Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Apr 4, 2025 |
Launch of Model Signing v1.0: OpenSSF AI/ML Working Group Secures the Machine Learning Supply Chain
We are pleased to announce the launch of version 1.0 of the model-signing project, an OpenSSF project developed in the past year as part of the OpenSSF AI/ML working group. The aim of the project is to provide a library and CLI for signing and verification of ML models, supporting… Read more.
Mar 28, 2025 |
GuardDog: Strengthening Open Source Security Against Supply Chain Attacks
Datadog is a proud Open Source Security Foundation (OpenSSF) member, and we believe that being a part of this security community will lead us all to a safer place. Attackers are increasingly turning to supply chain attacks to distribute their malicious code, and the Open Source Vulnerabilities (OSV) database, to… Read more.
Mar 25, 2025 |
In Blog
Beyond the Software Bill of Materials (SBOM): Ensuring Integrity with Attestations ā Event Recap
On March 5th, the SBOMit community hosted the Beyond the SBOM: Ensuring Integrity with Attestations event at The National Press Club in Washington, D.C. This event, co-located with OpenSSF Policy Summit DC, brought together industry leaders to address the limitations of single SBOMs and even signed SBOMs in ensuring software… Read more.
Mar 24, 2025 |
What will my business need to do for the EU CRA?
The European Unionās Cyber Resilience Act (CRA) is a piece of legislation that covers all countries within the EU and the EAA and entered into force on 10th December 2024. It covers many types of devices and applications that are either sold or otherwise made commercially available in Europe and… Read more.
Mar 18, 2025 |
Linux Foundation Research Reports Reveal Wide Spectrum for Cyber Resilience Act Readiness and Compliance
SAN FRANCISCO ā March 18, 2024 āĀ TheĀ Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the publication of two groundbreaking research reports, both in partnership with theĀ Open Source Security FoundationĀ (OpenSSF) andĀ Linux Foundation EuropeĀ (LF Europe), that explore community-driven strategies to address open source security and theĀ European Unionās… Read more.
Mar 17, 2025 |
In Blog
CNCF & OpenSSF Announce Open Source SecurityCon 2025
TheĀ Cloud Native Computing Foundation (CNCF)Ā and theĀ Open Source Security Foundation (OpenSSF)Ā are thrilled to introduceĀ Open Source SecurityCon 2025āa premier event focused on strengthening cloud-native and open source software security. Read more.
Mar 14, 2025 |
OpenSSF Policy Summit DC 2025 Recap
The OpenSSF Policy Summit DC 2025 brought together open source, government, and industry leaders to tackle pressing security challenges. The event fostered open dialogue under the Chatham House Rule, emphasizing shared responsibility and commitment to strengthening the open source ecosystem. A Message from Steve Fernandez, OpenSSF General Manager,Ā "The OpenSSF… Read more.
Mar 11, 2025 |
OpenSSF Hosts 2025 Policy Summit in Washington, D.C. to Tackle Open Source Security Challenges
WASHINGTON, D.C. ā March 11, 2025 ā The Open Source Security Foundation (OpenSSF) successfully hosted its 2025 Policy Summit in Washington, D.C., on Tuesday, March 4. The summit brought together industry leaders and open source security experts to address key challenges in securing the software supply chain, with a focus… Read more.
Mar 6, 2025 |
In Blog
NEW FREE COURSE: Security for Software Development Managers (LFD125)
The Open Source Security Foundation and Linux Foundation Education have announced the launch of a new, free, cybersecurity e-Learning course, Security for Software Development Managers (LFD125). The course is designed for anyone who manages, or aspires to manage, developer teams. Read more.
Mar 6, 2025 |
In Blog
2025 OpenSSF Content Themes: Strengthening Open Source Security Throughout the Year
Each year, the Open Source Security Foundation (OpenSSF) is committed to securing the software supply chain through a year-long focus on key themes. Our content calendar aligns with critical security topics, industry events, and cybersecurity awareness initiatives. As we move through 2025, hereās how OpenSSF is strengthening software supply chain… Read more.