode of What’s in the SOSS is live!
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
GUAC: Mapping Software Relationships for Supply Chain Security | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 15, 2025 at 9:28 PM
When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
💡 This week’s OpenSSF Project Spotlight explores the Model Signing project with Mihai. Learn how verified model signatures help trainers & developers ensure their models haven’t been altered; and why lightweight, flexible signing beats container-bound approaches.
👀 youtu.be/P1AE23uZQ50?...
#AIML
👀 youtu.be/P1AE23uZQ50?...
#AIML
Inside the OpenSSF Model Signing Project: Securing the ML Supply Chain | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 12, 2025 at 9:00 PM
💡 This week’s OpenSSF Project Spotlight explores the Model Signing project with Mihai. Learn how verified model signatures help trainers & developers ensure their models haven’t been altered; and why lightweight, flexible signing beats container-bound approaches.
👀 youtu.be/P1AE23uZQ50?...
#AIML
👀 youtu.be/P1AE23uZQ50?...
#AIML
💡 Read the final post of the From Beginner to Builder blog series, where we highlight free courses that help contributors build confidence across AI/ML #security, policy & compliance, ethics, inclusion, & community leadership and more!
Read now: openssf.org/blog/2025/12...
Read now: openssf.org/blog/2025/12...
December 12, 2025 at 8:29 PM
💡 Read the final post of the From Beginner to Builder blog series, where we highlight free courses that help contributors build confidence across AI/ML #security, policy & compliance, ethics, inclusion, & community leadership and more!
Read now: openssf.org/blog/2025/12...
Read now: openssf.org/blog/2025/12...
🎉 We’re excited to share our 2025 Annual Report, highlighting the milestones & collective achievements that shaped this year. Read the blog for a first glimpse into the stories, challenges, and quiet breakthroughs behind the numbers.
📘 Blog: openssf.org/blog/2025/12...
#OpenSSF #2025Wrapped
📘 Blog: openssf.org/blog/2025/12...
#OpenSSF #2025Wrapped
December 11, 2025 at 9:54 PM
🎉 We’re excited to share our 2025 Annual Report, highlighting the milestones & collective achievements that shaped this year. Read the blog for a first glimpse into the stories, challenges, and quiet breakthroughs behind the numbers.
📘 Blog: openssf.org/blog/2025/12...
#OpenSSF #2025Wrapped
📘 Blog: openssf.org/blog/2025/12...
#OpenSSF #2025Wrapped
💡 How can developers work with SBOMs without worrying about formats, parsers, or complex tooling?
⚙️ Puerco introduces #Protobom, a universal I/O layer for SBOM data that lets you read and write any SBOM format through a single, unified abstraction.
Learn more: youtu.be/YhdRE6IdUuw?...
⚙️ Puerco introduces #Protobom, a universal I/O layer for SBOM data that lets you read and write any SBOM format through a single, unified abstraction.
Learn more: youtu.be/YhdRE6IdUuw?...
Protobom Project Explained: A Unified Protocol Buffers Model for SBOMs | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 8, 2025 at 9:00 PM
💡 How can developers work with SBOMs without worrying about formats, parsers, or complex tooling?
⚙️ Puerco introduces #Protobom, a universal I/O layer for SBOM data that lets you read and write any SBOM format through a single, unified abstraction.
Learn more: youtu.be/YhdRE6IdUuw?...
⚙️ Puerco introduces #Protobom, a universal I/O layer for SBOM data that lets you read and write any SBOM format through a single, unified abstraction.
Learn more: youtu.be/YhdRE6IdUuw?...
🇰🇷 #OpenSSFCommunity Day Korea took place this November in Seoul, bringing developers and security engineers together for a day of practical discussions on software security.
💬 If you missed the event, don’t miss the full recap: openssf.org/blog/2025/12...
💬 If you missed the event, don’t miss the full recap: openssf.org/blog/2025/12...
December 5, 2025 at 6:39 PM
🇰🇷 #OpenSSFCommunity Day Korea took place this November in Seoul, bringing developers and security engineers together for a day of practical discussions on software security.
💬 If you missed the event, don’t miss the full recap: openssf.org/blog/2025/12...
💬 If you missed the event, don’t miss the full recap: openssf.org/blog/2025/12...
🌟 Security Insight: A New OpenSSF Project Highlight
Eddie Knight explains Security Insights, an OpenSSF specification that assists projects in publishing important security statistics in an organized, machine-readable way.
Watch the video: youtu.be/kWpncbcqscc?...
#OpenSSF
Eddie Knight explains Security Insights, an OpenSSF specification that assists projects in publishing important security statistics in an organized, machine-readable way.
Watch the video: youtu.be/kWpncbcqscc?...
#OpenSSF
Security Insights: Machine-Readable Security Metadata for Open Source | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 4, 2025 at 4:17 PM
🌟 Security Insight: A New OpenSSF Project Highlight
Eddie Knight explains Security Insights, an OpenSSF specification that assists projects in publishing important security statistics in an organized, machine-readable way.
Watch the video: youtu.be/kWpncbcqscc?...
#OpenSSF
Eddie Knight explains Security Insights, an OpenSSF specification that assists projects in publishing important security statistics in an organized, machine-readable way.
Watch the video: youtu.be/kWpncbcqscc?...
#OpenSSF
#CyberWeek is LIVE! ⚡
Hear from David A. Wheeler on why now is the best time to build your security skills. From Dec 1–9, get the Linux Foundation Education's biggest course savings!
Your future self will thank you.
➡️ training.linuxfoundation.org/cyber-week-2...
➡️ openssf.org/training/
Hear from David A. Wheeler on why now is the best time to build your security skills. From Dec 1–9, get the Linux Foundation Education's biggest course savings!
Your future self will thank you.
➡️ training.linuxfoundation.org/cyber-week-2...
➡️ openssf.org/training/
December 3, 2025 at 3:35 PM
#CyberWeek is LIVE! ⚡
Hear from David A. Wheeler on why now is the best time to build your security skills. From Dec 1–9, get the Linux Foundation Education's biggest course savings!
Your future self will thank you.
➡️ training.linuxfoundation.org/cyber-week-2...
➡️ openssf.org/training/
Hear from David A. Wheeler on why now is the best time to build your security skills. From Dec 1–9, get the Linux Foundation Education's biggest course savings!
Your future self will thank you.
➡️ training.linuxfoundation.org/cyber-week-2...
➡️ openssf.org/training/
New What’s in the SOSS episode with Jay White from Microsoft. We talk AI, model signing, supply chain security, and why community collaboration matters.
Listen here: openssf.org/podcast/2025...
#OpenSSF
Listen here: openssf.org/podcast/2025...
#OpenSSF
December 2, 2025 at 2:47 PM
New What’s in the SOSS episode with Jay White from Microsoft. We talk AI, model signing, supply chain security, and why community collaboration matters.
Listen here: openssf.org/podcast/2025...
#OpenSSF
Listen here: openssf.org/podcast/2025...
#OpenSSF
💡 OpenSSF Project Highlight: Sigstore - A Wax Seal of Security for the Digital Era
❓ Why this matters: the Sigstore project is building a modern, transparent trust layer for open source.
Watch this interview and learn more about #Sigstore: youtu.be/m5eTw4x33kU?...
❓ Why this matters: the Sigstore project is building a modern, transparent trust layer for open source.
Watch this interview and learn more about #Sigstore: youtu.be/m5eTw4x33kU?...
Sigstore: A Wax Seal of Security for the Digital Era | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 1, 2025 at 10:09 PM
💡 OpenSSF Project Highlight: Sigstore - A Wax Seal of Security for the Digital Era
❓ Why this matters: the Sigstore project is building a modern, transparent trust layer for open source.
Watch this interview and learn more about #Sigstore: youtu.be/m5eTw4x33kU?...
❓ Why this matters: the Sigstore project is building a modern, transparent trust layer for open source.
Watch this interview and learn more about #Sigstore: youtu.be/m5eTw4x33kU?...
🌟 New OpenSSF Project Spotlight 💃
In this interview, SLSA Steering Committee member Tom Hennen (Google) breaks down how SLSA is helping organizations strengthen trust across the software supply chain.
Watch the full Project Spotlight:
🔗 www.youtube.com/watch?v=gdYl...
#OpenSSF #SLSA #OSSSecurity
In this interview, SLSA Steering Committee member Tom Hennen (Google) breaks down how SLSA is helping organizations strengthen trust across the software supply chain.
Watch the full Project Spotlight:
🔗 www.youtube.com/watch?v=gdYl...
#OpenSSF #SLSA #OSSSecurity
SLSA: Industry-Driven Guidelines for Software Supply Chain Security | OpenSSF Project Spotlight
YouTube video by OpenSSF
www.youtube.com
November 26, 2025 at 6:48 PM
🌟 New OpenSSF Project Spotlight 💃
In this interview, SLSA Steering Committee member Tom Hennen (Google) breaks down how SLSA is helping organizations strengthen trust across the software supply chain.
Watch the full Project Spotlight:
🔗 www.youtube.com/watch?v=gdYl...
#OpenSSF #SLSA #OSSSecurity
In this interview, SLSA Steering Committee member Tom Hennen (Google) breaks down how SLSA is helping organizations strengthen trust across the software supply chain.
Watch the full Project Spotlight:
🔗 www.youtube.com/watch?v=gdYl...
#OpenSSF #SLSA #OSSSecurity
The November #OpenSSF Newsletter is live.
Cyber Week deals, CRA insights, OSFF NYC highlights, new members, podcasts, Zarf, OpenBao, SBOM updates, and more.
openssf.org/newsletter/2...
Cyber Week deals, CRA insights, OSFF NYC highlights, new members, podcasts, Zarf, OpenBao, SBOM updates, and more.
openssf.org/newsletter/2...
November 25, 2025 at 4:09 PM
The November #OpenSSF Newsletter is live.
Cyber Week deals, CRA insights, OSFF NYC highlights, new members, podcasts, Zarf, OpenBao, SBOM updates, and more.
openssf.org/newsletter/2...
Cyber Week deals, CRA insights, OSFF NYC highlights, new members, podcasts, Zarf, OpenBao, SBOM updates, and more.
openssf.org/newsletter/2...
👂 Think you know OpenSSF projects?
🕙 Check out our new “OpenSSF Projects in Less Than 5 Minutes” series.
🌟 Today’s spotlight: #Zarf -- simplifying cloud-native delivery in air-gapped and offline environments.
Watch: youtu.be/7uRjBfoGk3Q?...
🕙 Check out our new “OpenSSF Projects in Less Than 5 Minutes” series.
🌟 Today’s spotlight: #Zarf -- simplifying cloud-native delivery in air-gapped and offline environments.
Watch: youtu.be/7uRjBfoGk3Q?...
Zarf Explained: DevSecOps for Air-Gapped & Offline Environments | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
November 21, 2025 at 8:45 PM
👂 Think you know OpenSSF projects?
🕙 Check out our new “OpenSSF Projects in Less Than 5 Minutes” series.
🌟 Today’s spotlight: #Zarf -- simplifying cloud-native delivery in air-gapped and offline environments.
Watch: youtu.be/7uRjBfoGk3Q?...
🕙 Check out our new “OpenSSF Projects in Less Than 5 Minutes” series.
🌟 Today’s spotlight: #Zarf -- simplifying cloud-native delivery in air-gapped and offline environments.
Watch: youtu.be/7uRjBfoGk3Q?...
Hey OpenSSF community, thinking about going to FOSDEM next year?
The #FOSDEM2026 devroom CFPs are now open, with just a little over a week left to submit!
Submit your proposals here: pretalx.fosdem.org/fosdem-2026
The #FOSDEM2026 devroom CFPs are now open, with just a little over a week left to submit!
Submit your proposals here: pretalx.fosdem.org/fosdem-2026
FOSDEM 2026
Schedule, talks and talk submissions for FOSDEM 2026
pretalx.fosdem.org
November 20, 2025 at 8:00 PM
Hey OpenSSF community, thinking about going to FOSDEM next year?
The #FOSDEM2026 devroom CFPs are now open, with just a little over a week left to submit!
Submit your proposals here: pretalx.fosdem.org/fosdem-2026
The #FOSDEM2026 devroom CFPs are now open, with just a little over a week left to submit!
Submit your proposals here: pretalx.fosdem.org/fosdem-2026
Last week at #KubeCon, Stacey and Adolfo delivered one of the most memorable and entertaining keynotes.
This recap breaks down what happened on stage and why it captured so much attention across the conference. Read now: openssf.org/blog/2025/11...
#OSSSecurity
This recap breaks down what happened on stage and why it captured so much attention across the conference. Read now: openssf.org/blog/2025/11...
#OSSSecurity
November 19, 2025 at 6:56 PM
Last week at #KubeCon, Stacey and Adolfo delivered one of the most memorable and entertaining keynotes.
This recap breaks down what happened on stage and why it captured so much attention across the conference. Read now: openssf.org/blog/2025/11...
#OSSSecurity
This recap breaks down what happened on stage and why it captured so much attention across the conference. Read now: openssf.org/blog/2025/11...
#OSSSecurity
SBOM versioning got you twisted? Stephanie Domas digs into patch drift, software sovereignty, EU CRA, and memory-safe sudo-rs in Ubuntu LTS. 🎧
openssf.org/podcast/2025...
#OpenSSF
openssf.org/podcast/2025...
#OpenSSF
November 19, 2025 at 2:23 PM
SBOM versioning got you twisted? Stephanie Domas digs into patch drift, software sovereignty, EU CRA, and memory-safe sudo-rs in Ubuntu LTS. 🎧
openssf.org/podcast/2025...
#OpenSSF
openssf.org/podcast/2025...
#OpenSSF
🗣️ Our newest Zarf Tech Talk recap is live! 📹
This Tech Talkbrought together experts from Sonatype, Defense Unicorns, and Boeing to break down one of the biggest challenges in secure software delivery: operating in disconnected or restricted environments.
#Zarf #DevSecOps
This Tech Talkbrought together experts from Sonatype, Defense Unicorns, and Boeing to break down one of the biggest challenges in secure software delivery: operating in disconnected or restricted environments.
#Zarf #DevSecOps
Tech Talk: Simplifying DevSecOps in Air-Gapped Environments with Zarf
YouTube video by OpenSSF
youtube.com
November 18, 2025 at 7:31 PM
🗣️ Our newest Zarf Tech Talk recap is live! 📹
This Tech Talkbrought together experts from Sonatype, Defense Unicorns, and Boeing to break down one of the biggest challenges in secure software delivery: operating in disconnected or restricted environments.
#Zarf #DevSecOps
This Tech Talkbrought together experts from Sonatype, Defense Unicorns, and Boeing to break down one of the biggest challenges in secure software delivery: operating in disconnected or restricted environments.
#Zarf #DevSecOps
💬 Last month, LF Europe (@linuxfoundationeu.bsky.social), OpenSSF, and CEPS brought the open source community together in Ghent and Brussels for a full week of conversations on security, collaboration, and Europe’s digital future.
Read the recap: openssf.org/blog/2025/11...
#OSSSecurity
Read the recap: openssf.org/blog/2025/11...
#OSSSecurity
November 17, 2025 at 9:19 PM
💬 Last month, LF Europe (@linuxfoundationeu.bsky.social), OpenSSF, and CEPS brought the open source community together in Ghent and Brussels for a full week of conversations on security, collaboration, and Europe’s digital future.
Read the recap: openssf.org/blog/2025/11...
#OSSSecurity
Read the recap: openssf.org/blog/2025/11...
#OSSSecurity
OpenSSF sponsored OSFF NYC to help the financial sector strengthen its use of open source through practical security guidance.
Thank you to the speakers from our community and to FINOS for bringing everyone together.
Learn more: openssf.org/blog/2025/11...
Thank you to the speakers from our community and to FINOS for bringing everyone together.
Learn more: openssf.org/blog/2025/11...
November 13, 2025 at 3:06 PM
OpenSSF sponsored OSFF NYC to help the financial sector strengthen its use of open source through practical security guidance.
Thank you to the speakers from our community and to FINOS for bringing everyone together.
Learn more: openssf.org/blog/2025/11...
Thank you to the speakers from our community and to FINOS for bringing everyone together.
Learn more: openssf.org/blog/2025/11...