Guest blog opportunities are open to members, with limited exceptions for active contributors and thought leaders. Share your insights on open source security with our community.
OpenSSF Blog
Jan 9, 2026 |
In Blog
Collecting Badges, Building Bridges: Representing OpenSSF and Linux Foundation Across Europe
There is a particular feeling that comes with wearing a conference badge that carries more weight than your name. It is the quiet awareness that you are not just attending an event; you are representing a global community, its values, and its future direction. Read more.
Jan 8, 2026 |
Signal in the Noise: An Industry-Wide Perspective on the State of VEX
Abstract: Software security has always been a race between complexity and clarity. The Vulnerability Exploitability eXchange (VEX) aims to bring clarity to that race. Read more.
Jan 7, 2026 |
In Blog
Your Guide to the OpenSSF OSPS Baseline for More Secure Open Source Projects
The Open Source Project Security (OSPS) Baseline is a community-developed catalog of practical security controls that helps open source projects understand what good security looks like and how to improve over time. Read more.
Jan 5, 2026 |
In Blog
AI, Software Development, Security, Tips, and the Future (Part 2)
This is part 2 of a 2-part article where I’ll briefly discuss the impact of Artificial Intelligence (AI) on software development. Read more.
Dec 29, 2025 |
In Blog
AI, Software Development, Security, Tips, and the Future (Part 1)
This is part 1 of a 2-part article discussing the impact of Artificial Intelligence (AI) on software development. In this part, I’ll note that AI use during software development is now the norm, despite frequent errors in AI-generated results, because productivity is king. I’ll then discuss its potential security implications. Read more.
Dec 19, 2025 |
Catching Malicious Package Releases Using a Transparency Log
Trail of Bits, with funding from OpenSSF, is improving Sigstore’s rekor-monitor to help maintainers detect malicious package releases, monitor signing identities, and strengthen software supply chain security using transparency logs. Read more.
Dec 12, 2025 |
From Beginner to Builder: Free OpenSSF and Linux Foundation Education Courses
Whether you're just getting started with open source security or want to deepen your knowledge, these free courses from Linux Foundation Education and OpenSSF offer valuable, self-paced learning paths. Each is available online and designed to help contributors understand both the technical and community aspects of secure open source development. Read more.
Dec 11, 2025 |
In Blog
OpenSSF 2025 Annual Report Is Live: A Year of Global Growth, Security Wins, and Community Momentum
As the year comes to a close, we’re excited to share the OpenSSF’s 2025 Annual Report, a look at the milestones, momentum, and community-driven achievements that made this year remarkable. We invite you to celebrate the progress, creativity, and collaboration that continue to shape a safer and more resilient open… Read more.
Dec 5, 2025 |
In Blog
Recap: OpenSSF Community Day Korea 2025
OpenSSF Community Day Korea took place on November 4, 2025, in Seoul, bringing developers and security engineers together for a day of practical discussions on software security. Read more.
Nov 19, 2025 |
In Blog
KubeCon Keynote Recap: “Supply Chain Reaction” and Why the OSPS Baseline Matters More Than Ever
At KubeCon+CloudNativeCon North America, Stacey Potter (OpenSSF) and Adolfo GarcĂa Veytia delivered one of the most memorable and entertaining keynotes of the week: “Supply Chain Reaction: A Cautionary Tale in Kubernetes Security.” Read more.
