Open energy models are critical infrastructure — and security matters.
The Openmod Tracker now integrates OpenSSF Scorecards, helping assess security risks across 220+ open energy system modelling tools. You can explore scores for maintenance, CI testing, licensing, and more directly in the dashboard.
When you can see the security holes, you can act on them.

❤️‍🩹 Check your tool’s health: https://openmod-tracker.org
🔗 OpenSSF: https://github.com/ossf/scorecard
#OpenSource #EnergySystemModeling #OpenSSF

"The Open Source Security Foundation (OpenSSF) is a community of software developers, security engineers, and more who are working together to secure open source software for the greater public good."

https://openssf.org/

#openssf #devsecops #opensource

We’re proud to share that the FreeBSD Foundation has joined the Open Source Security Foundation (OpenSSF) as an Associate Member.

We look forward to collaborating with the OpenSSF community to strengthen the resilience and sustainability of open-source security worldwide.

Read the full announcement from the Linux Foundation:
https://www.linuxfoundation.org/press/openssf-notes-quarter-of-growth-with-new-members-added-ai-security-resources-and-growing-community

#FreeBSD #OpenSSF #CyberSecurity #LinuxFoundation

For folks who are thinking about locally patching open-source software to fix what they think is a bug (_especially_ if they think it's a security vulnerability), I think that's a path to https://www.xkcd.com/424/

#InfoSec #CVE #OpenSource #Mythos #Glasswing #OpenSSF

The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain.

Read the blog by Helen Woeste (OSTIF):

https://openssf.org/blog/2026/05/12/hack-to-the-future-the-impact-and-legacy-of-the-darpa-aixcc-challenge/

In 2023, DARPA announced a two-year long competition called the Artificial Intelligence Cyber Challenge (AIxCC), a massive undertaking by dozens of organizations with the goal to safeguard open source software used in critical infrastructure throughout America.

Read about the work on our blog: https://ostif.org/hack-to-the-future/

#OSTIF #DARPA #OpenSSF #OpenSource #AI

OSSGuard — one CLI to scan your project and tell you exactly which OpenSSF security practices are missing: Scorecard, SLSA, SBOM, Sigstore, and more.

Works with Python, Go, JS, Rust, Java, C/C++.

pip install ossguard
brew install kirankotari/tap/ossguard
npx ossguard

https://github.com/kirankotari/ossguard

#OpenSSF #SupplyChainSecurity #DevSecOps #OpenSource #DevOps #Python #Node #Golang #Community

En relation avec le toot précédent:

"En mars 2024, XZ Utils — un utilitaire de compression présent sur quasiment tous les serveurs Linux — a été compromis par une backdoor planquée pendant deux ans. L'attaquant avait gagné la confiance du mainteneur, obtenu les droits de commit, puis injecté du code malveillant permettant une exécution de code à distance via SSH. [..] OpenSSF Scorecard apporte une réponse objective à cette question de confiance. "

#openssf

https://blog.stephane-robert.info/docs/securiser/supply-chain/scorecard/

The CPS project has just officially secured the #OpenSSF Gold Badge.

CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project.

Read the full story: https://openssf.org/blog/2026/05/07/the-road-to-gold-how-cps-set-a-new-standard-for-security-and-quality-in-open-source/