//
sign in
Profile
by @danabra.mov
Profile
by @dansshadow.bsky.social
Profile
by @jimpick.com
AviHandle
by @danabra.mov
AviHandle
by @dansshadow.bsky.social
AviHandle
by @katherine.computer
EventsList
by @katherine.computer
ProfileHeader
by @dansshadow.bsky.social
ProfileHeader
by @danabra.mov
ProfileMedia
by @danabra.mov
ProfilePlays
by @danabra.mov
ProfilePosts
by @danabra.mov
ProfilePosts
by @dansshadow.bsky.social
ProfileReplies
by @danabra.mov
Record
by @atsui.org
Skircle
by @danabra.mov
StreamPlacePlaylist
by @katherine.computer
+ new component
Profile
Loading...
Open Source Security Foundation (OpenSSF) Together, we're securing the open source ecosystem http://openssf.org #OSSSecurity #OpenSSFCommunity
OpenSSF
Loading...
The 2026 CRA Awareness & Readiness Report by The Linux Foundation Research and OpenSSF is officially out, and the data reveals a sobering reality for the global software ecosystem as the European CRA deadlines approach. Download the report: openssf.org/resources/pu...
13d
How do we move from isolated security patches to a systemic, resilient software supply chain? Read the #OpenSSFCommunity Day NA recap and see how the community has been unifying tools, navigating AI, and securing the OSS. openssf.org/blog/2026/06...
17d
OpenSSF
OpenSSF
How did the "Mini Shai-Hulud" attack compromise 170+ packages while maintaining valid SLSA Build L3 attestations? Read the full blog to see where SLSA’s boundaries fall and how to secure your pipeline with defense in depth. 🔗: openssf.org/blog/2026/06...
Learn why machine-readable security signals provide the practical foundation for automated due diligence. These signals function as voluntary mechanisms for upstream transparency, not formal assurances or a transfer of legal liability. Link in the comments.
Live from #OpenSSFCommunity Day North America! 🎉 We're celebrating an incredible quarter of growth and officially welcoming our newest members to the Foundation: ActiveState, Aikido Security, Minimus, TuxCare, and the FreeBSD Foundation! openssf.org/press-releas...
12d
24d
1mo
Abandoned projects introduce hidden risks into your software supply chain. On the latest episode of the What’s in the SOSS? podcast, host CRob sits down with Isaac Wuest from HeroDevs to examine End-of-Life (EOL) open source software. openssf.org/podcast/2026...
20d
The most underestimated career accelerator in technology may be open source. The skill that carries you furthest is not always the code. It is the art of influence. Listen to "Big Thoughts, Open Sources", where host CRob talks with Jamie Thomas from IBM. openssf.org/podcast/2026...
OpenSSF
OpenSSF
OpenSSF
We've seen a concerning rise in targeted attacks on upstream registries like npm and PyPI through malicious packages. But how do you actually defend against them day-to-day? Learn how to strengthen your supply chain security: openssf.org/blog/2026/05...
Read the blog: openssf.org/blog/2026/05...
6d
Meet Christopher "CRob" Robinson, Chief Security Architect at OpenSSF, speaking at the Open Source Policy Ecosystem Forum on June 8 in Brussels. He will explore "Open Technology Cybersecurity as a Global Collaboration Challenge." Secure your spot: https://bit.ly/4uAwAuj
1mo
OpenSSF
24d
24d
OpenSSF
OpenSSF
OpenSSF
Linux Foundation Europe
Video
Video
openssf.org
Aligning on Machine-Readable Signals as the Foundation for Due Diligence – Open Source Security Foundation