OpenSSF

🎉 The 2025 OpenSSF Annual Report has officially arrived!!! We invite you to celebrate another year of progress, creativity, and collaboration shaping a safer, more resilient open source community. Download the report: openssf.org/download-the-2… #AnnualReport #OSSSecurity

The Gemara (pronounced "gem-mara" 💎) project provides a logical model to describe compliance activity categories, how they interact, and the schemas to enable automated interoperability. Watch the Spotlight: youtube.com/watch?v=aKhebJ… #OSSSecurity

Join us for a Welcome Call to meet the BEAR Working Group! We’re on a mission to ensure everyone has a fair chance to help protect our digital world. Come see how you can get involved! March 26, 2026 at 9am PT / 12pm ET / 16:00 UTC View our calendar at openssf.org/getinvolved

Today, @linuxfoundation announced a $12.5 million investment from a powerhouse coalition including Anthropic, Amazon Web Services (AWS), Google, Google DeepMind, GitHub, Microsoft, and OpenAI. Managed by OpenSSF and the Alpha-Omega project. hubs.la/Q047dpL50

The Linux Foundation Announces $12.5 Million in Grant Funding (via Alpha-Omega and OpenSSF) Anthropic, AmazonWebServices (AWS), GitHub, Google, GoogleDeepMind, Microsoft, OpenAI to Invest in Sustainable Security Solutions for #OpenSource hubs.la/Q0477-F90

The #OpenSSF Mentorship Program 2026 cycle is here! Whether you're a student looking to learn or a pro ready to lead, join us. 🎧 Inside Scoop: Check out the latest What’s in the SOSS? Podcast to hear how mentees become project maintainers. hubs.la/Q04761GF0

🔍 What to expect at Open Source #SecurityCon Europe 2026? From eBPF-based algorithms to the latest on the EU Cyber Resilience Act, we’re covering the tech and policy that keeps our ecosystem safe. 🔗 Read: openssf.org/blog/2026/03/1…

The agentic AI #TechTalk is happening next week -- have you registered yet? Read the blog to see why this conversation matters: from agent autonomy & trusted tool interaction to context integrity, it outlines what you’ll learn in the session. openssf.org/blog/2026/03/1…

Join OpenSSF next week for a #TechTalk and explore how community-driven frameworks like SAFE-MCP are being used to secure autonomous systems. 📅 March 17, 1 PM ET 🔗 openssf.org/resources/tech…

The EU #CRA is a major milestone for open source, but it can feel overwhelming. At FOSDEM 2026, Harald Fischer from balena broke down the first steps toward conformity using a simple metaphor. 🔗 Read the full guest blog and watch the FOSDEM session here: openssf.org/blog/2026/03/1…

🔍 The #OSPSBaseline provides practical guidance for open source maintainers and organizations to strengthen project security. It defines clear baseline expectations across areas like repository management, access control, and vulnerability handling. youtu.be/rx0NG4P9vaQ?si…

New What’s in the SOSS? podcast episode is live 🎙️ Jennifer Power and Hannah Braswell from @RedHat join Sally Cooper to explain how the #Gemara Project is helping make GRC engineering more interoperable across open source. 🎧 Listen: hubs.la/Q0469qrD0

Introducing the #Gemara Model -- a new framework for GRC engineering. It outlines a 7-layer architecture designed to help teams standardize how security policies are defined, enforced, and measured. 📖 Blog: openssf.org/blog/2026/03/0… 📄 Publication: openssf.org/resources/gema…

#AgenticAI is moving fast -- but is it secure? 🤖🔐 📅 Join us for an OpenSSF Tech Talk on the practical realities of securing agentic systems on March 17, 1PM ET! Hear from experts from @Microsoft, @Canonical, @testifysec, and Thread AI! Register: openssf.org/resources/tech…

Think you need special permission to contribute to OpenSSF? Think again. ❌ #OSSSecurity thrives on diverse perspectives. Whether you’re into AI/ML security, policy, or dev best practices, there’s a seat at the table for you. 🪑 Read: openssf.org/blog/2026/03/0…

In this final episode of our AI Cyber Challenge (#AIxCC) series, CRob and Jeff Diecks wrap-up the journey from DARPA's groundbreaking two-year competition to the exciting collaborative phase happening now. 🎧 hubs.la/Q045r5Dj0

How do you implement the EU Cyber Resilience Act without overburdening open source maintainers? Our new case study explores how @RedHat worked with OpenSSF to align #CRA standards with community-driven development. Read more: hubs.la/Q0458R9T0

Huge updates in the world of Open Source Security! 🔐 The #OpenSSF February Newsletter is out, and it is packed with resources for developers and security teams. Stay ahead of the curve and check out the full breakdown here: hubs.la/Q044QkSJ0

Maintainers: make your project’s security visible. Start with the #OpenSSF Baseline and earn your badge: 🔗 hubs.la/Q044FV-W0

Now live: ROI for Open Source Software Contribution The data is clear: • 2 to 5x ROI • Faster security response • Less technical debt Read the report: hubs.la/Q044y6Yy0 #OpenSSF

AI is playing an increasing role in open source security. Part of our #AIxCC series, @trailofbits shares lessons from DARPA’s challenge and how AI + fuzzing can deliver real results. hubs.la/Q044qxlf0