OpenSSF

🤖 AI code assistants are changing how developers work, but speed shouldn’t come at the cost of security. This new Express Learning course from Linux Foundation Education and OpenSSF helps developers use AI responsibly, write more secure code, and review AI-generated changes with confidence. Learn how to build & review software securely in an AI-driven world: https://lnkd.in/egY8N-ac #AI #Security #Education

📣 Hi OSS Community! Together with our friends at the Cloud Native Computing Foundation (CNCF), we’ll be co-hosting Open Source #SecurityCon Europe as a co-located event at KubeCon + CloudNativeCon Europe in Amsterdam 🇳🇱 on March 23, 2026. 🗓 Call for Proposals closes November 2, 2025! If you’re working on open source security, this is your chance to share your insights with the community. 🔗 Submit your proposal here: https://lnkd.in/eWetuPEb #OpenSSFCommunity #SecurityCon #KubeCon #OpenSourceSecurity

✨ Session Highlights: Frederick Kautz, TestifySec How do we secure the emerging Model Context Protocol (MCP)—the standard powering AI tool integration? At Open Source SecurityCon North America 2025, Frederick will introduce SAFE-MCP, a new security framework mapping 65 attack techniques across 14 tactics. 📣 SAFE-MCP: A Security Framework for AI+MCP (Model Context Protocol) 🗓️ Monday, November 10 | 1:30 – 1:55 PM EST | Atlanta, GA 📍 Building B | Level 3 | B304-305 🔗 View agenda + register: https://lnkd.in/eFf38eie #OpenSSF #Security #SupplyChain #OpenSourceSecurity #opensource #securitycon Cloud Native Computing Foundation (CNCF) #KubeCon #CloudNativeCon #CNCF #CloudNativeComputingFoundation

🚨 New Tech Talk happening next Thursday 2PM ET! (Register here: https://lnkd.in/eVXkygZS) What happens when your software can’t reach the internet? In many sectors and secure settings, constant connectivity isn’t an option, but software still needs to be delivered and secured. That’s where #Zarf comes in. Built by and for teams working in airgapped and semi-connected environments, Zarf makes software delivery simple, reliable, and secure (even when you’re completely offline). Join experts from Defense Unicorns, Sonatype, and Boeing next week for an OpenSSF Tech Talk to see how declarative packaging keeps Kubernetes and cloud-native workloads running smoothly, no connection required. Moderator: ⚙️ Eddie Knight (Sonatype) Speakers: Brandt Keller & Kit Patella (Defense Unicorns), Daniel Miller (Boeing) 🔗 https://lnkd.in/eVXkygZS #OpenSSFCommunity #DevSecOps #OpenSourceSecurity

Thanks to all who attended the European Open Source Security Forum with CEPS (Centre for European Policy Studies) today to connect policymakers and the open source community in Brussels. Working together to strengthen open source security across the EU. #OSSecurityForum #OpenSSF #OpenSourceSecurity

Enjoyed the opportunity to speak at the European Open Source Security Forum in Brussels this morning, on a panel titled “Open Source Software and the Changing Regulatory Landscape in the EU,” co-hosted by OpenSSF and CEPS (Centre for European Policy Studies). I repeated some of my recent messages – notably the mobilisation of the open source community around the CRA, and my hope that this engagement becomes sustained. Two current opportunities stand out: Revision of the Procurement Directive – a chance to promote non-price criteria that support sustainable open source, for example by allowing contracting authorities to favour vendors who contribute upstream to open source projects. Revision of Regulation 1025 – building on the policy innovation already seen in the CRA, such as the standardisation requiring that open source communities be consulted in the development of implementing standards. The public consultation is now open, making this a key moment to give concrete input on how the European standardisation system can be improved. Many thanks to James Lovegrove for the moderation and to my fellow panelists Benjamin Bögel and Jeremy Rollison for an excellent discussion.

OpenSSF CEPS (Centre for European Policy Studies) Open Source Security Forum (https://lnkd.in/eWdFA5UX) in sunny Brussels! Great to see this thought leadership and collaboration with EU policy makers to defend open innovation in Europe. Many thanks to organisers and the fab line up of speakers Mirko Boehm lorenzo pupillo Madalin Neag Raluca Stefanuc Benjamin Bögel and many many more…

The Korean open source community is growing fast and security is top of mind for everyone building on open source. Join us in Seoul for #OpenSSFCommunity Day Korea to share knowledge and create stronger foundations together. Catch a preview with Hoon Jo and Ram Iyengar: https://lnkd.in/e-6VRJAC Register Today! https://lnkd.in/e_DQrCjc

✨ Session Highlight: Akhil Mahendra (Scapia) & Harsh Varagiya (CRED) At #OpenSSFCommunity Day Korea, discover DepConfuse, an open source tool that uses an SBOM-first approach to detect dependency confusion risks across ecosystems, without needing source code or build access. 📣 DepConfuse: SBOM-first Detection of Dependency Confusion 🗓️ Nov 4, 2025 | 12:40–12:55 KST 📍 Rose Room 🔗 View agenda + register: https://lnkd.in/egvt_7Ur #OpenSSF #CommunityDay #Korea #SupplyChain #SBOM #opensource #security