The Gemara (pronounced "gem-mara" 💎) project provides a logical model to describe compliance activity categories, how they interact, and the schemas to enable automated interoperability.

Watch the Spotlight: https://www.youtube.com/watch?v=aKhebJxVntI

#OSSSecurity

#AgenticAI is moving fast -- but is it secure? 🤖🔐

📅 Join us for an OpenSSF Tech Talk on the practical realities of securing agentic systems on March 17, 1PM ET!

Hear from experts from Microsoft, Canonical, TestifySec, and Thread AI!

Register: openssf.org/resources/te...

#OSSSecurity

Think you need special permission to contribute to OpenSSF? Think again. ❌

#OSSSecurity thrives on diverse perspectives. Whether you’re into AI/ML security, policy, or dev best practices, there’s a seat at the table for you. 🪑

Read: openssf.org/blog/2026/03...

Package repository security impacts every OSS ecosystem. 🔐

OpenSSF convened npm, PyPI, Maven Central, RubyGems, crates.io & more to tackle shared challenges -- from identity to governance and sustainability.

Read: openssf.org/blog/2026/02...

#OSSSecurity

What Does The Sonatype 2026 State of the Software Supply Chain Report Reveal? Programming book reviews, programming tutorials,programming news, C#, Ruby, Python,C, C++, PHP, Visual Basic, Computer book reviews, computer history, programming history, joomla, theory, spreadsheets...

What Does The #Sonatype 2026 State of the Software Supply Chain Report Reveal?-
" Sonatype has released this year's report with a number of interesting findings. Let's dig into it."
On IProgrammer: cutt.ly/itne2PAs

#devsecops #sbom #softwaresupplychain #cybersecurity #OSSSecurity @openssf.org

Open Source #SecurityCon Europe 2026 is heading to Amsterdam 🇳🇱

This blog highlights speakers & perspectives from across the OpenSSF community, all bringing hands-on experience from production environments.

Read the blog: openssf.org/blog/2026/02...

#OSSSecurity

OpenSSF community will be at #FOSDEM2026 this week, bringing practical perspectives on CRA readiness, vulnerability intelligence, SBOMs, and software supply chain security 🔐

Read the blog and find out where to find us & what not to miss: openssf.org/blog/2026/01...

#OSSSecurity

🎉 We’re excited to share a new blog introducing OSSAfrica, an OpenSSF community-led initiative focused on strengthening open source security across Africa by bringing people together across roles, experience levels, and geographies.

Read: openssf.org/blog/2026/01...

#OSSSecurity

Strengthening Open Source Security Through Community: Introducing OSSAfrica Open Source & Security Africa (OSSAfrica) is a community-led initiative bringing together people who care about open source and security across the continent. We're building connections between contributors, software developers, maintainers, researchers, and security professionals.

🎉 OpenSSF’s 2026 Themes are here, and so is Honk’s 2026 Vision Board, inspired by our new blog post that outlines the community roadmap for securing the future of open source!

Read the blog & see how themes align with our 2026 priorities: openssf.org/blog/2026/01...

#OSSSecurity

Conference badges can mean more than a name 🎟️

Madalin shares what it has meant to represent the Open Source Security Foundation and The Linux Foundation across Europe 🌍 from #opensource events to policy rooms and standards discussions.

Read the story: openssf.org/blog/2026/01...

#OSSSecurity

Signal in the Noise: An Industry-Wide Perspective on the State of VEX Abstract: Software security has always been a race between complexity and clarity. The Vulnerability Exploitability eXchange (VEX) aims to bring clarity to that race.

🎙️ "What's in the SOSS?" Podcast Season Finale is live!

Join co-hosts CRob & Yesenia for a special season finale celebrating OpenSSF’s 5th anniversary, & a look back at a truly transformative year for open source security. 🛡️

🎧 Listen: openssf.org/podcast/2025...

#OSSSecurity

From Beginner to Builder: Free OpenSSF and Linux Foundation Education Courses Whether you're just getting started with open source security or want to deepen your knowledge, these free courses from Linux Foundation Education and OpenSSF offer valuable, self-paced learning paths. Each is available online and designed to help contributors understand both the technical and community aspects of secure open source development.

Recap: OpenSSF Community Day Korea 2025 OpenSSF Community Day Korea took place on November 4, 2025, in Seoul, bringing developers and security engineers together for a day of practical discussions on software security.

🌟 New OpenSSF Project Spotlight 💃

In this interview, SLSA Steering Committee member Tom Hennen (Google) breaks down how SLSA is helping organizations strengthen trust across the software supply chain.

Watch the full Project Spotlight:
🔗 www.youtube.com/watch?v=gdYl...

#OpenSSF #SLSA #OSSSecurity

Last week at #KubeCon, Stacey and Adolfo delivered one of the most memorable and entertaining keynotes.

This recap breaks down what happened on stage and why it captured so much attention across the conference. Read now: openssf.org/blog/2025/11...

#OSSSecurity

💬 Last month, LF Europe (@linuxfoundationeu.bsky.social), OpenSSF, and CEPS brought the open source community together in Ghent and Brussels for a full week of conversations on security, collaboration, and Europe’s digital future.

Read the recap: openssf.org/blog/2025/11...

#OSSSecurity

Join us at #KubeCon for a deep-dive on SBOMit -- a build-time technique for generating in-toto attestations and using them to produce SBOMs that don’t miss dependencies.

📅 Tue, Nov 11, 2025
🕑 2:00–5:00 PM
📍 Building B | Level 2 | Room B213

#SBOM #OSSSecurity

Open Source Is Not Just About Software Programming book reviews, programming tutorials,programming news, C#, Ruby, Python,C, C++, PHP, Visual Basic, Computer book reviews, computer history, programming history, joomla, theory, spreadsheets...

Open Source Is Not Just About Software
It's about infrastructure as well - An Open Letter from the Stewards of Public Open Source Infrastructure
On IProgrammer➡️ cutt.ly/8rNkGbDu

#opensource #oss #OSSsecurity
@openssf.org @linuxfoundation.org

🚆 From Ghent to Brussels!

At the end of October, OpenSSF, the Linux Foundation, and Linux Foundation Europe will host three gatherings advancing security, policy, and collaboration across Europe’s open source ecosystem.

👉 Learn more: openssf.org/blog/2025/09...

#CRA #OSSSecurity

On August 15, GitHub’s Open Source Friday spotlighted the OpenSSF Global Cyber Policy WG in a live session hosted by Kevin Crosby, GitHub.

📖 Read the recap blog, watch the replay, and explore ways you can join the conversation: openssf.org/blog/2025/09...

#OSSSecurity

🌏 #India is rapidly climbing the charts in OSS contributions. But as Ram Iyengar notes, “They were doing all of this with zero awareness of security.”

Learn how OpenSSF's building India's #OSSSecurity community: openssf.org/blog/2025/07...

Join us: events.linuxfoundation.org/openssf-comm...

Welcome to the OpenSSF family, OpenBao Project! 🎉

#OpenBao is a new sandbox project focused on secure secrets and encryption management—originally forked from Vault & now evolving to serve open source communities even better.

Read the blog: openssf.org/blog/2025/06...

#OSS #OSSSecurity

🚨 It’s happening at 1PM ET—don’t miss it!

🎙️ CRA-Ready: How to Prepare Your Open Source Project for EU Cybersecurity Regulations
🔗 Register now: openssf.org/resources/te...
📍 Where: Zoom!

What does the EU’s #CRA mean for open source—and how can your project stay ahead?

#OSSSecurity

🚨 CI/CD attacks are on the rise.

New blog breaks down recent tj-actions & reviewdog breaches—and offers practical tips for hardening GitHub Actions workflows.

A must-read for open source maintainers: openssf.org/blog/2025/06...

#OSSSecurity

🧰 #SBOMs are the foundation of understanding your software supply chain, but picking the right tool can be tricky. Read this guest blog as Nathan walks through key SBOM generation tools:
openssf.org/blog/2025/06...

#OpenSSF #OSSSecurity

There’s still time to submit your talk for #OpenSSFCommunity Day Europe, happening on 28 August in Amsterdam! 🇳🇱

🗓️ CFP closes 26 May at 23:59 CEST
📖 Read the blog: openssf.org/blog/2025/05...
🎤 Submit your proposal now: events.linuxfoundation.org/openssf-comm...

#osssecurity

📢 The OpenSSF #BestPractices WG has released a new guide: Simplifying Software Component Updates.

Modern software is mostly reused software, often made up of thousands of OSS components.

📖 Read the blog and learn about the guide: openssf.org/blog/2025/05...

#OSSSecurity