OpenSSF
@openssf.org
Open Source Security Foundation (OpenSSF)
Together, we're securing the open source ecosystem
http://openssf.org
#OSSSecurity #OpenSSFCommunity
Together, we're securing the open source ecosystem
http://openssf.org
#OSSSecurity #OpenSSFCommunity
⏰The CFP for #OpenSSFCommunity Day North America is closing February 15.
Read the blog and learn about:
✅ The types of topics we’re looking for
✅ What makes a strong, community-driven proposal
✅ Key dates you don’t want to miss
openssf.org/blog/2026/02...
Read the blog and learn about:
✅ The types of topics we’re looking for
✅ What makes a strong, community-driven proposal
✅ Key dates you don’t want to miss
openssf.org/blog/2026/02...
February 10, 2026 at 9:33 PM
⏰The CFP for #OpenSSFCommunity Day North America is closing February 15.
Read the blog and learn about:
✅ The types of topics we’re looking for
✅ What makes a strong, community-driven proposal
✅ Key dates you don’t want to miss
openssf.org/blog/2026/02...
Read the blog and learn about:
✅ The types of topics we’re looking for
✅ What makes a strong, community-driven proposal
✅ Key dates you don’t want to miss
openssf.org/blog/2026/02...
New podcast 🎙️
How did the AI Cyber Challenge go from skepticism to success?
Start with AIxCC Part 1 – From Skepticism to Success and hear how #AIxCC reshaped thinking around AI + cybersecurity.
Part 1 kicks off a 4-episode series: openssf.org/podcast/2026...
How did the AI Cyber Challenge go from skepticism to success?
Start with AIxCC Part 1 – From Skepticism to Success and hear how #AIxCC reshaped thinking around AI + cybersecurity.
Part 1 kicks off a 4-episode series: openssf.org/podcast/2026...
February 10, 2026 at 3:06 PM
New podcast 🎙️
How did the AI Cyber Challenge go from skepticism to success?
Start with AIxCC Part 1 – From Skepticism to Success and hear how #AIxCC reshaped thinking around AI + cybersecurity.
Part 1 kicks off a 4-episode series: openssf.org/podcast/2026...
How did the AI Cyber Challenge go from skepticism to success?
Start with AIxCC Part 1 – From Skepticism to Success and hear how #AIxCC reshaped thinking around AI + cybersecurity.
Part 1 kicks off a 4-episode series: openssf.org/podcast/2026...
Open Source #SecurityCon Europe 2026 is heading to Amsterdam 🇳🇱
This blog highlights speakers & perspectives from across the OpenSSF community, all bringing hands-on experience from production environments.
Read the blog: openssf.org/blog/2026/02...
#OSSSecurity
This blog highlights speakers & perspectives from across the OpenSSF community, all bringing hands-on experience from production environments.
Read the blog: openssf.org/blog/2026/02...
#OSSSecurity
February 3, 2026 at 8:21 PM
Open Source #SecurityCon Europe 2026 is heading to Amsterdam 🇳🇱
This blog highlights speakers & perspectives from across the OpenSSF community, all bringing hands-on experience from production environments.
Read the blog: openssf.org/blog/2026/02...
#OSSSecurity
This blog highlights speakers & perspectives from across the OpenSSF community, all bringing hands-on experience from production environments.
Read the blog: openssf.org/blog/2026/02...
#OSSSecurity
CFPs don’t have to be scary.
Learn how to get your conference talk accepted, avoid common pitfalls, and show up with confidence. 🎤
New What’s in the SOSS episode out now.
openssf.org/podcast/2026...
Learn how to get your conference talk accepted, avoid common pitfalls, and show up with confidence. 🎤
New What’s in the SOSS episode out now.
openssf.org/podcast/2026...
February 3, 2026 at 3:25 PM
CFPs don’t have to be scary.
Learn how to get your conference talk accepted, avoid common pitfalls, and show up with confidence. 🎤
New What’s in the SOSS episode out now.
openssf.org/podcast/2026...
Learn how to get your conference talk accepted, avoid common pitfalls, and show up with confidence. 🎤
New What’s in the SOSS episode out now.
openssf.org/podcast/2026...
🔐 Open source security in 2026 is taking shape.
The January newsletter covers CRA readiness, 2026 themes, VEX adoption, AI security, and upcoming community events like #FOSDEM and Open Source SecurityCon Europe.
openssf.org/newsletter/2...
The January newsletter covers CRA readiness, 2026 themes, VEX adoption, AI security, and upcoming community events like #FOSDEM and Open Source SecurityCon Europe.
openssf.org/newsletter/2...
January 29, 2026 at 4:59 PM
🔐 Open source security in 2026 is taking shape.
The January newsletter covers CRA readiness, 2026 themes, VEX adoption, AI security, and upcoming community events like #FOSDEM and Open Source SecurityCon Europe.
openssf.org/newsletter/2...
The January newsletter covers CRA readiness, 2026 themes, VEX adoption, AI security, and upcoming community events like #FOSDEM and Open Source SecurityCon Europe.
openssf.org/newsletter/2...
OpenSSF community will be at #FOSDEM2026 this week, bringing practical perspectives on CRA readiness, vulnerability intelligence, SBOMs, and software supply chain security 🔐
Read the blog and find out where to find us & what not to miss: openssf.org/blog/2026/01...
#OSSSecurity
Read the blog and find out where to find us & what not to miss: openssf.org/blog/2026/01...
#OSSSecurity
January 28, 2026 at 5:03 PM
OpenSSF community will be at #FOSDEM2026 this week, bringing practical perspectives on CRA readiness, vulnerability intelligence, SBOMs, and software supply chain security 🔐
Read the blog and find out where to find us & what not to miss: openssf.org/blog/2026/01...
#OSSSecurity
Read the blog and find out where to find us & what not to miss: openssf.org/blog/2026/01...
#OSSSecurity
Season 3 of What’s in the SOSS? starts now 🎙️
We’re welcoming Sally Cooper as an official co-host and talking about why #marketing matters in open source, why trust is the real currency, and how people find their way into the OpenSSF community.
openssf.org/podcast/2026...
We’re welcoming Sally Cooper as an official co-host and talking about why #marketing matters in open source, why trust is the real currency, and how people find their way into the OpenSSF community.
openssf.org/podcast/2026...
January 27, 2026 at 2:25 PM
Season 3 of What’s in the SOSS? starts now 🎙️
We’re welcoming Sally Cooper as an official co-host and talking about why #marketing matters in open source, why trust is the real currency, and how people find their way into the OpenSSF community.
openssf.org/podcast/2026...
We’re welcoming Sally Cooper as an official co-host and talking about why #marketing matters in open source, why trust is the real currency, and how people find their way into the OpenSSF community.
openssf.org/podcast/2026...
🎉 We’re excited to share a new blog introducing OSSAfrica, an OpenSSF community-led initiative focused on strengthening open source security across Africa by bringing people together across roles, experience levels, and geographies.
Read: openssf.org/blog/2026/01...
#OSSSecurity
Read: openssf.org/blog/2026/01...
#OSSSecurity
January 22, 2026 at 9:41 PM
🎉 We’re excited to share a new blog introducing OSSAfrica, an OpenSSF community-led initiative focused on strengthening open source security across Africa by bringing people together across roles, experience levels, and geographies.
Read: openssf.org/blog/2026/01...
#OSSSecurity
Read: openssf.org/blog/2026/01...
#OSSSecurity
“Open source provides inputs, not regulated products.” 🧩
Madalin explains why #CRA upstream self-attestation risks shifting responsibility to maintainers, and why automation, machine-readable metadata, and downstream accountability scale better.
Read the blog: openssf.org/blog/2026/01...
Madalin explains why #CRA upstream self-attestation risks shifting responsibility to maintainers, and why automation, machine-readable metadata, and downstream accountability scale better.
Read the blog: openssf.org/blog/2026/01...
January 21, 2026 at 4:31 PM
“Open source provides inputs, not regulated products.” 🧩
Madalin explains why #CRA upstream self-attestation risks shifting responsibility to maintainers, and why automation, machine-readable metadata, and downstream accountability scale better.
Read the blog: openssf.org/blog/2026/01...
Madalin explains why #CRA upstream self-attestation risks shifting responsibility to maintainers, and why automation, machine-readable metadata, and downstream accountability scale better.
Read the blog: openssf.org/blog/2026/01...
🎉 OpenSSF’s 2026 Themes are here, and so is Honk’s 2026 Vision Board, inspired by our new blog post that outlines the community roadmap for securing the future of open source!
Read the blog & see how themes align with our 2026 priorities: openssf.org/blog/2026/01...
#OSSSecurity
Read the blog & see how themes align with our 2026 priorities: openssf.org/blog/2026/01...
#OSSSecurity
January 15, 2026 at 9:33 PM
🎉 OpenSSF’s 2026 Themes are here, and so is Honk’s 2026 Vision Board, inspired by our new blog post that outlines the community roadmap for securing the future of open source!
Read the blog & see how themes align with our 2026 priorities: openssf.org/blog/2026/01...
#OSSSecurity
Read the blog & see how themes align with our 2026 priorities: openssf.org/blog/2026/01...
#OSSSecurity
🚨 CFP is open for #OpenSSFCommunity Day North America, and we want to hear from YOU!!
This is a community conference focused on sharing what’s working, what’s hard, and what others can learn.
🗓️ CFP closes: February 15
👉 Submit your proposal: events.linuxfoundation.org/openssf-comm...
This is a community conference focused on sharing what’s working, what’s hard, and what others can learn.
🗓️ CFP closes: February 15
👉 Submit your proposal: events.linuxfoundation.org/openssf-comm...
Call For Proposals (CFP) | LF Events
OpenSSF Community Days bring together a vibrant community from across the Security and Open Source ecosystems to share ideas and progress on capabilities that make it easier to sustainably secure the…
events.linuxfoundation.org
January 15, 2026 at 5:29 PM
🚨 CFP is open for #OpenSSFCommunity Day North America, and we want to hear from YOU!!
This is a community conference focused on sharing what’s working, what’s hard, and what others can learn.
🗓️ CFP closes: February 15
👉 Submit your proposal: events.linuxfoundation.org/openssf-comm...
This is a community conference focused on sharing what’s working, what’s hard, and what others can learn.
🗓️ CFP closes: February 15
👉 Submit your proposal: events.linuxfoundation.org/openssf-comm...
ICYMI: The latest What’s in the SOSS? #podcast celebrates OpenSSF’s 5-year anniversary and recaps a huge year for open source security.
🎧 Listen here: openssf.org/podcast/2025...
🎧 Listen here: openssf.org/podcast/2025...
January 13, 2026 at 2:35 PM
ICYMI: The latest What’s in the SOSS? #podcast celebrates OpenSSF’s 5-year anniversary and recaps a huge year for open source security.
🎧 Listen here: openssf.org/podcast/2025...
🎧 Listen here: openssf.org/podcast/2025...
Conference badges can mean more than a name 🎟️
Madalin shares what it has meant to represent the Open Source Security Foundation and The Linux Foundation across Europe 🌍 from #opensource events to policy rooms and standards discussions.
Read the story: openssf.org/blog/2026/01...
#OSSSecurity
Madalin shares what it has meant to represent the Open Source Security Foundation and The Linux Foundation across Europe 🌍 from #opensource events to policy rooms and standards discussions.
Read the story: openssf.org/blog/2026/01...
#OSSSecurity
January 9, 2026 at 3:03 PM
Conference badges can mean more than a name 🎟️
Madalin shares what it has meant to represent the Open Source Security Foundation and The Linux Foundation across Europe 🌍 from #opensource events to policy rooms and standards discussions.
Read the story: openssf.org/blog/2026/01...
#OSSSecurity
Madalin shares what it has meant to represent the Open Source Security Foundation and The Linux Foundation across Europe 🌍 from #opensource events to policy rooms and standards discussions.
Read the story: openssf.org/blog/2026/01...
#OSSSecurity
🔍 VEX promises clarity in vulnerability management, but adoption is still uneven.
This #OpenSSF community paper looks at:
• What’s working (and what isn’t)
• CSAF vs OpenVEX vs SPDX vs CycloneDX
• Tooling gaps, trust, and regulation
...and more.
🔗: openssf.org/blog/2026/01...
This #OpenSSF community paper looks at:
• What’s working (and what isn’t)
• CSAF vs OpenVEX vs SPDX vs CycloneDX
• Tooling gaps, trust, and regulation
...and more.
🔗: openssf.org/blog/2026/01...
January 8, 2026 at 8:45 PM
🔍 VEX promises clarity in vulnerability management, but adoption is still uneven.
This #OpenSSF community paper looks at:
• What’s working (and what isn’t)
• CSAF vs OpenVEX vs SPDX vs CycloneDX
• Tooling gaps, trust, and regulation
...and more.
🔗: openssf.org/blog/2026/01...
This #OpenSSF community paper looks at:
• What’s working (and what isn’t)
• CSAF vs OpenVEX vs SPDX vs CycloneDX
• Tooling gaps, trust, and regulation
...and more.
🔗: openssf.org/blog/2026/01...
👀 Everyone’s talking about the #OSPSBaseline.
This new blog serves as a "Resource Hub" where you can learn what it is, see it in action, and understand how open source projects can improve security over time.
📎 Read: openssf.org/blog/2026/01...
This new blog serves as a "Resource Hub" where you can learn what it is, see it in action, and understand how open source projects can improve security over time.
📎 Read: openssf.org/blog/2026/01...
January 7, 2026 at 9:07 PM
👀 Everyone’s talking about the #OSPSBaseline.
This new blog serves as a "Resource Hub" where you can learn what it is, see it in action, and understand how open source projects can improve security over time.
📎 Read: openssf.org/blog/2026/01...
This new blog serves as a "Resource Hub" where you can learn what it is, see it in action, and understand how open source projects can improve security over time.
📎 Read: openssf.org/blog/2026/01...
📖 Part 2 of this blog series shares practical tips for using #AI in software development, avoiding “vibe coding,” & strengthening security through human review & intent.
Take a clear look at where AI helps, where it doesn’t, & what comes next: openssf.org/blog/2026/01...
Take a clear look at where AI helps, where it doesn’t, & what comes next: openssf.org/blog/2026/01...
January 5, 2026 at 9:55 PM
📖 Part 2 of this blog series shares practical tips for using #AI in software development, avoiding “vibe coding,” & strengthening security through human review & intent.
Take a clear look at where AI helps, where it doesn’t, & what comes next: openssf.org/blog/2026/01...
Take a clear look at where AI helps, where it doesn’t, & what comes next: openssf.org/blog/2026/01...
🎙️ "What's in the SOSS?" Podcast Season Finale is live!
Join co-hosts CRob & Yesenia for a special season finale celebrating OpenSSF’s 5th anniversary, & a look back at a truly transformative year for open source security. 🛡️
🎧 Listen: openssf.org/podcast/2025...
#OSSSecurity
Join co-hosts CRob & Yesenia for a special season finale celebrating OpenSSF’s 5th anniversary, & a look back at a truly transformative year for open source security. 🛡️
🎧 Listen: openssf.org/podcast/2025...
#OSSSecurity
December 30, 2025 at 6:15 PM
🎙️ "What's in the SOSS?" Podcast Season Finale is live!
Join co-hosts CRob & Yesenia for a special season finale celebrating OpenSSF’s 5th anniversary, & a look back at a truly transformative year for open source security. 🛡️
🎧 Listen: openssf.org/podcast/2025...
#OSSSecurity
Join co-hosts CRob & Yesenia for a special season finale celebrating OpenSSF’s 5th anniversary, & a look back at a truly transformative year for open source security. 🛡️
🎧 Listen: openssf.org/podcast/2025...
#OSSSecurity
💻 AI is now the norm in software development, but security hasn’t caught up.
This blog explains:
• Why productivity is driving #AI adoption
• Where AI-generated code creates real security risk
• What developers need to watch out for
Read Part 1:
openssf.org/blog/2025/12...
This blog explains:
• Why productivity is driving #AI adoption
• Where AI-generated code creates real security risk
• What developers need to watch out for
Read Part 1:
openssf.org/blog/2025/12...
December 29, 2025 at 7:57 PM
💻 AI is now the norm in software development, but security hasn’t caught up.
This blog explains:
• Why productivity is driving #AI adoption
• Where AI-generated code creates real security risk
• What developers need to watch out for
Read Part 1:
openssf.org/blog/2025/12...
This blog explains:
• Why productivity is driving #AI adoption
• Where AI-generated code creates real security risk
• What developers need to watch out for
Read Part 1:
openssf.org/blog/2025/12...
🧑🌾 bomctl makes SBOMs easier to work with by handling format and version differences for you. Convert between SPDX and CycloneDX, upgrade spec versions, and link #SBOMs across suppliers and systems.
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
Inside the bomctl Project: Bridging SBOM Generation & Analysis | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 22, 2025 at 9:33 PM
🧑🌾 bomctl makes SBOMs easier to work with by handling format and version differences for you. Convert between SPDX and CycloneDX, upgrade spec versions, and link #SBOMs across suppliers and systems.
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
Watch the OpenSSF Project Spotlight about #bomctl: youtu.be/Tax1pNaySYQ?...
OpenSSF-funded improvements to sigstore’s rekor-monitor are making transparency logs easier to monitor for malicious package releases and identity misuse.
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
December 19, 2025 at 6:19 PM
OpenSSF-funded improvements to sigstore’s rekor-monitor are making transparency logs easier to monitor for malicious package releases and identity misuse.
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
Great work by Trail of Bits, with support from the sigstore maintainer's Hayden Blauzvern and Mihai Maruseac.
openssf.org/blog/2025/12...
As 2025 comes to a close, we’re grateful for the people behind open source security.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
December 19, 2025 at 5:24 PM
As 2025 comes to a close, we’re grateful for the people behind open source security.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
Thank you for your collaboration, commitment, and community spirit.
📘 Explore the 2025 OpenSSF Annual Report: openssf.org/download-the...
Happy Holidays from the #OpenSSFCommunity.
The December 2025 #OpenSSF Newsletter is live 🎉
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
December 18, 2025 at 3:54 PM
The December 2025 #OpenSSF Newsletter is live 🎉
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.
Read it here 👉 openssf.org/newsletter/2...
🛡️ #gittuf brings supply chain security to the source itself - applying portable, policy-based attestations directly to Git repositories. From two-party reviews to test enforcement, gittuf makes GitOps & repo-driven workflows more trustworthy by default.
🎥 : youtu.be/bQ-GHyHJcbc?...
🎥 : youtu.be/bQ-GHyHJcbc?...
Inside the gittuf Project: Platform-Agnostic Git Security | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 17, 2025 at 9:33 PM
🛡️ #gittuf brings supply chain security to the source itself - applying portable, policy-based attestations directly to Git repositories. From two-party reviews to test enforcement, gittuf makes GitOps & repo-driven workflows more trustworthy by default.
🎥 : youtu.be/bQ-GHyHJcbc?...
🎥 : youtu.be/bQ-GHyHJcbc?...
🎙️ New episode of What’s in the SOSS is live!
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
December 16, 2025 at 2:46 PM
🎙️ New episode of What’s in the SOSS is live!
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.
🎧 Listen here: openssf.org/podcast/2025...
When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
GUAC: Mapping Software Relationships for Supply Chain Security | OpenSSF Project Spotlight
YouTube video by OpenSSF
youtu.be
December 15, 2025 at 9:28 PM
When a new vulnerability drops, the first question is always: Is this in my supply chain? 🔍
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...
By ingesting and enriching #SBOMs with vulnerability and dependency data, #GUAC lets you query your entire application portfolio and pinpoint where action is needed immediately.
🎥 youtu.be/uDT0xes5ico?...