The Open Source Security Foundation (OpenSSF) has launched a new free course, Secure AI/ML-Driven Software Development (LFEL1012), authored by David A. Wheeler. As AI and machine learning become core to modern software development, this course helps developers understand and mitigate the security risks associated with AI code assistants. In just one hour, learners will gain practical strategies to use AI safely—protecting data, reviewing AI-generated code, and applying best practices for se...| Open Source Security Foundation
| Open Source Security Foundation
We’re pleased to announce the creation of a new BigQuery public dataset, rekor. The rekor dataset is an easily-queryable mirror of the public good instance of Sigstore’s transparency log, Rekor.| Open Source Security Foundation
This blog was originally published on the OSTIF website on October 9, 2025 by Helen Wooste The Open Source Technology Improvement Fund is proud to share the results of our security audit...| Open Source Security Foundation
Financial services run on open source. With regulations growing and supply chains under pressure, institutions need clear frameworks and reliable data to keep systems secure. At the Open Source in Finance Forum (OSFF) the OpenSSF community is sponsoring and sharing sessions on the OSPS Baseline, vulnerability data, and AI security. These talks demonstrate how our community is making open source more secure and useful to financial services.| Open Source Security Foundation
Open Source SecurityCon has always been about bringing people together to strengthen trust in open source. From its beginnings within TAG Security to its growth as a standalone conference, and now returning to KubeCon + CloudNativeCon alongside the Open Source Security Foundation (OpenSSF), the event has become a gathering place for anyone passionate about securing our shared ecosystem. As a co-located event, it will bring together software developers, security engineers, public sector leade...| Open Source Security Foundation
| Open Source Security Foundation
On September 24, the Open Source Security Foundation (OpenSSF) hosted its latest Tech Talk, bringing together experts from Dell, Google, Intel, and the broader community to discuss how open source tools and practices can secure the fast-evolving AI/ML lifecycle. The recording and slides are now available.| openssf.org
Welcome to the September 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community. TL;DR: 🎉...| Open Source Security Foundation
| Open Source Security Foundation
By Avishay Balter & David A. Wheeler| openssf.org
An Open Letter from the Stewards of Public Open Source Infrastructure| openssf.org
We’re excited to announce that the agenda for OpenSSF Community Day Korea is now live! Join the community on November 4, 2025, in Seoul, South Korea, co-located with Open Source Summit Korea. Join us for a full day of collaboration, hands-on learning, and future-focused conversations about securing open source software.| openssf.org
The Open Source Security Foundation (OpenSSF) marked a strong presence at two cornerstone cybersecurity events, Black Hat USA 2025 and DEF CON 33, engaging with security leaders, showcasing our initiatives, and fostering collaboration to advance open source security.| openssf.org
Discover how OpenSSF is advancing MLSecOps at DEF CON 33 through a panel on applying DevSecOps lessons to AI/ML security. Learn about open source tools, the AI Cyber Challenge (AIxCC), and efforts to secure the future of machine learning systems.| Open Source Security Foundation
Welcome to the July 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.| openssf.org
New DARPA Challenge with $18.5M in prizes launched to automatically find and fix software vulnerabilities using artificial intelligence| openssf.org
Open source software is everywhere—used in almost every modern application—but the security challenges it faces continue to grow more serious. Relying on the backbone of volunteers, vulnerabilities now make it a prime target for cyberattacks by both malicious hackers and state actors. The close call with the xz Utils backdoor attack highlights just how fragile open source security can be. With open source tools being crucial for both private companies and governments, greater investment f...| openssf.org
By Omkhar Arasaratnam, General Manager, OpenSSF; Bennett Pursell, Ecosystem Strategist, OpenSSF; Harry Toor, Chief of Staff, OpenSSF; Christopher “CRob” Robinson, OpenSSF TAC Chair & Director of Security Communications, Intel| openssf.org
Partners with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code – and get them fixed – to improve global software supply chain security.| openssf.org