OpenSSF

🎉 The 2025 OpenSSF Annual Report has officially arrived!!! We invite you to celebrate another year of progress, creativity, and collaboration shaping a safer, more resilient open source community. Download the report: openssf.org/download-the-2… #AnnualReport #OSSSecurity

Open source is a powerful career accelerator; it's not just about code, but about influence and collaboration. Hear insights from Jamie Thomas on "Big Thoughts, Open Sources" with CRob. #Leadership

How did the "Mini Shai-Hulud" attack compromise 170+ packages while maintaining valid SLSA Build L3 attestations? Read the full blog to see where SLSA’s boundaries fall and how to secure your pipeline with defense in depth. 🔗: openssf.org/blog/2026/06/1…

The 2026 CRA Awareness & Readiness Report by The Linux Foundation Research and OpenSSF is officially out, and the data reveals a sobering reality for the global software ecosystem as the European CRA deadlines approach. Download the report: openssf.org/resources/publ…

How do we move from isolated security patches to a systemic, resilient software supply chain? Read the #OpenSSFCommunity Day NA recap and see how the community has been unifying tools, navigating AI, and securing the OSS. openssf.org/blog/2026/06/0…

Abandoned projects introduce hidden risks into your software supply chain. On the latest episode of the What’s in the SOSS? podcast, host CRob sits down with Isaac Wuest from HeroDevs to examine End-of-Life (EOL) open source software. hubs.ly/Q04jLjnk0

Read the blog: openssf.org/blog/2026/05/2…

Learn why machine-readable security signals provide the practical foundation for automated due diligence. These signals function as voluntary mechanisms for upstream transparency, not formal assurances or a transfer of legal liability. Link in the comments.

🚀 Software risk is becoming a board-level issue. Mike Vizard talks with Christopher Robinson of OpenSSF about the EU Cyber Resilience Act, vulnerability reporting, software dependencies and using business-focused risk language. Watch: techstrong.tv/videos/intervi…

Live from #OpenSSFCommunity Day North America! 🎉 We're celebrating an incredible quarter of growth and officially welcoming our newest members to the Foundation: ActiveState, Aikido Security, Minimus, TuxCare, and the FreeBSD Foundation! hubs.ly/Q04ht-_70

We've seen a concerning rise in targeted attacks on upstream registries like npm and PyPI through malicious packages. But how do you actually defend against them day-to-day? Learn how to strengthen your supply chain security: hubs.la/Q04hl3cR0

AI is flooding open source projects with vulnerability reports faster than maintainers can handle. @OpenSSF and @CNCF just dropped the free playbook. "This is math, not magic. And with the right practices, it is manageable." Download your copy: hubs.la/Q04h9_Fy0

From UI/UX to OpenSSF Contributor: Ejiro Oghenekome on What’s in the SOSS? Ejiro shares insights from her "100 Days of Cybersecurity" challenge and her leadership in authoring the "Beginner to Builder" series. hubs.la/Q04h7zm_0

Is your organization ready for the European Cyber Resilience Act (CRA)? New EU rules mandate "security by design" for digital products. The second Linux Foundation Research survey launches this June, learn why the ecosystem is falling behind. hubs.la/Q04gZHss0

The OpenSSF released the Secure Coding Guide for #Python (PySCG). This practical resource offers 50+ rules and code examples to help developers mitigate vulnerabilities in open source software. 🐍 Read the blog: openssf.org/blog/2026/05/1… Access the guide: best.openssf.org/Secure-Coding-…

The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain. Read the blog by Helen Woeste (OSTIF): hubs.la/Q04gcT900

The CPS project has just officially secured the #OpenSSF Gold Badge. CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project. Read the full story: openssf.org/blog/2026/05/0…

Open Infrastructure Is Not Free Part II 10 trillion open source package downloads in 2026. Still running on donations and volunteers. AI is accelerating attacks. The Sustaining Package Registries WG is here to help. hubs.la/Q04fB--M0 #PreserveOpenSource

In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments. hubs.la/Q04fqs4K0

Join us for #OpenSSFCommunity Day North America on May 21! 📅 We are grateful for the support of @HondaJP, our Gold Sponsor, in our mission to secure the open source software ecosystem. Register & join the conversation on software supply chain security: events.linuxfoundation.org/openssf-commun…

The April OpenSSF Newsletter is here! 📰 Big things are happening in the world of open source security. Topping the list: #OpenSSFCommunity Day North America is happening May 21st in Minneapolis! Read the Newsletter: openssf.org/newsletter/202…