Innovative Supply Chain Security For Enterprise Cloud Platform Service
How Guidewire Cloud Platform Is Using And Collaborating With GUAC| Open Source Security Foundation
Foundation honors community achievements and strategic efforts to secure ML pipeline during community event in Amsterdam AMSTERDAM – OpenSSF Community Day Europe – August 28, 2025 – The Open Source...| Open Source Security Foundation
By Ben Cotton and Dejan Bosanac The superpower of open source is multiple people working together on a common goal. That works for projects, too. GUAC and Trustify are two...| Open Source Security Foundation
| Open Source Security Foundation
The countdown is on! From August 25 to 28, 2025, the open source security community will gather in Amsterdam for Open Source Summit Europe and OpenSSF Community Day Europe. These two major gatherings will focus on the future of software supply chain security, regulatory readiness, and collaborative innovation.| Open Source Security Foundation
Welcome to the August 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community. TL;DR: 🎉...| Open Source Security Foundation
Tools: GUAC, OSPS Baseline, LFX Insights Challenge: Demonstrating strong security posture quickly and credibly to stakeholders Solution: Leveraging Linux Foundation Insights (LFX Insights) and the Open Source Security Foundation (OpenSSF) Open Source Project Security Baseline (OSPS Baseline) for instant, standards-aligned validation Result: Saved significant time in verifying security practices, completing an independent standards-based assessment in under 60 minutes| Open Source Security Foundation
The Open Source Security Foundation (OpenSSF) marked a strong presence at two cornerstone cybersecurity events, Black Hat USA 2025 and DEF CON 33, engaging with security leaders, showcasing our initiatives, and fostering collaboration to advance open source security.| openssf.org
Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.| openssf.org
The AI wave is here, and it’s only getting bigger. According to a recent report from McKinsey, “over the next three years, 92 percent of companies plan to increase their AI investments.” As this AI wave washes over almost every industry and is integrated deeply and extensively into critical and non-critical operations, it ushers in a pivotal new cybersecurity battleground: securing AI.| Open Source Security Foundation
| Open Source Security Foundation
The Open Source Security Foundation (OpenSSF) serves as the global hub for collaborative work on securing the software supply chain. Whether you’re an open-source maintainer, a security engineer, a student, or someone passionate about public digital infrastructure, OpenSSF invites you to participate. There are no gatekeepers, no matter where you work. This community is open, global, and powered by you.| Open Source Security Foundation
Discover how OpenSSF is advancing MLSecOps at DEF CON 33 through a panel on applying DevSecOps lessons to AI/ML security. Learn about open source tools, the AI Cyber Challenge (AIxCC), and efforts to secure the future of machine learning systems.| Open Source Security Foundation
Welcome to the July 2025 edition of the OpenSSF Newsletter! Here’s a roundup of the latest developments, key events, and upcoming opportunities in the Open Source Security community.| openssf.org
New DARPA Challenge with $18.5M in prizes launched to automatically find and fix software vulnerabilities using artificial intelligence| openssf.org
At the Open Source Security Foundation (OpenSSF), our mission to secure open source software is global—and nowhere is this more vital than in India, home to one of the largest and fastest-growing developer populations in the world. As open source contributions surge across the subcontinent, so too must awareness of secure development practices. That’s why we’re proud to support a dedicated India Initiative, led by OpenSSF’s community representative Ram Iyengar.| openssf.org
OpenSSF Community Day North America 2025 brought together contributors and stakeholders from across the open source security ecosystem for a full day of exchange, discussion, and collaboration. Held alongside Open Source Summit in Denver, the event featured over 25 sessions, Lightning Talks, and a live Table-Top Exercise (TTX) — drawing participation from large cloud providers, federal contractors, academic institutions, startups, and open source maintainers alike.| openssf.org
OpenSSF Community Day Japan returned to Tokyo for its third consecutive year in 2025, bringing together a diverse group of developers, researchers, government representatives, and industry experts to focus on securing the open source ecosystem.| openssf.org
As a part of the OpenSSF’s mission to sustainably secure the development, maintenance and consumption of open source software, the OpenSSF earlier this year started to sponsor the operation of a critical piece of the community’s infrastructure for communication. The oss-security and (linux)-distros mailing lists, which are operated by Openwall, have been a key part of the community’s ability to collaborate on and communicate security issues which affect the open source community.| openssf.org
The EU Cyber Resilience Act (CRA) is reshaping the landscape for open source software. Whether you’re a maintainer, contributor, or vendor, the CRA introduces new expectations—and new responsibilities.| openssf.org
Register for OpenSSF Community Day Europe 2025| openssf.org
OpenBao| openssf.org
We’re excited to welcome OpenBao to the Open Source Security Foundation (OpenSSF) as a newly accepted sandbox project!| openssf.org
Open source software is everywhere—used in almost every modern application—but the security challenges it faces continue to grow more serious. Relying on the backbone of volunteers, vulnerabilities now make it a prime target for cyberattacks by both malicious hackers and state actors. The close call with the xz Utils backdoor attack highlights just how fragile open source security can be. With open source tools being crucial for both private companies and governments, greater investment f...| openssf.org
How Guidewire Cloud Platform Is Using And Collaborating With GUAC| Open Source Security Foundation
By Oliver Chang, Google Open Source Security Team and Kate Catlin, GitHub Advisory Database Team| Open Source Security Foundation
By Will Pearce, Nick Landers, and David A. Wheeler| Open Source Security Foundation
December 2023 saw the launch of SBOMit, a project that helps enhance the reliability and integrity of SBOMs (Software Bills of Materials). It does so by including, along with SBOMs, a series of in-toto attestations that are produced while the software is being created. SBOMit is hosted under the OpenSSF Security Tooling Working Group.| Open Source Security Foundation
By Omkhar Arasaratnam, General Manager, OpenSSF; Bennett Pursell, Ecosystem Strategist, OpenSSF; Harry Toor, Chief of Staff, OpenSSF; Christopher “CRob” Robinson, OpenSSF TAC Chair & Director of Security Communications, Intel| openssf.org
Partners with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code – and get them fixed – to improve global software supply chain security.| openssf.org
