OpenSSF

The Unexpected Swag from KubeCon EU 2026 KubeCon EU 2026 Amsterdam was a great edition. I walked away with good conversations, new connections, and the usual conference bag full of stickers. But one thing stood out among the swag: six months of GitHub Copilot Pro+, courtesy of GitHub. I’m not going to pretend I wasn’t excited. Copilot Pro+ isn’t cheap, and having it handed to you as conference loot—just because you showed up in the right place, accepting the right invitation—felt like a proper thank-you to the community. GitHub clearly knows its audience. ...

In the last few days, we’ve witnessed a significant milestone for the global software ecosystem. A powerhouse coalition of tech leaders (including Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI) has committed $12.5 million in grant funding to advance open-source security. This isn’t just another corporate donation; it’s a strategic investment in the very foundation of modern technology. Why This Matters Now Open-source software (OSS) is the bedrock of everything from cloud infrastructure to the apps on your phone. However, as the ecosystem grows, so do the threats. We are currently seeing an “unprecedented influx” of security vulnerabilities, many discovered by automated AI systems. ...

It’s December 27th, and like most of you, I’m somewhere between “fully checked out for the holidays” and “can’t stop tinkering with new tools on my laptop.” Nobody’s at work. Teams is shut down and Slack is quiet. The corporate VPN can wait until January. But my curiosity? That’s working overtime. A couple of weeks ago, I discovered Fresh, a Rust-based terminal text editor that feels like it was designed specifically for people like me who live in terminals. Here’s what caught my attention: ...

OpenSSF, the Open Source Security Foundation, is an influential collaborative initiative under the Linux Foundation dedicated to improving open source software security. Bringing together industry leaders, security experts, and developers, OpenSSF drives broad community efforts to address vulnerabilities, foster best practices, and enhance transparency across software supply chains. Among its standout contributions is the advocacy and tooling development around Software Bill of Materials (SBOMs), which have rapidly become indispensable for managing security risks in modern software ecosystems. ...

Today, I want to share with you a new initiative by OpenSSF called the Open Source Project Security Baseline. The TL;DR: This initiative consists of a series of checks that project maintainers must have in place in their software repositories to demonstrate a strong security posture. The baseline is divided into three well defined levels. I find this to be an interesting and practical initiative, easy to apply for improving and certifying a project’s security level. ...

I’ll start with a premise for those who may not already be familiar: the open-source software ecosystem often revolves around foundations, with the most famous probably being the Linux Foundation. In the cloud-native domain, the reference foundation is the Cloud Native Computing Foundation, commonly known as CNCF. CNCF is a foundation created by the Linux Foundation in 2015, specifically to manage projects in the cloud-native domain. In simple terms, it can be defined as a third-party, vendor-neutral entity that oversees the development and activities related to major projects involving containerized technologies like Kubernetes. ...