Submit your CFP for OpenSSF Community Day Europe 2026

Submit Your Proposal by July 12, 2026

The Open Source Security Foundation (OpenSSF) is a community of software developers, security engineers, and more who are working together to secure open source software for the greater public good.

Collaborate on capabilities and best practices that secure open source software.

Participate in the latest community conversations and engage with experts.

Take free courses on secure coding practices as part of our certificate program.

Explore our helpful security guides to help secure your project from the start.

Projects

👁 Image

GUAC

Directed, actionable insights into the security of your software supply chain.

Learn More
👁 Image

OSPS Baseline

Structured security requirements aligned with international frameworks, standards, and regulations.

Learn More
👁 Image

Sigstore

Sigstore is a standard for signing, verifying, and protecting software.

Learn More
👁 Image

SLSA

Safeguarding artifact integrity across any software supply chain.

Learn More

Working Groups

👁 Image

AI/ML Security

Using AI securely ("security for AI") and using AI to improve security of other products ("AI for security").

Learn More
👁 Image

Global Cyber Policy

Multi-discipline approach to international regulation and legislation and application of cybersecurity frameworks.

Learn More
👁 Image

Supply Chain Integrity

Helping people understand and make decisions on the provenance of the code they maintain, produce and use.

Learn More
👁 Image

Vulnerability Disclosures

Improving the overall security of the OSS ecosystem by helping advance vulnerability reporting and communication.

Learn More

OpenSSF Hosted Events

OpenSSF events are a great opportunity to get involved with the OpenSSF community across the security and open source ecosystem. Join us and share ideas, progress, and collaborate on securing open source software.

Read the Latest Reports From OpenSSF

Securing Open Source in the Age of AI

Securing Open Source in the Age of AI

Gemara: A Governance, Risk, and Compliance Engineering Model for Automated Risk Assessment

Gemara: A Governance, Risk, and Compliance Engineering Model for Automated Risk Assessment

Recent Blog Posts

👁 Image
BlogGuest BlogMini Shai-Hulud: Where SLSA’s Boundaries Fall
June 10, 2026

Mini Shai-Hulud: Where SLSA’s Boundaries Fall

The “Mini Shai-Hulud” attack chained a GitHub Actions workflow misconfiguration, cache poisoning, and OIDC token extraction to publish malicious packages through legitimate CI/CD pipelines.
👁 Image
BlogThe “Skyway” to OSS Security: OpenSSF Community Day North America 2026 Recap
June 5, 2026

The “Skyway” to OSS Security: OpenSSF Community Day North America 2026 Recap

The open source community recently gathered in Minneapolis for Open Source Summit North America and OpenSSF Community Day North America 2026. Functioning as a collaborative “Skyway,” the Open Source Security…
👁 Image
BlogEU Cyber Resilience ActAligning on Machine-Readable Signals as the Foundation for Due Diligence
May 29, 2026

Aligning on Machine-Readable Signals as the Foundation for Due Diligence

By Madalin Neag, EU Policy Advisor, OpenSSF Introduction The software supply chain has reached a level of complexity where manual oversight is no longer a viable strategy for security or…

Open source software is pervasive in data centers, consumer devices, and applications. Securing open source software requires fostering collaboration, establishing best practices, and developing innovative solutions.

Join the growing list of organizations supporting the advancement of securing open source technology and funding the development and adoption of OpenSSF initiatives.

Explore Membership in OpenSSF