OpenSSF19h ago

The #OpenSSF Mentorship Program 2026 cycle is here! Whether you're a student looking to learn or a pro ready to lead, join us.

🎧 Inside Scoop: Check out the latest What’s in the SOSS? Podcast to hear how mentees become project maintainers. https://openssf.org/podcast/2026/03/17/whats-in-the-soss-podcast-56-s3e8-empowering-new-maintainers-inside-the-openssf-mentorship-program/

pgoninMar 10
If you are a Β« distributor Β» of flannel (you build a product that includes flannel), you should have a look at this announcement regarding Embargoed Vulnerability Disclosure Process
https://github.com/flannel-io/flannel/discussions/2379
#flannel #openssf #cra
OpenSSFFeb 26

Huge updates in the world of Open Source Security! πŸ”

The #OpenSSF February Newsletter is out, and it is packed with resources for developers and security teams.

Stay ahead of the curve and check out the full breakdown here: https://openssf.org/newsletter/2026/02/26/openssf-newsletter-february-2026/

OpenSSF Newsletter February 2026: AI Security & Compiler Hardening

Stay updated with the February 2026 OpenSSF newsletter. Featuring insights on securing agentic AI, C/C++ compiler annotations, Security Slam 2026, and the EU Cyber Resilience Act.

Open Source Security Foundation
OpenSSFFeb 25

Maintainers: make your project’s security visible.

Start with the #OpenSSF Baseline and earn your badge:

πŸ”— https://openssf.org/blog/2026/02/25/getting-an-openssf-baseline-badge-with-the-best-practices-badge-system/

OpenSSFFeb 24

Now live: ROI for Open Source Software Contribution

The data is clear:
β€’ 2 to 5x ROI
β€’ Faster security response
β€’ Less technical debt

Read the report: https://openssf.org/resources/roi-for-open-source-software-contribution/

#OpenSSF

OpenSSFFeb 23

AI is reshaping open source software and expanding the attack surface.

Join our Tech Talk on Securing Agentic AI to explore practical approaches to managing risk, trust, and control in AI-driven systems.

Plus, learn how to build your skills with #OpenSSF training.

Register: https://openssf.org/resources/tech-talks/tech-talk-securing-agentic-ai-in-practice-from-openssf-guidance-to-real-world-implementation/

CloudNativePGFeb 23

We're participating in the #SecuritySlam, concluding March 20, just in time for (the award ceremony at) #KubeCon: https://securityslam.com/slam26/participating-projects

This is not a traditional hackathon. Rather, "The Slam" has 5 key objectives that center around the Open Source Project Security Baseline which was created by and for maintainers, and distributed by the #OpenSSF: https://securityslam.com/slam26/

To register: https://securityslam.com/slam26/register

OpenSSFFeb 12

Modern compilers offer powerful annotation features that improve memory safety, correctness, diagnostics, and performance, but they’re often underused.

This #OpenSSF's new Compiler Annotations for C & C++ guide explains how to use them effectively.

πŸ”—: https://openssf.org/blog/2026/02/12/fill-out-all-the-margins-%f0%9f%93%96-openssf-releases-compiler-annotations-guide-for-c-and-c/

OpenSSFJan 8

πŸ” VEX promises clarity in vulnerability management, but adoption is still uneven.

This #OpenSSF community paper looks at:
β€’ What’s working (and what isn’t)
β€’ CSAF vs OpenVEX vs SPDX vs CycloneDX
β€’ Tooling gaps, trust, and regulation
...and more.

πŸ”—: https://openssf.org/blog/2026/01/08/signal-in-the-noise-an-industry-wide-perspective-on-the-state-of-vex/

Alexandre DulaunoyDec 22

I was looking at the @openssf OpenSSF annual report and wondering which kind of open source they use for their publishing.

Maybe one day, open source foundations will actually use open and free software.

#opensource #openssf #freesoftware