Voila- the results of OSTIF's security audit of Paramiko! Thanks to the contributions of @quarkslab and Alpha-Omega, this project received custom security work reviewing Paramiko’s testing, building and CI systems, and cryptography.
Read about our work on the Python implementation of the SSHv2 protocol at our blog: https://ostif.org/paramiko-audit-complete/
In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments.
@BrideOfLinux I enjoyed your article – thanks. Discovered three months after publication via <https://vermaden.wordpress.com/2026/05/04/valuable-news-2026-05-04/>.
Just one thing:
"… Isn’t this exactly what the Open Source Security Foundation was established to handle in the wake of OpenSSL’s difficulties?"
I 'm not certain. The roadmap at <https://openssf.org/about/> begins:
"The OpenSSF strategy is outlined across three key areas:
We will be a Catalyst for Change, we will Educate and Empower the Modern Developer, and we will be an Ecosystem Leader. …"
There's much more than a roadmap – and I didn't attempt to digest the charter (it's difficult to read, with the watermark) – it's difficult to tell why the OSSF was established, and so on. I don't doubt that the Foundation does great work, there's just a lot to take in. @openssf
In the case of sudo: I imagine that the media was a catalyst for change. Some time between mid-February and 3rd March, the plea for sponsorship disappeared:
― <https://web.archive.org/web/20260215044031/https://www.millert.dev/>
― <https://web.archive.org/web/20260305141311/https://www.millert.dev/>.
(I recall reading the article in The Register, which was discussed in Reddit <https://old.reddit.com/r/programming/duplicates/1qwsvh9/sudos_maintainer_needs_resources_to_keep_utility/>, and so on.)
#OpenSSF warns of hackers impersonating Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.
Read: https://hackread.com/openssf-malware-slack-linux-foundation-figures/
In our latest OpenSSF Tech Talk, OpenSSF members dismantled the AI "black box."
Read the recap to learn about the SAFE-#MCP threat catalog, how to secure the 3,000+ open source dependencies in the typical AI stack, and more!
https://openssf.org/blog/2026/04/08/openssf-tech-talk-recap-securing-agentic-ai/
The #OpenSSF Ambassador Program is now accepting applications for its first cohort. We are looking for 10-15 advocates to lead local initiatives, mentor developers, and represent the Open Source Security Foundation worldwide.
The #OpenSSF March newsletter is live! Featuring:
- New funding from AWS, Google, Microsoft, and others to secure AI 💰
- Launch of the OpenSSF Ambassador Program
- The new Gemara Model for GRC engineering
Read more: https://openssf.org/newsletter/2026/03/26/openssf-newsletter-march-2026/
Subscribe: https://openssf.org/newsletter/#newsletter
📣 We're launching the OpenSSF Ambassador Program!
Applications are now open on a rolling basis. Help us create a future where software is universally trusted and secure.
Learn more: https://openssf.org/blog/2026/03/23/introducing-the-openssf-ambassador-program/
OSTIF
OpenSSF
Graham Perrin
CloudNativePG
Hackread.com
Florian Schmidt