Lightnews — Scholar-powered news

OpenSSF

@openssf.org

1.8K followers 2 following 210 posts

Open Source Security Foundation (OpenSSF) http://openssf.org Together, we're securing the #opensource ecosystem #OSSsecurity

openssf.org

Posts Media Videos Starter Packs

Pinned

OpenSSF @openssf.org · Dec 9

📣 The OpenSSF 2024 Annual Report is now LIVE! Read the blog and the report as we celebrate this important milestone with our amazing community. We’re excited to continue our journey toward a more secure future together!
👉 openssf.org/blog/2024/12...
#OSSSecurity #OpenSSF #Wrapped2024

OpenSSF @openssf.org · 15h

Financial services run on open source, and #OpenSSF is helping make it more secure.

At #OSFF, our community is leading sessions on:
🔹 OSPS Baseline
🔹 CVE & vulnerability data
🔹 AI security

📖Read the blog: openssf.org/blog/2025/10...

OpenSSF @openssf.org · 1d

Security is no longer optional -- it’s essential.

Join us at #OpenSource SecurityCon (co-located with #KubeCon + #CloudNativeCon North America 2025) to learn, connect & collaborate on the future of secure software.

Read more 👇
🔗 openssf.org/blog/2025/10...

OpenSSF @openssf.org · 2d

New #podcast episode 🎙️

AI agents are changing the game for open source security.
CRob talks with John Amaral of root.io about the shift from scanning to fixing first.

Listen → openssf.org/podcast/2025...

OpenSSF @openssf.org · 7d

⏪ On September 24, OpenSSF hosted a Tech Talk with experts on securing the #AI/ML lifecycle. Recording & slides now available: openssf.org/resources/te...

📖 Read the recap: openssf.org/blog/2025/10...

#OSSecurity

OpenSSF @openssf.org · 9d

🎉 The September #OpenSSF Newsletter is live!

CRA + SBOM updates

Golden Egg Awards 🥚

AI/ML security resources

OpenSSF Community Day Europe & India recaps

New podcasts + free courses

openssf.org/newsletter/2...

OpenSSF @openssf.org · 15d

⏳ Join our Securing the AI Lifecycle Tech Talk in 1.5 hours!

We’re bringing together experts from Intel Labs, Google, and Dell Technologies to explore how open source can make AI/ML pipelines more secure.

See you there at 1PM ET!

openssf.org/resources/te...

OpenSSF @openssf.org · 16d

From SPDX to SBOMs to safety-critical systems, Kate Stewart has been shaping the future of secure open source.
In this episode of What’s in the SOSS?, she discusses her journey, Zephyr Project, ELISA Project and what the CRA means for developers and manufacturers.

openssf.org/podcast/2025...

OpenSSF @openssf.org · 17d

Registries like PyPI, Maven Central & crates.io power the ecosystem.

They can’t run on goodwill alone.

OpenSSF endorses the Joint Statement on Sustainable Stewardship.

👉 openssf.org/blog/2025/09...

#PreserveOpenSource

8 8

OpenSSF @openssf.org · 17d

How to contribute your first line of code to open source?

Contributing to the OpenSSF #community isn’t just about code, it’s about building trust, learning how secure software is built, and growing your career.

Read the blog and take your first step: openssf.org/blog/2025/08...

1 4

OpenSSF @openssf.org · 20d

🚆 From Ghent to Brussels!

At the end of October, OpenSSF, the Linux Foundation, and Linux Foundation Europe will host three gatherings advancing security, policy, and collaboration across Europe’s open source ecosystem.

👉 Learn more: openssf.org/blog/2025/09...

#CRA #OSSSecurity

OpenSSF @openssf.org · 21d

📑 Download the white paper: openssf.org/resources/im...

Improving Risk Management Decisions with SBOM Data – Open Source Security Foundation

openssf.org

OpenSSF @openssf.org · 21d

🧾 SBOMs are everywhere, but how do you make them decision-ready for risk management?

Read the blog that introduces the white paper “Improving Risk Management Decisions with SBOM Data,” from the OpenSSF SBOM Everywhere SIG: openssf.org/blog/2025/09...

1 1

OpenSSF @openssf.org · 23d

🚨 AI code assistants are powerful, but they’re only as secure as the prompts you give them.

This practical resource helps developers write clear, security-focused prompts so assistants generate safer, more reliable code.

📖 Read the blog: openssf.org/blog/2025/09...

1 2

OpenSSF @openssf.org · 27d

🕙 #OSSummit Europe & #OpenSSFCommunity Day Europe may have ended, but the momentum continues far beyond Amsterdam 🌍

👉 Read the full recap + explore photos & recordings here: openssf.org/blog/2025/09...

1 1 3

OpenSSF @openssf.org · 27d

What does the EU’s Cyber Resilience Act mean for open source developers?

At #OSSummit EU, The New Stack sat down with Christopher Robinson to unpack the CRA’s implications. Watch the full conversation on The New Stack Agents podcast ⬇️

The New Stack @thenewstack.io · 28d

For this The New Stack Agents podcast, we sat down with Christopher “Crob” Robinson, Chief Security Architect at the @openssf.org, during the Open Source Summit EU.

By @alexwilliams.bsky.social

How the EU’s Cyber Act Burdens Lone Open Source Developers

For this The New Stack Agents podcast, we sat down with Christopher “Crob” Robinson, Chief Security Architect at the OpenSSF, during the Open Source Summit EU.

bit.ly

OpenSSF @openssf.org · 28d

On August 15, GitHub’s Open Source Friday spotlighted the OpenSSF Global Cyber Policy WG in a live session hosted by Kevin Crosby, GitHub.

📖 Read the recap blog, watch the replay, and explore ways you can join the conversation: openssf.org/blog/2025/09...

#OSSSecurity

1 1

OpenSSF @openssf.org · 29d

🌞 This summer in Hyderabad, the #OpenSSFCommunity came together for a full day of open source security at OpenSSF Community Day India.

Read the recap: openssf.org/blog/2025/09...

OpenSSF @openssf.org · Sep 9

⏳ The clock is ticking. PQC migration is due by 2030.

In the latest What’s in the SOSS? podcast, Keyfactor’s David Hook & Tomas Gustavsson join Yesenia to unpack #postquantum cryptography, crypto agility & entropy -- and why orgs must act now.

🎧 Listen →
openssf.org/podcast/2025...

2 2

OpenSSF @openssf.org · Sep 5

Agenda is live! 📣
#OpenSSFCommunity Day Korea 2025 is your chance to connect, learn, and collaborate on securing open source.

📍 Nov 4 | Seoul | Co-located with #OSSummit
Speakers from AWS, Ericsson, & more.

👉 openssf.org/blog/2025/09...

OpenSSF @openssf.org · Aug 28

At #OpenSSFCommunity Day Europe, we celebrated momentum in open source security 🎉

🌟 Golden Egg Awards
🌟 AI/ML Security WG whitepaper

👉https://openssf.org/press-release/2025/08/28/openssf-celebrates-global-momentum-ai-ml-security-initiatives-and-golden-egg-award-winners-at-community-day-europe/

OpenSSF Celebrates Global Momentum, AI/ML Security Initiatives and Golden Egg Award Winners at Community Day Europe

2 3

OpenSSF @openssf.org · Aug 27

Trustify is now part of GUAC! 🎉

Hear from Ben Cotton (Kusari) & Dejan Bosanac (Red Hat) at #OpenSSFCommunity Day EU → openssfcdeu2025.sched.com/event/25dGq

Details 👉https://openssf.org/blog/2025/08/27/trustify-joins-guac/

2 3

OpenSSF @openssf.org · Aug 26

At #OSSummit in Amsterdam, The New Stack spoke with CRob, OpenSSF’s Chief Security Architect, about the impact of the Cyber Resilience Act (CRA) on open source.

📺 Watch: youtu.be/oAgHEQit5JU?...

The New Stack Agents with Christopher 'Crob' Robinson, Chief Security Architect at the OpenSSF.

YouTube video by The New Stack

youtu.be

OpenSSF @openssf.org · Aug 26

New podcast episode! 🎙

Sarah Evans (Dell Technologies #OpenSSF AI/ML Security WG) joins What’s in the SOSS? to discuss:

🔐 AI Model Signing
📄 MLSecOps whitepaper
👩‍💻 New AI/ML personas

Listen now:

🎧 openssf.org/podcast/2025...

OpenSSF @openssf.org · Aug 22

#OSSummit and #OpenSSFCommunity Day Europe are almost here. What’s on your “don’t miss” list?

Visit the #OpenSSF booth B33 for demos, AMAs, and practical insights from the people building secure-by-design tools for open source.

Read the highlights: openssf.org/blog/2025/08...

OpenSSF @openssf.org · Aug 21

Secure AI, CRA readiness & 5 years of #OpenSSF!

Inside the August newsletter:

✨ MLSecOps Whitepaper
🔍 Baseline & Guac case study
🎙 CRA + OSTIF podcasts
🎓 Free courses

👉 openssf.org/newsletter/2...