"The Open Source Security FoundationBest Practices badge is a way for Free/Libre and Open Source Software projects to show that they follow best practices.
Projects can voluntarily self-certify, at no cost […] to explain how they follow each best practice."
#FLOSS #opensource #security #OpenSSF #NIS2 #CyberResilienceAct
✨Exciting news in May across the #OpenSSF community—don’t miss the momentum!
📬 Read the May newsletter: https://openssf.org/newsletter/2025/05/22/openssf-newsletter-may-2025/
What does collaboration on secure builds look like?
Ericsson contributed its C/C++ Compiler Options Hardening Guide to the #OpenSSF Best Practices WG—earning insights that strengthened the guide for everyone.
📢 CFP is open for #OpenSSFCommunity Day Korea — Nov 4 in Seoul, colocated with the Linux Foundation's Open Source Summit Korea!
🗓 Submit by Aug 3 (23:59 KST | 06:59 PST)
🔗 https://events.linuxfoundation.org/openssf-community-day-korea/program/cfp/
New podcast episode! 🎙️
Meet Stacey Potter, the new Community Manager at #OpenSSF. From startup ops to open source advocacy, Stacey shares her journey and hopes for a more inclusive security future.
Listen → https://openssf.org/podcast/2025/05/06/whats-in-the-soss-podcast-29-s2e06-showing-up-fully-meet-openssfs-new-community-manager-stacey-potter/
#OpenSSF Community Day India 2025 is happening on 4 Aug, Hyderabad.
The CFP deadline is 4 May 23:59 IST, and they're open to talks about Security Education, Research, Tooling, Public Policy and the AI/Security space as well.
📢 #OpenSSF just launched a free course to help developers get ready for the EU #CRA — and nearly 2,000 people enrolled in the first week!
✅ Understand the CRA’s key requirements
✅ Learn how to start preparing for 2026 enforcement
➡️ Full announcement: https://openssf.org/press-release/2025/04/29/openssf-launches-free-course-to-prepare-developers-for-the-eu-cyber-resilience-act/
The #OpenSSF Memory Safety SIG just released the #MemorySafety Continuum!
Practical steps to tackle memory safety risks and strengthen #OSSSecurity — no matter where you are today.
👉 Read more: https://https://openssf.org/blog/2025/04/28/announcing-the-release-of-the-memory-safety-continuum/
🔒 #RSTUF has successfully completed an independent security audit, supported by #OpenSSF and coordinated by OSTIF!
Security audits like this strengthen trust, transparency, and resilience across our ecosystem. Read more & get involved: https://openssf.org/blog/2025/04/25/repository-service-for-the-update-framework-rstuf-reaches-new-security-milestone-with-successful-audit/
🎧 In this episode of What’s in the SOSS? #OpenSSF Podcast, host CRob sits down with the “Council of Daves” – Dr. David A. Wheeler (OpenSSF) and Dave Russo (Red Hat) – to talk secure development and why training both devs and managers is mission-critical.
🎙️ New Podcast Episode – What’s in the SOSS?
Meet Steve Fernandez, the new GM of #OpenSSF.
Don’t miss this powerful conversation about leadership, security, and the future of open source.
🎧 Listen now → https://openssf.org/podcast/2025/04/15/whats-in-the-soss-podcast-26-s2e04-enterprise-to-open-source-steve-fernandezs-journey-to-the-openssf/
📣 Announcing v1.0 of the model-signing project, developed by the #OpenSSF AI/ML WG! This project enables signing + verifying ML models of any size/format using #sigstore, self-signed certs, or key pairs. Read the blog to learn more & get involved: https://openssf.org/blog/2025/04/04/launch-of-model-signing-v1-0-openssf-ai-ml-working-group-secures-the-machine-learning-supply-chain/
🔐 #OpenSSF is sponsoring #VulnCon 2025, happening April 7-10 at the McKimmon Center in Raleigh, NC!
Join the community! Virtual admission through April 4: https://www.first.org/conference/vulncon2025/
OpenSSF's Open Source Project Security Baseline is a game-changer for securing open-source projects. https://jpmellojr.blogspot.com/2025/04/openssf-guidelines-encourage-oss.html #OpenSSF #SecurityBaseline #OpenSource #SecureCoding #SoftwareDevelopment
Compiler Options Hardening Guide for C and C++
#HackerNews #CompilerHardening #C #C++ #Security #BestPractices #OpenSSF
🔍 How can we better protect open source ecosystems from supply chain attacks?
Datadog, an #OpenSSF member, advances security with #GuardDog, an open source tool detecting malicious packages in PyPI & npm while contributing to a public threat dataset.
Read the blog: https://openssf.org/blog/2025/03/28/guarddog-strengthening-open-source-security-against-supply-chain-attacks/
📬 The March 2025 #OpenSSF Newsletter is here!
🔹 Community Days
🔹 Policy Summit Washington, D.C.
🔹 Season 2 of What’s in the SOSS? Podcast
🔹 New, free course for software development managers
🔹 Project and working group updates
https://openssf.org/newsletter/2025/03/25/openssf-newsletter-march-2025/
"#OpenSSF Defines Baseline for Securing #OpenSource #Software"
ICYMI, a new #OSS project aims to standardize a #cybersecurity framework for OSS maintainers.
Love it! Coz my research has shown breaking down org boundaries has a very strong correlation with #DevOps success!
https://devops.com/openssf-defines-baseline-for-securing-open-source-software/
🌟 Community Day India is back! 🌟
Co-located with #KubeCon India, this is your chance to engage with the brightest minds in software security.
🎤 Submit your proposal by Sunday, April 27.
https://events.linuxfoundation.org/openssf-community-day-india/
#OpenSSF #OpenSSFCommunity #OSSSecurity
📢 Is the open source ecosystem ready for the Cyber Resilience Act?
62% of respondents remain unfamiliar with CRA, and compliance challenges are emerging. This new Linux Foundation Research report, in partnership with OpenSSF and LF Europe, explores key findings.
Read more ⬇️
🔗 https://www.linuxfoundation.org/research/cra-readiness?hsLang=en
