@openssf profile picture
OpenSSF @openssf
Joined August 2020
  • Tweets 2,174
  • Following 29
  • Followers 5,925
1,239 Photos and videos
Pinned Tweet
OpenSSF@openssf
8 Dec 2025
🎉 The 2025 OpenSSF Annual Report has officially arrived!!! We invite you to celebrate another year of progress, creativity, and collaboration shaping a safer, more resilient open source community. Download the report: openssf.org/download-the-202… #AnnualReport #OSSSecurity
0:05
1
3
18
1,795
How did the "Mini Shai-Hulud" attack compromise 170 packages while maintaining valid SLSA Build L3 attestations? Read the full blog to see where SLSA’s boundaries fall and how to secure your pipeline with defense in depth. 🔗: openssf.org/blog/2026/06/10/…
2
6
471
The 2026 CRA Awareness & Readiness Report by The Linux Foundation Research and OpenSSF is officially out, and the data reveals a sobering reality for the global software ecosystem as the European CRA deadlines approach. Download the report: openssf.org/resources/public…
3
118
How do we move from isolated security patches to a systemic, resilient software supply chain? Read the #OpenSSFCommunity Day NA recap and see how the community has been unifying tools, navigating AI, and securing the OSS. openssf.org/blog/2026/06/05/…
1
127
Abandoned projects introduce hidden risks into your software supply chain. On the latest episode of the What’s in the SOSS? podcast, host CRob sits down with Isaac Wuest from HeroDevs to examine End-of-Life (EOL) open source software. hubs.ly/Q04jLjnk0
0:20
2
4
443
Learn why machine-readable security signals provide the practical foundation for automated due diligence. These signals function as voluntary mechanisms for upstream transparency, not formal assurances or a transfer of legal liability. Link in the comments.
1
1
2
462
Read the blog: openssf.org/blog/2026/05/29/…

Machine-Readable Signals for CRA Due Diligence | OpenSSF

Manual software supply chain compliance is no longer viable. Learn how machine-readable signals enable continuous, scalable due diligence under the Cyber Resilience Act.

openssf.org
368
OpenSSF retweeted
Techstrong TV
@TechstrongTV
May 22
🚀 Software risk is becoming a board-level issue. Mike Vizard talks with Christopher Robinson of OpenSSF about the EU Cyber Resilience Act, vulnerability reporting, software dependencies and using business-focused risk language. Watch: techstrong.tv/videos/intervi…
0:28
7
5
818
Live from #OpenSSFCommunity Day North America! 🎉 We're celebrating an incredible quarter of growth and officially welcoming our newest members to the Foundation: ActiveState, Aikido Security, Minimus, TuxCare, and the FreeBSD Foundation! hubs.ly/Q04ht-_70
3
8
401
We've seen a concerning rise in targeted attacks on upstream registries like npm and PyPI through malicious packages. But how do you actually defend against them day-to-day? Learn how to strengthen your supply chain security: hubs.la/Q04hl3cR0
1
6
327
AI is flooding open source projects with vulnerability reports faster than maintainers can handle. @OpenSSF and @CNCF just dropped the free playbook. "This is math, not magic. And with the right practices, it is manageable." Download your copy: hubs.la/Q04h9_Fy0
3
6
704
From UI/UX to OpenSSF Contributor: Ejiro Oghenekome on What’s in the SOSS? Ejiro shares insights from her "100 Days of Cybersecurity" challenge and her leadership in authoring the "Beginner to Builder" series. hubs.la/Q04h7zm_0
0:23
3
4
320
Is your organization ready for the European Cyber Resilience Act (CRA)? New EU rules mandate "security by design" for digital products. The second Linux Foundation Research survey launches this June, learn why the ecosystem is falling behind. hubs.la/Q04gZHss0
2
3
389
The OpenSSF released the Secure Coding Guide for #Python (PySCG). This practical resource offers 50 rules and code examples to help developers mitigate vulnerabilities in open source software. 🐍 Read the blog: openssf.org/blog/2026/05/12/… Access the guide: best.openssf.org/Secure-Codi…
4
7
393
The AI Cyber Challenge (AIxCC) results are in and the work continues through new #OpenSSF projects like OSS-CRS and FuzzingBrain. Read the blog by Helen Woeste (OSTIF): hubs.la/Q04gcT900
2
5
313
The CPS project has just officially secured the #OpenSSF Gold Badge. CPS is the first project within the LFN community to hit this milestone. This badge proves that security and quality are baked into the DNA of the project. Read the full story: openssf.org/blog/2026/05/07/…
6
344
Open Infrastructure Is Not Free Part II 10 trillion open source package downloads in 2026. Still running on donations and volunteers. AI is accelerating attacks. The Sustaining Package Registries WG is here to help. hubs.la/Q04fB--M0 #PreserveOpenSource
6
11
8,783
In the latest What's in the SOSS?, Sally Cooper sits down with Brandt Keller from Defense Unicorns to talk about Zarf, @CloudNativeFdn-ecosystem #OpenSSF Sandbox Project built to package, transfer, and deploy software in air-gapped environments. hubs.la/Q04fqs4K0
0:21
2
5
432
Join us for #OpenSSFCommunity Day North America on May 21! 📅 We are grateful for the support of @HondaJP, our Gold Sponsor, in our mission to secure the open source software ecosystem. Register & join the conversation on software supply chain security: events.linuxfoundation.org/o…
4
257
The April OpenSSF Newsletter is here! 📰 Big things are happening in the world of open source security. Topping the list: #OpenSSFCommunity Day North America is happening May 21st in Minneapolis! Read the Newsletter: openssf.org/newsletter/2026/…
1
7
208
The #OpenSSFCommunity Day agenda is live! Mark your calendar for May 21 in Minneapolis and start planning your schedule by bookmarking your favorite sessions. Read the agenda highlight: openssf.org/blog/2026/04/20/… Register for OpenSSF Community Day NA: events.linuxfoundation.org/o…
1
4
345
Load more