130 new #CVEs are disclosed every day.

Learn how to filter out the 95% of "noise" and focus on vulnerabilities that are actually exploitable in production.

Check out the latest guest blog from Jonas Rosland (Sysdig)

openssf.org/blog/2026/04...

The 2026 #SecuritySlam has officially concluded! 🏁 🛡️

Huge congrats to our champions and special thanks to our partners at Sonatype and the CNCF TAG Security team!

See the full list of winners and find out what’s next: openssf.org/blog/2026/04...

In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."

Read the recap to learn about the SAFE #MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!

openssf.org/blog/2026/04...

#OpenSSF #AgenticAI

Introducing Big Thoughts, Open Sources, the new video series from the What's in the SOSS? #Podcast

First episode: CRob interviews Brian Fox of Sonatype on slop squatting, AI agents flying blind on your security policies, and whether MCP changes anything.

openssf.org/podcast/2026...

While many organizations have mastered pre-deployment scanning, a massive blind spot remains: post-deployment vulnerability detection. As Tracy Ragan explains in her latest blog, software that is secure at release can become vulnerable as new #CVEs are disclosed.

openssf.org/blog/2026/04...

Welcoming OSS-CRS to the #OpenSSFCommunity

Following the success of DARPA’s AI Cyber Challenge (AIxCC), we are thrilled to announce that OSS-CRS is joining the OpenSSF under the AI / ML Security Working Group.

openssf.org/blog/2026/04...

The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.

openssf.org/community/op...

The #OpenSSF March newsletter is live! Featuring:

- New funding from AWS, Google, Microsoft, and others to secure AI 💰
- Launch of the OpenSSF Ambassador Program
- The new Gemara Model for GRC engineering

Read more: openssf.org/newsletter/2026/03/26/op...

Vulnerability "slop" is real, and it's burning out our maintainers. 📉

On the latest #WhatsInTheSOSS podcast, Michael Lieberman from Kusari explains how we can use codified expertise to filter the noise and meet developers where they are.

openssf.org/podcast/2026...

📣 We're launching the OpenSSF Ambassador Program!

Applications are now open on a rolling basis. Help us create a future where software is universally trusted and secure.

Learn more: openssf.org/blog/2026/03/23/introduc...

#OpenSSF

Kusari + OpenSSF

Kusari is providing its Inspector tool at no cost to OpenSSF projects to move security from reactive firefighting to proactive prevention.

Learn more: openssf.org/blog/2026/03...

#OpenSSFCommunity

At Open Source #SecurityCon Europe, we welcome Helvethink, Spectro Cloud, and Quantrexion as General Members, introduce Kusari Inspector, and launch the OpenSSF Ambassador Program.

Read the Announcement: openssf.org/press-releas...

Gemara: GRC Engineering Model for Automated Risk Assessment | OpenSSF Project Spotlight YouTube video by OpenSSF

The Gemara (pronounced "gem-mara" 💎) project provides a logical model to describe compliance activity categories, how they interact, and the schemas to enable automated interoperability.

Watch the Spotlight: https://www.youtube.com/watch?v=aKhebJxVntI

#OSSSecurity

Join us for a Welcome Call to meet the BEAR Working Group!

We’re on a mission to ensure everyone has a fair chance to help protect our digital world.

Come see how you can get involved!

March 26, 2026 at 9am PT / 12pm ET / 16:00 UTC

View our calendar at openssf.org/getinvolved

Today, @linuxfoundation.org announced a $12.5 million investment from a powerhouse coalition including Anthropic, Amazon Web Services (AWS), Google, Google DeepMind, GitHub, Microsoft, and OpenAI. Managed by OpenSSF and the Alpha-Omega project.

openssf.org/blog/2026/03...

Linux Foundation Announces 12.5 Million in Grant Funding to Advance Open Source Security

The Linux Foundation Announces $12.5 Million in Grant Funding (via Alpha-Omega and OpenSSF)

Anthropic, AmazonWebServices (AWS), GitHub, Google, GoogleDeepMind, Microsoft, OpenAI to Invest in Sustainable Security Solutions for #OpenSource

openssf.org/press-releas...

The #OpenSSF Mentorship Program 2026 cycle is here! Whether you're a student looking to learn or a pro ready to lead, join us.

🎧 Inside Scoop: Check out the latest What’s in the SOSS? Podcast to hear how mentees become project maintainers. openssf.org/podcast/2026...

🔍 What to expect at Open Source #SecurityCon Europe 2026?

From eBPF-based algorithms to the latest on the EU Cyber Resilience Act, we’re covering the tech and policy that keeps our ecosystem safe.

🔗 Read: openssf.org/blog/2026/03...

The agentic AI Tech Talk is happening next week -- have you registered yet?

Read the blog to see why this conversation matters: from agent autonomy & trusted tool interaction to context integrity, it outlines what you’ll learn in the session.

openssf.org/blog/2026/03...

Join OpenSSF next week for a #TechTalk and explore how community-driven frameworks like SAFE-MCP are being used to secure autonomous systems.

📅 March 17, 1 PM ET
🔗 openssf.org/resources/tech-talks/tec...

The EU #CRA is a major milestone for open source, but it can feel overwhelming. At FOSDEM 2026, Harald Fischer from balena broke down the first steps toward conformity using a simple metaphor.

🔗 Read the full guest blog and watch the FOSDEM session here: openssf.org/blog/2026/03...

Open Source Project Security Baseline | OpenSSF Project Spotlight YouTube video by OpenSSF

🔍 The #OSPSBaseline provides practical guidance for open source maintainers and organizations to strengthen project security.

It defines clear baseline expectations across areas like repository management, access control, and vulnerability handling.

https://youtu.be/rx0NG4P9vaQ?si=KNS-C_zVfejhAE-1

New What’s in the SOSS? podcast episode is live 🎙️

Jennifer Power and Hannah Braswell from Red Hat join Sally Cooper to explain how the Gemara Project is helping make GRC engineering more interoperable across open source.

🎧 Listen: openssf.org/podcast/2026...

Introducing the #Gemara Model -- a new framework for GRC engineering.

It outlines a 7-layer architecture designed to help teams standardize how security policies are defined, enforced, and measured.

📖 Blog:
openssf.org/blog/2026/03...

📄 Publication:
openssf.org/resources/ge...

#AgenticAI is moving fast -- but is it secure? 🤖🔐

📅 Join us for an OpenSSF Tech Talk on the practical realities of securing agentic systems on March 17, 1PM ET!

Hear from experts from Microsoft, Canonical, TestifySec, and Thread AI!

Register: openssf.org/resources/te...

#OSSSecurity

Think you need special permission to contribute to OpenSSF? Think again. ❌

#OSSSecurity thrives on diverse perspectives. Whether you’re into AI/ML security, policy, or dev best practices, there’s a seat at the table for you. 🪑

Read: openssf.org/blog/2026/03...

In this final episode of our AI Cyber Challenge (#AIxCC) series, CRob and Jeff Diecks wrap-up the journey from DARPA's groundbreaking two-year competition to the exciting collaborative phase happening now.

🎧 openssf.org/podcast/2026...

Red Hat Case Study CRA

How do you implement the EU Cyber Resilience Act without overburdening open source maintainers?

Our new case study explores how Red Hat worked with OpenSSF to align #CRA standards with community-driven development.

Read more: openssf.org/blog/2026/03...

Huge updates in the world of Open Source Security! 🔐

The #OpenSSF February Newsletter is out, and it is packed with resources for developers and security teams.

Stay ahead of the curve and check out the full breakdown here: openssf.org/newsletter/2...

Maintainers: make your project’s security visible.

Start with the #OpenSSF Baseline and earn your badge:

🔗 openssf.org/blog/2026/02...