Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
Oct 22, 2025 |
SBOMs in the Era of the CRA: Toward a Unified and Actionable Framework
By Madalin Neag, Kate Stewart, and David A. Wheeler In our previous blog post, we explored how the Software Bill of Materials (SBOM) should not be a static artifact created only to comply with some regulation, but should be a decision ready tool. In particular, SBOMs can support risk management.… Read more.
Oct 16, 2025 |
In Blog
A New Course on Secure AI/ML-Driven Software Development
The Open Source Security Foundation (OpenSSF) has launched a new free course, Secure AI/ML-Driven Software Development (LFEL1012), authored by David A. Wheeler. As AI and machine learning become core to modern software development, this course helps developers understand and mitigate the security risks associated with AI code assistants. In just… Read more.
Oct 15, 2025 |
Announcing the Sigstore Transparency Log Research Dataset
We’re pleased to announce the creation of a new BigQuery public dataset, rekor. The rekor dataset is an easily-queryable mirror of the public good instance of Sigstore’s transparency log, Rekor. Read more.
Oct 10, 2025 |
OpenSSF Scorecard Audit is Complete!
This blog was originally published on the OSTIF website on October 9, 2025 by Helen Wooste The Open Source Technology Improvement Fund is proud to share the results of our security audit of OpenSSF Scorecard. OpenSSF Scorecard is an open source automated testing resource to help projects continually assess security risks. With the help… Read more.
Oct 9, 2025 |
In Blog
Building Security in Open Source for Financial Services: OpenSSF at Open Source in Finance Forum (OSFF)
Financial services run on open source. With regulations growing and supply chains under pressure, institutions need clear frameworks and reliable data to keep systems secure. At the Open Source in Finance Forum (OSFF) the OpenSSF community is sponsoring and sharing sessions on the OSPS Baseline, vulnerability data, and AI security.… Read more.
Oct 8, 2025 |
KubeCon + CloudNativeCon North America 2025 Co-Located Event Deep Dive: Open Source SecurityCon
Open Source SecurityCon has always been about bringing people together to strengthen trust in open source. From its beginnings within TAG Security to its growth as a standalone conference, and now returning to KubeCon + CloudNativeCon alongside the Open Source Security Foundation (OpenSSF), the event has become a gathering place for… Read more.
Oct 2, 2025 |
In Blog
Recap: OpenSSF Tech Talk on Securing the AI Lifecycle
On September 24, the Open Source Security Foundation (OpenSSF) hosted its latest Tech Talk, bringing together experts from Dell, Google, Intel, and the broader community to discuss how open source tools and practices can secure the fast-evolving AI/ML lifecycle. The recording and slides are now available. Read more.
Sep 23, 2025 |
In Blog
Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship
An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed. Every modern application, whether written in Java, JavaScript, Python, Rust, PHP, or beyond, depends on public package registries like Maven Central, PyPI, crates.io, Packagist and… Read more.
Sep 22, 2025 |
From Beginner to Builder: Your First Code Contribution
Maybe you've used open source before and wondered how it all works, or you're early in your career and heard that open source contributions can boost your growth. Maybe you've witnessed software supply chain attacks and felt an urge to make a difference. Maybe you just started learning about OpenSSF… Read more.
Sep 19, 2025 |
In Blog
From Ghent to Brussels: OpenSSF’s Week of Policy and Security in Europe
At the end of October, the Linux Foundation, the Linux Foundation Europe and OpenSSF will gather leaders across industry, government, and open source communities for three impactful events in Belgium. Together, these back-to-back gatherings will advance collaboration, shape policy, and highlight the critical role of open source in Europe’s digital… Read more.