OpenSSF

🎉 The 2025 OpenSSF Annual Report has officially arrived!!! We invite you to celebrate another year of progress, creativity, and collaboration shaping a safer, more resilient open source community. Download the report: openssf.org/download-the-2… #AnnualReport #OSSSecurity

The OpenSSF released the Secure Coding Guide for #Python (PySCG). This practical resource offers 50+ rules and code examples to help developers mitigate vulnerabilities in open source software. 🐍 Read the blog: openssf.org/blog/2026/05/1… Access the guide: best.openssf.org/Secure-Coding-…

The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain. Read the blog by Helen Woeste (OSTIF): hubs.la/Q04gcT900

The CPS project has just officially secured the #OpenSSF Gold Badge. CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project. Read the full story: openssf.org/blog/2026/05/0…

Open Infrastructure Is Not Free Part II 10 trillion open source package downloads in 2026. Still running on donations and volunteers. AI is accelerating attacks. The Sustaining Package Registries WG is here to help. hubs.la/Q04fB--M0 #PreserveOpenSource

In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments. hubs.la/Q04fqs4K0

Join us for #OpenSSFCommunity Day North America on May 21! 📅 We are grateful for the support of @HondaJP, our Gold Sponsor, in our mission to secure the open source software ecosystem. Register & join the conversation on software supply chain security: events.linuxfoundation.org/openssf-commun…

The April OpenSSF Newsletter is here! 📰 Big things are happening in the world of open source security. Topping the list: #OpenSSFCommunity Day North America is happening May 21st in Minneapolis! Read the Newsletter: openssf.org/newsletter/202…

🎙️ What's in the SOSS? Ep. 59 with Yesenia and Prince Asiedu, the origin story of #OSSAfrica and why structural barriers can spark community breakthroughs. 🎧 hubs.la/Q04cVFvs0

The #OpenSSFCommunity Day agenda is live! Mark your calendar for May 21 in Minneapolis and start planning your schedule by bookmarking your favorite sessions. Read the agenda highlight: openssf.org/blog/2026/04/2… Register for OpenSSF Community Day NA: events.linuxfoundation.org/openssf-commun…

Third-Party Notices (TPNs) are often the only verifiable record when source code or #SBOMs are inaccessible, yet they’re usually trapped in unstructured PDFs. A new guest blog by Devashri Datta discusses transforming TPNs into "Security Intelligence." hubs.la/Q04cwrRb0

130 new #CVEs are disclosed every day. Learn how to filter out the 95% of "noise" and focus on vulnerabilities that are actually exploitable in production. Check out the latest guest blog from Jonas Rosland (Sysdig) hubs.la/Q04c84hT0

The 2026 #SecuritySlam has officially concluded! 🏁 🛡️ Huge congrats to our champions and special thanks to our partners at @sonatype and the CNCF TAG Security team! See the full list of winners and find out what’s next: openssf.org/blog/2026/04/1…

In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box." Read the recap to learn about the SAFE #MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more! Read the recap: openssf.org/blog/2026/04/0…

Introducing Big Thoughts, Open Sources, the new video series from the What's in the SOSS? #Podcast First episode: CRob interviews Brian Fox of Sonatype on slop squatting, AI agents flying blind on your security policies, and whether MCP changes anything. hubs.la/Q049S96r0

While many organizations have mastered pre-deployment scanning, a massive blind spot remains: post-deployment vulnerability detection. As Tracy Ragan explains, software that is secure at release can become vulnerable as new #CVEs are disclosed. hubs.la/Q049BckN0

Welcoming OSS-CRS to the #OpenSSFCommunity Following the success of DARPA’s AI Cyber Challenge (AIxCC), we are thrilled to announce that OSS-CRS is joining the OpenSSF under the AI / ML Security Working Group. hubs.la/Q049rRlY0

The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide. hubs.la/Q049kThj0

The #OpenSSF March newsletter is live! Featuring: - New funding from AWS, Google, Microsoft, and others to secure AI 💰 - Launch of the OpenSSF Ambassador Program - The new Gemara Model for GRC engineering Read more: openssf.org/newsletter/202… Subscribe: #newsletter" target="_blank" rel="nofollow noopener">openssf.org/newsletter/#ne…

Vulnerability "slop" is real, and it's burning out our maintainers. 📉 On the latest #WhatsInTheSOSS podcast, Michael Lieberman from Kusari explains how we can use codified expertise to filter the noise and meet developers where they are. hubs.la/Q0484fbm0

📣 We're launching the OpenSSF Ambassador Program! Applications are now open on a rolling basis. Help us create a future where software is universally trusted and secure. Learn more: openssf.org/blog/2026/03/2… #OpenSSF