The #OpenSSF March newsletter is live! Featuring:

- New funding from AWS, Google, Microsoft, and others to secure AI 💰
- Launch of the OpenSSF Ambassador Program
- The new Gemara Model for GRC engineering

Read more: openssf.org/newsletter/2026/03/26/op...

📣 We're launching the OpenSSF Ambassador Program!

Applications are now open on a rolling basis. Help us create a future where software is universally trusted and secure.

Learn more: openssf.org/blog/2026/03/23/introduc...

#OpenSSF

Open Source Security Foundation Expands Network and Enhances Software Security Initiatives OpenSSF has welcomed three new members while introducing Kusari Inspector for free to projects aiming at securing open source software. Key milestones have been reached.

Open Source Security Foundation Expands Network and Enhances Software Security Initiatives #Netherlands #Amsterdam #OpenSSF #Kusari_Inspector #Helvethink

Linux Foundation Raises $12.5M Against AI Bug Slop Seven AI and cloud companies pool $12.5M through OpenSSF and Alpha-Omega to build tools that help open-source maintainers cope with a flood of AI-generated vulnerability reports they can't triage.

Linux Foundation Raises $12.5M Against AI Bug Slop

awesomeagents.ai/news/linux-foundation-12...

#OpenSource #Security #Openssf

Alpha‑Omega teams up with OpenSSF to boost open‑source security against AI‑driven attacks. New funding means faster vulnerability detection for maintainers. Curious how Google DeepMind fits in? Dive in! #OpenSourceSecurity #AIThreats #OpenSSF

🔗 aidailypost.com/news/alpha-o...

The #OpenSSF Mentorship Program 2026 cycle is here! Whether you're a student looking to learn or a pro ready to lead, join us.

🎧 Inside Scoop: Check out the latest What’s in the SOSS? Podcast to hear how mentees become project maintainers. openssf.org/podcast/2026...

Announcing the Flannel Embargoed Vulnerability Disclosure Process · flannel-io flannel · Discussion #2379 As part of our ongoing commitment to project security and maturity, the Flannel maintainers are introducing a formal Embargoed Vulnerability Announcement process. This allows downstream distributor...

If you are a « distributor » of flannel (you build a product that includes flannel), you should have a look at this announcement regarding Embargoed Vulnerability Disclosure Process
#flannel #openssf #cra

Huge updates in the world of Open Source Security! 🔐

The #OpenSSF February Newsletter is out, and it is packed with resources for developers and security teams.

Stay ahead of the curve and check out the full breakdown here: openssf.org/newsletter/2...

Maintainers: make your project’s security visible.

Start with the #OpenSSF Baseline and earn your badge:

🔗 openssf.org/blog/2026/02...

Now live: ROI for Open Source Software Contribution

The data is clear:
• 2 to 5x ROI
• Faster security response
• Less technical debt

Read the report: openssf.org/resources/ro...

#OpenSSF

Security Slam 2026 Whether you're a maintainer, active contributor, interested in making contributions, or simply an end user cheering on the projects you depend on, getting up to speed with the Security Slam is a quick process.

We participate in the #SecuritySlam, concluding March 20, just in time for #KubeCon: securityslam.com/slam26/parti...

This is not a traditional hackathon. "The Slam" has 5 key objectives that center around the #OpenSSF Open Source Project Security Baseline: securityslam.com/slam26/

Join us?

SBOMデータ活用によるリスク管理の新たな指針が公開 OpenSSFが公開したホワイトペーパーは、SBOMデータを通じてリスク管理の意思決定を改善する方法を詳しく解説。全エンジニアリング部門へ応用可能なガイドラインを提供します。

SBOMデータ活用によるリスク管理の新たな指針が公開 #OpenSSF #CISA #SBOMデータ

OpenSSFが公開したホワイトペーパーは、SBOMデータを通じてリスク管理の意思決定を改善する方法を詳しく解説。全エンジニアリング部門へ応用可能なガイドラインを提供します。

AIと機械学習の安全性を高める新たなガイドが登場！ OpenSSFが発表した「Visualizing Secure MLOps」の日本語版が遂に公開！AI/MLパイプラインのセキュリティ構築に役立つ実践的ガイド。全ての実務者必見。

AIと機械学習の安全性を高める新たなガイドが登場！ #AIセキュリティ #MLOps #OpenSSF

OpenSSFが発表した「Visualizing Secure MLOps」の日本語版が遂に公開！AI/MLパイプラインのセキュリティ構築に役立つ実践的ガイド。全ての実務者必見。

LinkedIn This link will take you to a page that’s not on LinkedIn

FOSDEM is just around the corner, and OpenBao is ready! 🚀

Come visit us at our shared stand with OpenTofu (Location: K.1.C.06).

📍 Check the map to find us: nav.fosdem.org/l/k1-c-06/@1...

#OpenBao #SecretsManagement #OpenSSF #OpenSource #Security #FOSDEM

Strengthening Open Source Security Through Community: Introducing OSSAfrica Open Source & Security Africa (OSSAfrica) is a community-led initiative bringing together people who care about open source and security across the continent. We're building connections between contributors, software developers, maintainers, researchers, and security professionals.

🔍 VEX promises clarity in vulnerability management, but adoption is still uneven.

This #OpenSSF community paper looks at:
• What’s working (and what isn’t)
• CSAF vs OpenVEX vs SPDX vs CycloneDX
• Tooling gaps, trust, and regulation
...and more.

🔗: openssf.org/blog/2026/01...

Signal in the Noise: An Industry-Wide Perspective on the State of VEX Abstract: Software security has always been a race between complexity and clarity. The Vulnerability Exploitability eXchange (VEX) aims to bring clarity to that race.

Your Guide to the OpenSSF OSPS Baseline for More Secure Open Source Projects The Open Source Project Security (OSPS) Baseline is a community-developed catalog of practical security controls that helps open source projects understand what good security looks like and how to improve over time.

I was looking at the @openssf@social.lfx.dev OpenSSF annual report and wondering which kind of open source they use for their publishing.

I was looking at the @openssf OpenSSF annual report and wondering which kind of open source they use for their publishing.

Maybe one day, open source foundations will actually use open and free software.

#opensource #openssf #freesoftware

Catching Malicious Package Releases Using a Transparency Log Trail of Bits, with funding from OpenSSF, is improving Sigstore’s rekor-monitor to help maintainers detect malicious package releases, monitor signing identities, and strengthen software supply chain security using transparency logs.

The December 2025 #OpenSSF Newsletter is live 🎉

Featuring the 2025 Annual Report, free education courses, new podcast episodes, project updates, and upcoming events across the open source security community.

Read it here 👉 openssf.org/newsletter/2...

🎙️ New episode of What’s in the SOSS is live!

Justin Cappos from @nyutandon.bsky.social joins #OpenSSF to talk about software supply chain security education, open source collaboration, and preparing students for real world security work.

🎧 Listen here: openssf.org/podcast/2025...

What’s in the SOSS? Podcast #47 – S2E24 Teaching the Next Generation: Software Supply Chain Security in Academia with Justin Cappos NYU professor Justin Cappos joins the OpenSSF podcast to discuss why software supply chain security is missing from most university curricula -- and how hands-on, open source-first education can change that.

🎉 We’re excited to share our 2025 Annual Report, highlighting the milestones & collective achievements that shaped this year. Read the blog for a first glimpse into the stories, challenges, and quiet breakthroughs behind the numbers.

📘 Blog: openssf.org/blog/2025/12...

#OpenSSF #2025Wrapped

Newsletter #010: Wrapping Up the Year with Talks, Security Work and Big Releases 🎁 This month brought a new talk, a deep dive into secure publishing, key Express releases, OSSF Scorecard updates, and several ecosystem improvements around security and governance.

🔖 The latest issue of my #newsletter is out, issue 010.

Stories from reviving #Expressjs & reimagining #Lodash, secure publishing on #npm, why #OSS doesn’t fail because of code, backlog updates & #OpenSSF #Scorecard ✨

blog.ulisesgascon.com/newsletter-i...

🌟 Security Insight: A New OpenSSF Project Highlight

Eddie Knight explains Security Insights, an OpenSSF specification that assists projects in publishing important security statistics in an organized, machine-readable way.

Watch the video: youtu.be/kWpncbcqscc?...

#OpenSSF

New What’s in the SOSS episode with Jay White from Microsoft. We talk AI, model signing, supply chain security, and why community collaboration matters.

Listen here: openssf.org/podcast/2025...

#OpenSSF

🌟 New OpenSSF Project Spotlight 💃

In this interview, SLSA Steering Committee member Tom Hennen (Google) breaks down how SLSA is helping organizations strengthen trust across the software supply chain.

Watch the full Project Spotlight:
🔗 www.youtube.com/watch?v=gdYl...

#OpenSSF #SLSA #OSSSecurity

The November #OpenSSF Newsletter is live.

Cyber Week deals, CRA insights, OSFF NYC highlights, new members, podcasts, Zarf, OpenBao, SBOM updates, and more.

openssf.org/newsletter/2...

KubeCon Keynote Recap: “Supply Chain Reaction” and Why the OSPS Baseline Matters More Than Ever At KubeCon+CloudNativeCon North America, Stacey Potter (OpenSSF) and Adolfo García Veytia delivered one of the most memorable and entertaining keynotes of the week: “Supply Chain Reaction: A Cautionary Tale in Kubernetes Security.”