🔐 Security is everyone’s business. At Open Source #SecurityCon (Nov 10 in Atlanta) you’ll dig into supply chain security, secure dev practices, identity, policy, and more. Grab your All-Access Pass for #KubeCon + #CloudNativeCon and get access to this + all CNCF-hosted co-los.

Join us at #KubeCon for a deep-dive on SBOMit -- a build-time technique for generating in-toto attestations and using them to produce SBOMs that don’t miss dependencies. 📅 Tue, Nov 11, 2025 🕑 2:00–5:00 PM 📍 Building B | Level 2 | Room B213

Hedera’s Hashgraph replaces blockchain’s linear chain of blocks with a Directed Acyclic Graph (DAG), where transactions confirm each other asynchronously, similar to how news spreads by word of mouth The result: parallel consensus, sub-second finality, high throughput & low fees

How can open source maintainers prove their project’s security posture? 💬 Learn about the OSPS Baseline in our latest What’s in the SOSS? discussion with Ben Cotton & Eddie Knight. https://t.co/TEaukc4BHl #OpenSSF

ICYMI 👻 Attackers are using AI… and it’s spooky. Great insights from Hugo Huang + @Canonical on why securing AI is the next battleground and how open source helps. Read more 👉 https://t.co/8j0my09J7B #OpenSSF

🚨 Zarf Tech Talk happening next Thursday 2PM ET! Join experts from Defense Unicorns, Sonatype, and Boeing next week too see how #Zarf keeps #Kubernetes and cloud-native workloads running smoothly in air-gapped environments. Register: https://t.co/pp8uQxjrvF

Catch all the action and excitement: NWA on Roku airs for free every Tuesday on Roku Sports at 8 pm ET with replays on Tuesday at 11:00 PM ET / 8:00 PM PT, Saturday afternoons, + on demand.

Stay informed in the fast-moving world of open source security. The October #OpenSSF Newsletter covers AI security, SBOM evolution, Scorecard improvements, and upcoming events built for developers. Read the full update: https://t.co/134MBWhTOi

📣 Our next Tech Talk is around the corner. Hear from experts from Defense Unicorns, Boeing, and Sonatype as they talk about how OpenSSF project #Zarf simplifies software delivery in disconnected or semi-connected environments. 📅 Sign-up now: https://t.co/pp8uQxjrvF #openssf

Join us at #PyTorchConference TODAY for a Birds of a Feather session: Applying DevSecOps Lessons to MLSecOps. Who's speaking: • Jeff Diecks, Technical Project Manager, OpenSSF • @mihaimaruseac, Staff Software Engineer, Google https://t.co/W7LAClz4dx

The global push for #SBOM standards is reshaping how we approach cybersecurity and transparency. 🌍 Explore how the EU #CRA, CISA, and @OpenSSF efforts are aligning global software supply chain security. https://t.co/QLqA6gXyQl

💬 “You are not alone. It’s totally OK to ask for help.” — Seth Larson In this week’s What's In the SOSS podcast, Seth Larson joins host Yesenia Yser to talk about trust, maintainers, and building security together. 🎧 Listen: https://t.co/FIghDf7HZf #OpenSSFCommunity

❓What’s new in the #OSPS Baseline? The latest release (v2025-10-10) refines guidance across access control, build & release practices, and documentation, making it easier for maintainers to adopt and demonstrate strong security practices. https://t.co/dhzTnPlzP9

💚 #OSS thrives when communities are welcoming and inclusive. Listen to the latest GR-OSS OUT Podcast from G-Research, Tabatha DiDomenico & Stacey Potter from OpenSSF 🎧

🚀 Ready to build software securely in the age of #AI? AI code assistants can boost productivity, but they can also introduce real security risks. Earn your digital badge in just one hour and write safer, smarter code. 📘 https://t.co/h2k7ItzIgH 👉 https://t.co/G2RXddSp6J

42 is the answer to life, the universe… and everything. For #OpenSSF, it’s the answer to secure AI development. Listen to What’s in the SOSS? Episode #42 ft. David A. Wheeler + the launch of LFEL1012 🎧 Listen → https://t.co/sIrTa1ZURm 🎓 Enroll → https://t.co/NMsj8Yft0I

🎉 The new #Sigstore Rekor transparency log public dataset is now available on BigQuery! This dataset makes it easier for researchers to analyze software signing trends & understand how artifacts are signed across the open source ecosystem. 🔗Read: https://t.co/pwurRUcER0

Heading to #PyTorchCon 2025? Don’t miss our BoF on Applying DevSecOps Lessons to MLSecOps (Oct 23 | 10:30 AM PDT). Join Jeff Diecks + @MihaiMaruseac as we explore secure AI/ML development with the OpenSSF AI/ML Security WG. 👉 https://t.co/ycx2F0K6Pu

The @OSTIFofficial recently completed a security audit of #OpenSSFScorecard. With support from the OpenSSF, this audit covered five core repositories and included threat modelling, manual code review, and fuzz testing. . Read to learn more:🔗 https://t.co/Ef7r5U4ERT

Financial services run on open source, and #OpenSSF is helping make it more secure. At #OSFF, our community is leading sessions on: 🔹 OSPS Baseline 🔹 CVE & vulnerability data 🔹 AI security 📖Read the blog: https://t.co/szTmnvzJXW

Security is no longer optional -- it’s essential. Join us at #OpenSource SecurityCon (co-located with #KubeCon + #CloudNativeCon North America 2025) to learn, connect & collaborate on the future of secure software. Read more 👇 🔗 https://t.co/iwdFKoXqng

New #podcast episode 🎙️ AI agents are changing the game for open source security. CRob talks with John Amaral of https://t.co/HuHYHPsYzS about the shift from scanning to fixing first. Listen → https://t.co/dNduNiuqUX

Register: https://t.co/oTP55HOS1N