OpenSSF
@openssf.org
Open Source Security Foundation (OpenSSF)
Together, we're securing the open source ecosystem
http://openssf.org
#OSSSecurity #OpenSSFCommunity
Together, we're securing the open source ecosystem
http://openssf.org
#OSSSecurity #OpenSSFCommunity
🗣️ Our newest Zarf Tech Talk recap is live! 📹
This Tech Talkbrought together experts from Sonatype, Defense Unicorns, and Boeing to break down one of the biggest challenges in secure software delivery: operating in disconnected or restricted environments.
#Zarf #DevSecOps
This Tech Talkbrought together experts from Sonatype, Defense Unicorns, and Boeing to break down one of the biggest challenges in secure software delivery: operating in disconnected or restricted environments.
#Zarf #DevSecOps
Tech Talk: Simplifying DevSecOps in Air-Gapped Environments with Zarf
YouTube video by OpenSSF
youtube.com
November 18, 2025 at 7:31 PM
🗣️ Our newest Zarf Tech Talk recap is live! 📹
This Tech Talkbrought together experts from Sonatype, Defense Unicorns, and Boeing to break down one of the biggest challenges in secure software delivery: operating in disconnected or restricted environments.
#Zarf #DevSecOps
This Tech Talkbrought together experts from Sonatype, Defense Unicorns, and Boeing to break down one of the biggest challenges in secure software delivery: operating in disconnected or restricted environments.
#Zarf #DevSecOps
💬 Last month, LF Europe (@linuxfoundationeu.bsky.social), OpenSSF, and CEPS brought the open source community together in Ghent and Brussels for a full week of conversations on security, collaboration, and Europe’s digital future.
Read the recap: openssf.org/blog/2025/11...
#OSSSecurity
Read the recap: openssf.org/blog/2025/11...
#OSSSecurity
November 17, 2025 at 9:19 PM
💬 Last month, LF Europe (@linuxfoundationeu.bsky.social), OpenSSF, and CEPS brought the open source community together in Ghent and Brussels for a full week of conversations on security, collaboration, and Europe’s digital future.
Read the recap: openssf.org/blog/2025/11...
#OSSSecurity
Read the recap: openssf.org/blog/2025/11...
#OSSSecurity
OpenSSF sponsored OSFF NYC to help the financial sector strengthen its use of open source through practical security guidance.
Thank you to the speakers from our community and to FINOS for bringing everyone together.
Learn more: openssf.org/blog/2025/11...
Thank you to the speakers from our community and to FINOS for bringing everyone together.
Learn more: openssf.org/blog/2025/11...
November 13, 2025 at 3:06 PM
OpenSSF sponsored OSFF NYC to help the financial sector strengthen its use of open source through practical security guidance.
Thank you to the speakers from our community and to FINOS for bringing everyone together.
Learn more: openssf.org/blog/2025/11...
Thank you to the speakers from our community and to FINOS for bringing everyone together.
Learn more: openssf.org/blog/2025/11...
News from Open Source #SecurityCon
New members: Target and Thread AI
Membership upgrade: OSTIF
Golden Egg Awards go to Sarah Evans, Justin Cappos, Patrick Zielinski, Evan Anderson and Brandt Keller 🎉
openssf.org/press-releas...
New members: Target and Thread AI
Membership upgrade: OSTIF
Golden Egg Awards go to Sarah Evans, Justin Cappos, Patrick Zielinski, Evan Anderson and Brandt Keller 🎉
openssf.org/press-releas...
November 10, 2025 at 2:40 PM
News from Open Source #SecurityCon
New members: Target and Thread AI
Membership upgrade: OSTIF
Golden Egg Awards go to Sarah Evans, Justin Cappos, Patrick Zielinski, Evan Anderson and Brandt Keller 🎉
openssf.org/press-releas...
New members: Target and Thread AI
Membership upgrade: OSTIF
Golden Egg Awards go to Sarah Evans, Justin Cappos, Patrick Zielinski, Evan Anderson and Brandt Keller 🎉
openssf.org/press-releas...
Join us at #KubeCon for a deep-dive on SBOMit -- a build-time technique for generating in-toto attestations and using them to produce SBOMs that don’t miss dependencies.
📅 Tue, Nov 11, 2025
🕑 2:00–5:00 PM
📍 Building B | Level 2 | Room B213
#SBOM #OSSSecurity
📅 Tue, Nov 11, 2025
🕑 2:00–5:00 PM
📍 Building B | Level 2 | Room B213
#SBOM #OSSSecurity
November 5, 2025 at 9:44 PM
Join us at #KubeCon for a deep-dive on SBOMit -- a build-time technique for generating in-toto attestations and using them to produce SBOMs that don’t miss dependencies.
📅 Tue, Nov 11, 2025
🕑 2:00–5:00 PM
📍 Building B | Level 2 | Room B213
#SBOM #OSSSecurity
📅 Tue, Nov 11, 2025
🕑 2:00–5:00 PM
📍 Building B | Level 2 | Room B213
#SBOM #OSSSecurity
How can open source maintainers prove their project’s security posture?
💬 Learn about the OSPS Baseline in our latest What’s in the SOSS? discussion with Ben Cotton & Eddie Knight.
openssf.org/podcast/2025...
#OpenSSF
💬 Learn about the OSPS Baseline in our latest What’s in the SOSS? discussion with Ben Cotton & Eddie Knight.
openssf.org/podcast/2025...
#OpenSSF
November 4, 2025 at 3:10 PM
How can open source maintainers prove their project’s security posture?
💬 Learn about the OSPS Baseline in our latest What’s in the SOSS? discussion with Ben Cotton & Eddie Knight.
openssf.org/podcast/2025...
#OpenSSF
💬 Learn about the OSPS Baseline in our latest What’s in the SOSS? discussion with Ben Cotton & Eddie Knight.
openssf.org/podcast/2025...
#OpenSSF
ICYMI 👻 Attackers are using AI… and it’s spooky.
Great insights from Hugo Huang + Canonical on why securing AI is the next battleground and how open source helps.
Read more 👉 openssf.org/blog/2025/08...
#OpenSSF
Great insights from Hugo Huang + Canonical on why securing AI is the next battleground and how open source helps.
Read more 👉 openssf.org/blog/2025/08...
#OpenSSF
October 31, 2025 at 4:38 PM
ICYMI 👻 Attackers are using AI… and it’s spooky.
Great insights from Hugo Huang + Canonical on why securing AI is the next battleground and how open source helps.
Read more 👉 openssf.org/blog/2025/08...
#OpenSSF
Great insights from Hugo Huang + Canonical on why securing AI is the next battleground and how open source helps.
Read more 👉 openssf.org/blog/2025/08...
#OpenSSF
🚨 Zarf Tech Talk happening next Thursday 2PM ET!
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly in air-gapped environments.
Register: openssf.org/resources/te...
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly in air-gapped environments.
Register: openssf.org/resources/te...
October 30, 2025 at 8:52 PM
🚨 Zarf Tech Talk happening next Thursday 2PM ET!
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly in air-gapped environments.
Register: openssf.org/resources/te...
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly in air-gapped environments.
Register: openssf.org/resources/te...
🚨 Zarf Tech Talk happening next Thursday 2PM ET!
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly, no connection required.
Register: openssf.org/resources/te...
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly, no connection required.
Register: openssf.org/resources/te...
October 30, 2025 at 8:50 PM
🚨 Zarf Tech Talk happening next Thursday 2PM ET!
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly, no connection required.
Register: openssf.org/resources/te...
Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly, no connection required.
Register: openssf.org/resources/te...
Stay informed in the fast-moving world of open source security. The October #OpenSSF Newsletter covers AI security, SBOM evolution, OpenSSF Scorecard improvements, and upcoming events built for developers.
Read the full update: openssf.org/newsletter/2...
Read the full update: openssf.org/newsletter/2...
October 29, 2025 at 8:26 PM
Stay informed in the fast-moving world of open source security. The October #OpenSSF Newsletter covers AI security, SBOM evolution, OpenSSF Scorecard improvements, and upcoming events built for developers.
Read the full update: openssf.org/newsletter/2...
Read the full update: openssf.org/newsletter/2...
📣 Our next Tech Talk is around the corner. Hear from experts from Defense Unicorns, Boeing, and Sonatype as they talk about how OpenSSF project #Zarf simplifies software delivery in disconnected or semi-connected environments.
📅 Sign-up now: openssf.org/resources/te...
#openssf
📅 Sign-up now: openssf.org/resources/te...
#openssf
October 27, 2025 at 8:25 PM
📣 Our next Tech Talk is around the corner. Hear from experts from Defense Unicorns, Boeing, and Sonatype as they talk about how OpenSSF project #Zarf simplifies software delivery in disconnected or semi-connected environments.
📅 Sign-up now: openssf.org/resources/te...
#openssf
📅 Sign-up now: openssf.org/resources/te...
#openssf
The global push for #SBOM standards is reshaping how we approach cybersecurity and transparency. 🌍
Explore how the EU #CRA, CISA, and @OpenSSF efforts are aligning global software supply chain security.
openssf.org/blog/2025/10...
Explore how the EU #CRA, CISA, and @OpenSSF efforts are aligning global software supply chain security.
openssf.org/blog/2025/10...
October 22, 2025 at 4:51 PM
The global push for #SBOM standards is reshaping how we approach cybersecurity and transparency. 🌍
Explore how the EU #CRA, CISA, and @OpenSSF efforts are aligning global software supply chain security.
openssf.org/blog/2025/10...
Explore how the EU #CRA, CISA, and @OpenSSF efforts are aligning global software supply chain security.
openssf.org/blog/2025/10...
💬 “You are not alone. It’s totally OK to ask for help.” — Seth Larson
In this week’s What's In the SOSS podcast, Seth Larson joins host Yesenia Yser to talk about trust, maintainers, and building security together.
🎧 Listen: openssf.org/podcast/2025...
#OpenSSFCommunity
In this week’s What's In the SOSS podcast, Seth Larson joins host Yesenia Yser to talk about trust, maintainers, and building security together.
🎧 Listen: openssf.org/podcast/2025...
#OpenSSFCommunity
October 21, 2025 at 1:51 PM
💬 “You are not alone. It’s totally OK to ask for help.” — Seth Larson
In this week’s What's In the SOSS podcast, Seth Larson joins host Yesenia Yser to talk about trust, maintainers, and building security together.
🎧 Listen: openssf.org/podcast/2025...
#OpenSSFCommunity
In this week’s What's In the SOSS podcast, Seth Larson joins host Yesenia Yser to talk about trust, maintainers, and building security together.
🎧 Listen: openssf.org/podcast/2025...
#OpenSSFCommunity
❓What’s new in the #OSPS Baseline?
The latest release (v2025-10-10) refines guidance across access control, build & release practices, and documentation, making it easier for maintainers to adopt and demonstrate strong security practices.
baseline.openssf.org/release_note...
The latest release (v2025-10-10) refines guidance across access control, build & release practices, and documentation, making it easier for maintainers to adopt and demonstrate strong security practices.
baseline.openssf.org/release_note...
October 17, 2025 at 5:35 PM
❓What’s new in the #OSPS Baseline?
The latest release (v2025-10-10) refines guidance across access control, build & release practices, and documentation, making it easier for maintainers to adopt and demonstrate strong security practices.
baseline.openssf.org/release_note...
The latest release (v2025-10-10) refines guidance across access control, build & release practices, and documentation, making it easier for maintainers to adopt and demonstrate strong security practices.
baseline.openssf.org/release_note...
💚 #OSS thrives when communities are welcoming and inclusive.
Listen to the latest GR-OSS OUT Podcast from G-Research, Tabatha DiDomenico & Stacey Potter from OpenSSF
🎧 www.youtube.com/watch?v=Us_M...
Listen to the latest GR-OSS OUT Podcast from G-Research, Tabatha DiDomenico & Stacey Potter from OpenSSF
🎧 www.youtube.com/watch?v=Us_M...
GR-OSS OUT Podcast Episode 15: Stacey Potter - Building Welcoming Communities
YouTube video by GR Open Source Software
www.youtube.com
October 17, 2025 at 2:24 PM
💚 #OSS thrives when communities are welcoming and inclusive.
Listen to the latest GR-OSS OUT Podcast from G-Research, Tabatha DiDomenico & Stacey Potter from OpenSSF
🎧 www.youtube.com/watch?v=Us_M...
Listen to the latest GR-OSS OUT Podcast from G-Research, Tabatha DiDomenico & Stacey Potter from OpenSSF
🎧 www.youtube.com/watch?v=Us_M...
🚀 Ready to build software securely in the age of AI?
#AI code assistants can boost productivity, but they can also introduce real security risks.
Earn your digital badge in just one hour and write safer, smarter code.
📘 openssf.org/blog/2025/10...
👉 training.linuxfoundation.org/express-lear...
#AI code assistants can boost productivity, but they can also introduce real security risks.
Earn your digital badge in just one hour and write safer, smarter code.
📘 openssf.org/blog/2025/10...
👉 training.linuxfoundation.org/express-lear...
October 16, 2025 at 3:27 PM
🚀 Ready to build software securely in the age of AI?
#AI code assistants can boost productivity, but they can also introduce real security risks.
Earn your digital badge in just one hour and write safer, smarter code.
📘 openssf.org/blog/2025/10...
👉 training.linuxfoundation.org/express-lear...
#AI code assistants can boost productivity, but they can also introduce real security risks.
Earn your digital badge in just one hour and write safer, smarter code.
📘 openssf.org/blog/2025/10...
👉 training.linuxfoundation.org/express-lear...
42 is the answer to life, the universe… and everything.
For #OpenSSF, it’s the answer to secure AI development.
Listen to What’s in the SOSS? Episode #42 ft. David A. Wheeler + the launch of LFEL1012
🎧 Listen → openssf.org/podcast/2025...
🎓 Enroll → training.linuxfoundation.org/express-lear...
For #OpenSSF, it’s the answer to secure AI development.
Listen to What’s in the SOSS? Episode #42 ft. David A. Wheeler + the launch of LFEL1012
🎧 Listen → openssf.org/podcast/2025...
🎓 Enroll → training.linuxfoundation.org/express-lear...
October 16, 2025 at 1:02 PM
42 is the answer to life, the universe… and everything.
For #OpenSSF, it’s the answer to secure AI development.
Listen to What’s in the SOSS? Episode #42 ft. David A. Wheeler + the launch of LFEL1012
🎧 Listen → openssf.org/podcast/2025...
🎓 Enroll → training.linuxfoundation.org/express-lear...
For #OpenSSF, it’s the answer to secure AI development.
Listen to What’s in the SOSS? Episode #42 ft. David A. Wheeler + the launch of LFEL1012
🎧 Listen → openssf.org/podcast/2025...
🎓 Enroll → training.linuxfoundation.org/express-lear...
🎉 The new #Sigstore Rekor transparency log public dataset is now available on BigQuery!
This dataset makes it easier for researchers to analyze software signing trends & understand how artifacts are signed across the open source ecosystem.
🔗 Read: openssf.org/blog/2025/10...
This dataset makes it easier for researchers to analyze software signing trends & understand how artifacts are signed across the open source ecosystem.
🔗 Read: openssf.org/blog/2025/10...
October 15, 2025 at 7:20 PM
🎉 The new #Sigstore Rekor transparency log public dataset is now available on BigQuery!
This dataset makes it easier for researchers to analyze software signing trends & understand how artifacts are signed across the open source ecosystem.
🔗 Read: openssf.org/blog/2025/10...
This dataset makes it easier for researchers to analyze software signing trends & understand how artifacts are signed across the open source ecosystem.
🔗 Read: openssf.org/blog/2025/10...
Heading to #PyTorchCon 2025? Don’t miss our BoF on Applying DevSecOps Lessons to MLSecOps (Oct 23 | 10:30 AM PDT).
Join Jeff Diecks + Mihai Maruseac as we explore secure AI/ML development with the OpenSSF AI/ML Security WG.
👉 sched.co/27QQG
#OpenSSF #MLSecOps
Join Jeff Diecks + Mihai Maruseac as we explore secure AI/ML development with the OpenSSF AI/ML Security WG.
👉 sched.co/27QQG
#OpenSSF #MLSecOps
October 14, 2025 at 8:00 PM
Heading to #PyTorchCon 2025? Don’t miss our BoF on Applying DevSecOps Lessons to MLSecOps (Oct 23 | 10:30 AM PDT).
Join Jeff Diecks + Mihai Maruseac as we explore secure AI/ML development with the OpenSSF AI/ML Security WG.
👉 sched.co/27QQG
#OpenSSF #MLSecOps
Join Jeff Diecks + Mihai Maruseac as we explore secure AI/ML development with the OpenSSF AI/ML Security WG.
👉 sched.co/27QQG
#OpenSSF #MLSecOps
The @ostifofficial.bsky.social recently completed a security audit of #OpenSSFScorecard.
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
October 10, 2025 at 5:42 PM
The @ostifofficial.bsky.social recently completed a security audit of #OpenSSFScorecard.
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. .
Read to learn more:🔗 openssf.org/blog/2025/10...
Financial services run on open source, and #OpenSSF is helping make it more secure.
At #OSFF, our community is leading sessions on:
🔹 OSPS Baseline
🔹 CVE & vulnerability data
🔹 AI security
📖Read the blog: openssf.org/blog/2025/10...
At #OSFF, our community is leading sessions on:
🔹 OSPS Baseline
🔹 CVE & vulnerability data
🔹 AI security
📖Read the blog: openssf.org/blog/2025/10...
October 9, 2025 at 8:07 PM
Financial services run on open source, and #OpenSSF is helping make it more secure.
At #OSFF, our community is leading sessions on:
🔹 OSPS Baseline
🔹 CVE & vulnerability data
🔹 AI security
📖Read the blog: openssf.org/blog/2025/10...
At #OSFF, our community is leading sessions on:
🔹 OSPS Baseline
🔹 CVE & vulnerability data
🔹 AI security
📖Read the blog: openssf.org/blog/2025/10...
Security is no longer optional -- it’s essential.
Join us at #OpenSource SecurityCon (co-located with #KubeCon + #CloudNativeCon North America 2025) to learn, connect & collaborate on the future of secure software.
Read more 👇
🔗 openssf.org/blog/2025/10...
Join us at #OpenSource SecurityCon (co-located with #KubeCon + #CloudNativeCon North America 2025) to learn, connect & collaborate on the future of secure software.
Read more 👇
🔗 openssf.org/blog/2025/10...
October 8, 2025 at 7:09 PM
Security is no longer optional -- it’s essential.
Join us at #OpenSource SecurityCon (co-located with #KubeCon + #CloudNativeCon North America 2025) to learn, connect & collaborate on the future of secure software.
Read more 👇
🔗 openssf.org/blog/2025/10...
Join us at #OpenSource SecurityCon (co-located with #KubeCon + #CloudNativeCon North America 2025) to learn, connect & collaborate on the future of secure software.
Read more 👇
🔗 openssf.org/blog/2025/10...
New #podcast episode 🎙️
AI agents are changing the game for open source security.
CRob talks with John Amaral of root.io about the shift from scanning to fixing first.
Listen → openssf.org/podcast/2025...
AI agents are changing the game for open source security.
CRob talks with John Amaral of root.io about the shift from scanning to fixing first.
Listen → openssf.org/podcast/2025...
October 7, 2025 at 4:11 PM
New #podcast episode 🎙️
AI agents are changing the game for open source security.
CRob talks with John Amaral of root.io about the shift from scanning to fixing first.
Listen → openssf.org/podcast/2025...
AI agents are changing the game for open source security.
CRob talks with John Amaral of root.io about the shift from scanning to fixing first.
Listen → openssf.org/podcast/2025...
⏪ On September 24, OpenSSF hosted a Tech Talk with experts on securing the #AI/ML lifecycle. Recording & slides now available: openssf.org/resources/te...
📖 Read the recap: openssf.org/blog/2025/10...
#OSSecurity
📖 Read the recap: openssf.org/blog/2025/10...
#OSSecurity
October 2, 2025 at 6:59 PM
⏪ On September 24, OpenSSF hosted a Tech Talk with experts on securing the #AI/ML lifecycle. Recording & slides now available: openssf.org/resources/te...
📖 Read the recap: openssf.org/blog/2025/10...
#OSSecurity
📖 Read the recap: openssf.org/blog/2025/10...
#OSSecurity
🎉 The September #OpenSSF Newsletter is live!
CRA + SBOM updates
Golden Egg Awards 🥚
AI/ML security resources
OpenSSF Community Day Europe & India recaps
New podcasts + free courses
openssf.org/newsletter/2...
CRA + SBOM updates
Golden Egg Awards 🥚
AI/ML security resources
OpenSSF Community Day Europe & India recaps
New podcasts + free courses
openssf.org/newsletter/2...
September 30, 2025 at 3:23 PM
🎉 The September #OpenSSF Newsletter is live!
CRA + SBOM updates
Golden Egg Awards 🥚
AI/ML security resources
OpenSSF Community Day Europe & India recaps
New podcasts + free courses
openssf.org/newsletter/2...
CRA + SBOM updates
Golden Egg Awards 🥚
AI/ML security resources
OpenSSF Community Day Europe & India recaps
New podcasts + free courses
openssf.org/newsletter/2...