Welcome to the September 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community. TL;DR: 🎉...| Open Source Security Foundation
| Open Source Security Foundation
Maybe you've used open source before and wondered how it all works, or you're early in your career and heard that open source contributions can boost your growth. Maybe you've witnessed software supply chain attacks and felt an urge to make a difference. Maybe you just started learning about OpenSSF in our last blog: “Understanding OpenSSF Community and Working Groups.”| Open Source Security Foundation
At the end of October, the Linux Foundation, the Linux Foundation Europe and OpenSSF will gather leaders across industry, government, and open source communities for three impactful events in Belgium. Together, these back-to-back gatherings will advance collaboration, shape policy, and highlight the critical role of open source in Europe’s digital future.| Open Source Security Foundation
SBOMs are becoming part of everyday software practice, but many teams still ask the same question: how do we turn SBOM data into decisions we can trust? Our new whitepaper, “Improving Risk Management Decisions with SBOM Data,” answers that by tying SBOM information to concrete risk-management outcomes across engineering, security, legal, and operations.| Open Source Security Foundation
By Avishay Balter & David A. Wheeler| openssf.org
An Open Letter from the Stewards of Public Open Source Infrastructure| openssf.org
OpenSSF Community Day Korea is a one-day event colocated with Open Source Summit Korea, bringing together the open source security community across the Asia-Pacific region. Whether you’re a developer, maintainer, researcher, or security professional, this event is your opportunity to connect, collaborate, and contribute to the future of open source security.| openssf.org
From August 25 to 28, 2025, the Linux Foundation hosted a high-impact week of open source collaboration and innovation in Amsterdam. OpenSSF’s participation, in both Open Source Summit Europe and OpenSSF Community Day Europe, brought together developers, maintainers, researchers, and policymakers to strengthen software supply chain security and align on global regulations like the EU Cyber Resilience Act (CRA). Photos and recordings are now available!| Open Source Security Foundation
On August 15, 2025, GitHub’s Open Source Friday series spotlighted the Open Source Security Foundation (OpenSSF) in a live interview hosted by Kevin Crosby. Open Source Friday is GitHub’s weekly program that celebrates the creators, maintainers, and contributors who make the open source community thrive. The session introduced the OpenSSF Global Cyber Policy Working Group and the OSPS Baseline, raising awareness of how these community-driven efforts help developers, maintainers, and polic...| Open Source Security Foundation
On August 4, 2025, the OpenSSF hosted its second OpenSSF Community Day India in Hyderabad, co-located with Open Source Summit and KubeCon India. With 232 registrants and standing-room-only attendance, the event brought together open source enthusiasts, security experts, engineers, and students for a full day of learning, collaboration, and networking.| Open Source Security Foundation
We’re excited to announce that the agenda for OpenSSF Community Day Korea is now live! Join the community on November 4, 2025, in Seoul, South Korea, co-located with Open Source Summit Korea. Join us for a full day of collaboration, hands-on learning, and future-focused conversations about securing open source software.| openssf.org
The Open Source Security Foundation (OpenSSF) marked a strong presence at two cornerstone cybersecurity events, Black Hat USA 2025 and DEF CON 33, engaging with security leaders, showcasing our initiatives, and fostering collaboration to advance open source security.| openssf.org
Discover how OpenSSF is advancing MLSecOps at DEF CON 33 through a panel on applying DevSecOps lessons to AI/ML security. Learn about open source tools, the AI Cyber Challenge (AIxCC), and efforts to secure the future of machine learning systems.| Open Source Security Foundation
Welcome to the July 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.| openssf.org
New DARPA Challenge with $18.5M in prizes launched to automatically find and fix software vulnerabilities using artificial intelligence| openssf.org
At the Open Source Security Foundation (OpenSSF), our mission to secure open source software is global—and nowhere is this more vital than in India, home to one of the largest and fastest-growing developer populations in the world. As open source contributions surge across the subcontinent, so too must awareness of secure development practices. That’s why we’re proud to support a dedicated India Initiative, led by OpenSSF’s community representative Ram Iyengar.| openssf.org
OpenSSF Community Day North America 2025 brought together contributors and stakeholders from across the open source security ecosystem for a full day of exchange, discussion, and collaboration. Held alongside Open Source Summit in Denver, the event featured over 25 sessions, Lightning Talks, and a live Table-Top Exercise (TTX) — drawing participation from large cloud providers, federal contractors, academic institutions, startups, and open source maintainers alike.| openssf.org
OpenSSF Community Day Japan returned to Tokyo for its third consecutive year in 2025, bringing together a diverse group of developers, researchers, government representatives, and industry experts to focus on securing the open source ecosystem.| openssf.org
Open source software is everywhere—used in almost every modern application—but the security challenges it faces continue to grow more serious. Relying on the backbone of volunteers, vulnerabilities now make it a prime target for cyberattacks by both malicious hackers and state actors. The close call with the xz Utils backdoor attack highlights just how fragile open source security can be. With open source tools being crucial for both private companies and governments, greater investment f...| openssf.org
By Oliver Chang, Google Open Source Security Team and Kate Catlin, GitHub Advisory Database Team| Open Source Security Foundation
By Will Pearce, Nick Landers, and David A. Wheeler| Open Source Security Foundation
December 2023 saw the launch of SBOMit, a project that helps enhance the reliability and integrity of SBOMs (Software Bills of Materials). It does so by including, along with SBOMs, a series of in-toto attestations that are produced while the software is being created. SBOMit is hosted under the OpenSSF Security Tooling Working Group.| Open Source Security Foundation
By Omkhar Arasaratnam, General Manager, OpenSSF; Bennett Pursell, Ecosystem Strategist, OpenSSF; Harry Toor, Chief of Staff, OpenSSF; Christopher “CRob” Robinson, OpenSSF TAC Chair & Director of Security Communications, Intel| openssf.org
Partners with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code – and get them fixed – to improve global software supply chain security.| openssf.org