OpenSSF

Huge updates in the world of Open Source Security! 🔐

The #OpenSSF February Newsletter is out, and it is packed with resources for developers and security teams.

Stay ahead of the curve and check out the full breakdown here: https://openssf.org/newsletter/2026/02/26/openssf-newsletter-february-2026/

Maintainers: make your project’s security visible.

Start with the #OpenSSF Baseline and earn your badge:

🔗 https://openssf.org/blog/2026/02/25/getting-an-openssf-baseline-badge-with-the-best-practices-badge-system/

Now live: ROI for Open Source Software Contribution

The data is clear:
• 2 to 5x ROI
• Faster security response
• Less technical debt

Read the report: https://openssf.org/resources/roi-for-open-source-software-contribution/

#OpenSSF

AI is playing an increasing role in open source security.

Part of our #AIxCC series, @trailofbits shares lessons from DARPA’s challenge and how AI + fuzzing can deliver real results.

https://openssf.org/podcast/2026/02/09/whats-in-the-soss-podcast-53-s3e5-aixcc-part-3-buttercups-hybrid-approach-trail-of-bits-journey-to-second-place-in-aixcc/

AI is reshaping open source software and expanding the attack surface.

Join our Tech Talk on Securing Agentic AI to explore practical approaches to managing risk, trust, and control in AI-driven systems.

Plus, learn how to build your skills with #OpenSSF training.

Register: https://openssf.org/resources/tech-talks/tech-talk-securing-agentic-ai-in-practice-from-openssf-guidance-to-real-world-implementation/

Package repository security impacts every OSS ecosystem. 🔐

OpenSSF convened npm, PyPI, Maven Central, RubyGems, crates.io & more to tackle shared challenges -- from identity to governance and sustainability.

Read: https://openssf.org/blog/2026/02/19/advancing-package-repository-security-through-collaboration/

#OSSSecurity

End-of-Life (#EOL) software is creating permanent security risks that can’t be patched away.

Join us today at 11am EST as we unpack the 2026 State of the Software Supply Chain Report and share strategies to tackle "forever risks."

Save your spot: https://webinars.sonatype.com/wcc/eh/5011667/lp/5216592/modern-vulnerability-management?utm_source=partner&utm_medium=openssf&utm_campaign=sscr%20webinar

At #FOSDEM2026, the CRA in Practice DevRoom showed how developers, maintainers, foundations, & manufacturers are turning the EU #CRA into workflows, powered by open collaboration, practical tooling, and community-driven processes.

👉 Recap: https://openssf.org/blog/2026/02/17/eu-cyber-resilience-act-cra-in-practice-fosdem-2026-from-awareness-to-action/

From skeptics to believers.

Hear how Team Atlanta won DARPA’s AI Cyber Challenge (AIxCC) by combining fuzzing, symbolic execution, and LLMs to find and prove vulnerabilities in open source.

🎧 Listen: https://openssf.org/podcast/2026/02/09/whats-in-the-soss-podcast-52-s3e4-aixcc-part-2-from-skeptics-to-believers-how-team-atlanta-won-aixcc-by-combining-traditional-security-with-llms/

#SecuritySlam2026 is open for registration!

🔬 From Feb 20~Mar 20, OpenSSF is partnering with CNCF TAG Security & Compliance and Sonatype on a 30-day challenge focused on improving real-world security hygiene.

👉 Learn how to participate and register: https://openssf.org/blog/2026/02/13/security-slam-2026/

Modern compilers offer powerful annotation features that improve memory safety, correctness, diagnostics, and performance, but they’re often underused.

This #OpenSSF's new Compiler Annotations for C & C++ guide explains how to use them effectively.

🔗: https://openssf.org/blog/2026/02/12/fill-out-all-the-margins-%f0%9f%93%96-openssf-releases-compiler-annotations-guide-for-c-and-c/

⏰ The CFP for #OpenSSFCommunity Day North America is closing February 15.

Read the blog and learn about:
✅ The types of topics we’re looking for
✅ What makes a strong, community-driven proposal
✅ Key dates you don’t want to miss

https://openssf.org/blog/2026/02/10/have-a-security-lesson-worth-sharing-submit-a-talk-at-openssf-community-day-north-america/

New podcast 🎙️

How did the AI Cyber Challenge go from skepticism to success?

Start with AIxCC Part 1 – From Skepticism to Success and hear how #AIxCC reshaped thinking around AI + cybersecurity.

Part 1 kicks off a 4-episode series: https://openssf.org/podcast/2026/02/09/whats-in-the-soss-podcast-51-s3e3-aixcc-part-1-from-skepticism-to-success-the-ai-cyber-challenge-aixcc-with-andrew-carney/

Open Source #SecurityCon Europe 2026 is heading to Amsterdam 🇳🇱

This blog highlights speakers & perspectives from across the OpenSSF community, all bringing hands-on experience from production environments.

Read the blog: https://openssf.org/blog/2026/02/03/join-us-at-open-source-securitycon-europe-2026-in-amsterdam/

#OSSSecurity

CFPs don’t have to be scary.
Learn how to get your conference talk accepted, avoid common pitfalls, and show up with confidence. 🎤
New What’s in the SOSS episode out now.

https://openssf.org/podcast/2026/02/03/whats-in-the-soss-podcast-50-s3e2-demystifying-the-cfp-process-with-kubecon-north-america-keynote-speakers/

🔐 Open source security in 2026 is taking shape.

The January newsletter covers CRA readiness, 2026 themes, VEX adoption, AI security, and upcoming community events like #FOSDEM and Open Source SecurityCon Europe.

https://openssf.org/newsletter/2026/01/29/9519/

OpenSSF community will be at #FOSDEM2026 this week, bringing practical perspectives on CRA readiness, vulnerability intelligence, SBOMs, and software supply chain security 🔐

Read the blog and find out where to find us & what not to miss: https://openssf.org/blog/2026/01/28/openssfatfosdem/

#OSSSecurity

Season 3 of What’s in the SOSS? starts now 🎙️

We’re welcoming Sally Cooper as an official co-host and talking about why #marketing matters in open source, why trust is the real currency, and how people find their way into the OpenSSF community.

https://openssf.org/podcast/2026/01/27/whats-in-the-soss-podcast-49-s3e1-why-marketing-matters-in-open-source-introducing-co-host-sally-cooper/

🎉 We’re excited to share a new blog introducing OSSAfrica, an OpenSSF community-led initiative focused on strengthening open source security across Africa by bringing people together across roles, experience levels, and geographies.

Read: https://openssf.org/blog/2026/01/22/strengthening-open-source-security-through-community-introducing-ossafrica/

#OSSSecurity

“Open source provides inputs, not regulated products.” 🧩

Madalin explains why #CRA upstream self-attestation risks shifting responsibility to maintainers, and why automation, machine-readable metadata, and downstream accountability scale better.

https://openssf.org/blog/2026/01/21/preserving-open-source-sustainability-while-advancing-cybersecurity-compliance/

🎉 OpenSSF’s 2026 Themes are here, and so is Honk’s 2026 Vision Board, inspired by our new blog post that outlines the community roadmap for securing the future of open source!

Read the blog & see how themes align with our 2026 priorities: https://openssf.org/blog/2026/01/15/openssfs-2026-themes-a-community-roadmap-for-securing-the-future-of-open-source/

#OSSSecurity

🚨 CFP is open for #OpenSSFCommunity Day North America, and we want to hear from YOU!!

This is a community conference focused on sharing what’s working, what’s hard, and what others can learn.

🗓️ CFP closes: February 15

👉 Submit your proposal: https://events.linuxfoundation.org/openssf-community-day-north-america/program/cfp/#overview

ICYMI: The latest What’s in the SOSS? #podcast celebrates OpenSSF’s 5-year anniversary and recaps a huge year for open source security.

🎧 Listen here: https://openssf.org/podcast/2025/12/30/whats-in-the-soss-podcast-48-s2e25-2025-year-end-wrap-up-celebrating-5-years-of-open-source-security-impact/

Conference badges can mean more than a name 🎟️

Madalin shares what it has meant to represent the Open Source Security Foundation and The Linux Foundation across Europe 🌍 from #opensource events to policy rooms and standards discussions.

Read the story: https://openssf.org/blog/2026/01/09/collecting-badges-building-bridges-representing-openssf-and-linux-foundation-across-europe/

#OSSSecurity

🔍 VEX promises clarity in vulnerability management, but adoption is still uneven.

This #OpenSSF community paper looks at:
• What’s working (and what isn’t)
• CSAF vs OpenVEX vs SPDX vs CycloneDX
• Tooling gaps, trust, and regulation
...and more.

🔗: https://openssf.org/blog/2026/01/08/signal-in-the-noise-an-industry-wide-perspective-on-the-state-of-vex/

👀 Everyone’s talking about the #OSPSBaseline.

This new blog serves as a "Resource Hub" where you can learn what it is, see it in action, and understand how open source projects can improve security over time.

📎 Read: https://openssf.org/blog/2026/01/07/your-guide-to-the-openssf-osps-baseline-for-more-secure-open-source-projects/

📖 Part 2 of this blog series shares practical tips for using #AI in software development, avoiding “vibe coding,” & strengthening security through human review & intent.

Take a clear look at where AI helps, where it doesn’t, & what comes next: https://openssf.org/blog/2026/01/05/ai-software-development-security-tips-and-the-future-part-2/

🎙️ "What's in the SOSS?" Podcast Season Finale is live!

Join co-hosts CRob & Yesenia for a special season finale celebrating OpenSSF’s 5th anniversary, & a look back at a truly transformative year for open source security. 🛡️

🎧 Listen: https://openssf.org/podcast/2025/12/30/whats-in-the-soss-podcast-48-s2e25-2025-year-end-wrap-up-celebrating-5-years-of-open-source-security-impact/

#OSSSecurity