OpenSSF

About OpenSSF:

The Open Source Security Foundation (OpenSSF) is a cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all.

Learn more here: https://openssf.org/

12-02-2025 WG-BEAR Regular Meeting

12-02-2025 WG-BEAR Regular Meeting
Trust, Track, and Verify: Securing AI Pipelines End-to-End - Adolfo Garcia & Jun (Victor) Lu

Trust, Track, and Verify: Securing AI Pipelines End-to-End - Adolfo Garcia & Jun (Victor) Lu
OSCAL in Action: Real World Examples of Automating Policy & Compliance - J. Power & H. Braswell

OSCAL in Action: Real World Examples of Automating Policy & Compliance - J. Power & H. Braswell
Threat Modeling for Kubernetes: Enhancing Security Posture in Complex and Regulated E... M. Coquerel

Threat Modeling for Kubernetes: Enhancing Security Posture in Complex and Regulated E... M. Coquerel
How Secure Is Academic Open Source? Insights From the UC OSPO Network - Juanita Gomez, UCSC

How Secure Is Academic Open Source? Insights From the UC OSPO Network - Juanita Gomez, UCSC
You Can Sign It, But Can You Trust It? Securing the Compilation Process - Yaxuan (Alice) Wen, NYU

You Can Sign It, But Can You Trust It? Securing the Compilation Process - Yaxuan (Alice) Wen, NYU
Panel: Turn Down That Noise: Why the OpenSSF Security Baseline Is Good for Maintainers

Panel: Turn Down That Noise: Why the OpenSSF Security Baseline Is Good for Maintainers
Open Source SecurityCon | Welcome + Opening Remarks - John Kjell & Marina Moore

Open Source SecurityCon | Welcome + Opening Remarks - John Kjell & Marina Moore
Driving Policy To Secure the Open Source Ecosystem - Jack Cable, Corridor

Driving Policy To Secure the Open Source Ecosystem - Jack Cable, Corridor
Lightning Talk: Where Should Source Attestations Live? Exploring Storage Strategies - Billy Lynch

Lightning Talk: Where Should Source Attestations Live? Exploring Storage Strategies - Billy Lynch
Sponsored Keynote: Breaking Up with Long-lived Secrets: Secure Automation in the Modern... B. Lynch

Sponsored Keynote: Breaking Up with Long-lived Secrets: Secure Automation in the Modern... B. Lynch
Sponsored Keynote: The Long Arc of Digital Rights: Securing our Open Source Future - Emily Fox

Sponsored Keynote: The Long Arc of Digital Rights: Securing our Open Source Future - Emily Fox
Open Source SecurityCon | Closing Remarks - John Kjell & Marina Moore, Program Committee Co-Chairs

Open Source SecurityCon | Closing Remarks - John Kjell & Marina Moore, Program Committee Co-Chairs
Lightning Talk: Moving Academia Toward Practice Through Accreditation - Justin Cappos, NYU

Lightning Talk: Moving Academia Toward Practice Through Accreditation - Justin Cappos, NYU
Spice Check: Building an E2E SLSA Implementation - Adolfo García Veytia, Carabiner Systems

Spice Check: Building an E2E SLSA Implementation - Adolfo García Veytia, Carabiner Systems
The Whole Is Greater Than the Sum of Its Parts: A Case for Interoperable... H. Blauzvern & M. Melara

The Whole Is Greater Than the Sum of Its Parts: A Case for Interoperable... H. Blauzvern & M. Melara
Dirty Dancing - Untrustworthy SLSA Build Provenance - John Kjell, ControlPlane

Dirty Dancing - Untrustworthy SLSA Build Provenance - John Kjell, ControlPlane
Securing Cloud-Native Workloads from the Metal Up - Tyler Schade, GEICO

Securing Cloud-Native Workloads from the Metal Up - Tyler Schade, GEICO
Panel: Balancing Developer Freedom and Security - A. Mouat, C. Morris, G. Saxena, M. Eagan, A. Zenla

Panel: Balancing Developer Freedom and Security - A. Mouat, C. Morris, G. Saxena, M. Eagan, A. Zenla
Who Let the Agents Out? Securing AI Workflows the Right Way - Mariusz Sabath & Maia Iyer, IBM

Who Let the Agents Out? Securing AI Workflows the Right Way - Mariusz Sabath & Maia Iyer, IBM
Lightning Talk: AIxCC Results and New Open Source AI Projects To Help Secure Open Sourc... J. Diecks

Lightning Talk: AIxCC Results and New Open Source AI Projects To Help Secure Open Sourc... J. Diecks
Achieving Positive Outcomes Across Ecosystems: Security Audits in Action - Amir Montazery

Achieving Positive Outcomes Across Ecosystems: Security Audits in Action - Amir Montazery
The State of Git Security With SLSA and Gittuf - Patrick Zielinski & Aditya Sirish A Yelgundhalli

The State of Git Security With SLSA and Gittuf - Patrick Zielinski & Aditya Sirish A Yelgundhalli
Lightning Talk: Baking a Security Community From Scratch - Helen Woeste, OSTIF

Lightning Talk: Baking a Security Community From Scratch - Helen Woeste, OSTIF
Спонсируемый основной доклад: Переосмысление цепочки поставок программного обеспечения: доверие, ...

Спонсируемый основной доклад: Переосмысление цепочки поставок программного обеспечения: доверие, ...
Панель: На что мы полагаемся в ИИ? Обеспечение будущего: по одному агенту за раз

Панель: На что мы полагаемся в ИИ? Обеспечение будущего: по одному агенту за раз
Lightning Talk: Federate, Scale, and Secure: Practical SPIFFE/SPIRE for Containers, VMs... A. Telang

Lightning Talk: Federate, Scale, and Secure: Practical SPIFFE/SPIRE for Containers, VMs... A. Telang
Applying DevSecOps Lessons To MLSecOps - Sarah Evans, Dell Technologies

Applying DevSecOps Lessons To MLSecOps - Sarah Evans, Dell Technologies
What Doesn’t Kill You Makes You Stronger: The Vulnerabilities That Red... D. Serero & M. Katchinskiy

What Doesn’t Kill You Makes You Stronger: The Vulnerabilities That Red... D. Serero & M. Katchinskiy