#osssecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #osssecurity, aggregated by home.social.
-
Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!
Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.
You can read more about CVE-2026-41651 on the security researcher's blog:
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html -
Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!
Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.
You can read more about CVE-2026-41651 on the security researcher's blog:
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html -
Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!
Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.
You can read more about CVE-2026-41651 on the security researcher's blog:
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html -
Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!
Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.
You can read more about CVE-2026-41651 on the security researcher's blog:
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html -
Forgot your root password? No problem! With #PackageKit <= 1.3.4 you can do all the fun root action on any Linux system you have local access to, no privileges required!
Don't like that? Then PLEASE UPDATE your system ASAP to PackageKit >= 1.3.5 or any fixed distro package. Fixes for this vulnerability should already be available everywhere since today.
You can read more about CVE-2026-41651 on the security researcher's blog:
https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.html -
#AgenticAI is moving fast -- but is it secure? 🤖🔐
📅 Join us for an OpenSSF Tech Talk on the practical realities of securing agentic systems on March 17, 1PM ET!
Hear from experts from Microsoft, Canonical, TestifySec, and Thread AI!
-
Think you need special permission to contribute to OpenSSF? Think again. ❌
#OSSSecurity thrives on diverse perspectives. Whether you’re into AI/ML security, policy, or dev best practices, there’s a seat at the table for you. 🪑
-
Package repository security impacts every OSS ecosystem. 🔐
OpenSSF convened npm, PyPI, Maven Central, RubyGems, crates.io & more to tackle shared challenges -- from identity to governance and sustainability.
Read: https://openssf.org/blog/2026/02/19/advancing-package-repository-security-through-collaboration/
-
Open Source #SecurityCon Europe 2026 is heading to Amsterdam 🇳🇱
This blog highlights speakers & perspectives from across the OpenSSF community, all bringing hands-on experience from production environments.
Read the blog: https://openssf.org/blog/2026/02/03/join-us-at-open-source-securitycon-europe-2026-in-amsterdam/
-
OpenSSF community will be at #FOSDEM2026 this week, bringing practical perspectives on CRA readiness, vulnerability intelligence, SBOMs, and software supply chain security 🔐
Read the blog and find out where to find us & what not to miss: https://openssf.org/blog/2026/01/28/openssfatfosdem/
-
🎉 We’re excited to share a new blog introducing OSSAfrica, an OpenSSF community-led initiative focused on strengthening open source security across Africa by bringing people together across roles, experience levels, and geographies.
-
🎉 OpenSSF’s 2026 Themes are here, and so is Honk’s 2026 Vision Board, inspired by our new blog post that outlines the community roadmap for securing the future of open source!
Read the blog & see how themes align with our 2026 priorities: https://openssf.org/blog/2026/01/15/openssfs-2026-themes-a-community-roadmap-for-securing-the-future-of-open-source/
-
Conference badges can mean more than a name 🎟️
Madalin shares what it has meant to represent the Open Source Security Foundation and The Linux Foundation across Europe 🌍 from #opensource events to policy rooms and standards discussions.
Read the story: https://openssf.org/blog/2026/01/09/collecting-badges-building-bridges-representing-openssf-and-linux-foundation-across-europe/
-
🎙️ "What's in the SOSS?" Podcast Season Finale is live!
Join co-hosts CRob & Yesenia for a special season finale celebrating OpenSSF’s 5th anniversary, & a look back at a truly transformative year for open source security. 🛡️
-
🎉 The 2025 OpenSSF Annual Report has officially arrived!!!
We invite you to celebrate another year of progress, creativity, and collaboration shaping a safer, more resilient open source community.
Download the report: https://openssf.org/download-the-2025-openssf-annual-report/
-
🌟 New OpenSSF Project Spotlight 💃
In this interview, SLSA Steering Committee member Tom Hennen (Google) breaks down how SLSA is helping organizations strengthen trust across the software supply chain.
Watch the full Project Spotlight:
🔗 https://www.youtube.com/watch?v=gdYlSuH5Srs -
Last week at #KubeCon, Stacey and Adolfo delivered one of the most memorable and entertaining keynotes.
This recap breaks down what happened on stage and why it captured so much attention across the conference. Read now: https://openssf.org/blog/2025/11/19/kubecon-keynote-recap-supply-chain-reaction-and-why-the-osps-baseline-matters-more-than-ever/
-
💬 Last month, @linuxfoundation Europe, OpenSSF, and CEPS brought the open source community together in Ghent and Brussels for a full week of conversations on security, collaboration, and Europe’s digital future.
Read the recap: https://openssf.org/blog/2025/11/17/recap-open-source-security-week-in-belgium-highlights-from-ghent-to-brussels/
-
Join us at #KubeCon for a deep-dive on SBOMit -- a build-time technique for generating in-toto attestations and using them to produce SBOMs that don’t miss dependencies.
📅 Tue, Nov 11, 2025
🕑 2:00–5:00 PM
📍 Building B | Level 2 | Room B213 -
🚆 From Ghent to Brussels!
At the end of October, OpenSSF, the Linux Foundation, and Linux Foundation Europe will host three gatherings advancing security, policy, and collaboration across Europe’s open source ecosystem.
👉 Learn more: https://openssf.org/blog/2025/09/19/from-ghent-to-brussels-openssfs-week-of-policy-and-security-in-europe/
-
On August 15, GitHub’s Open Source Friday spotlighted the OpenSSF Global Cyber Policy WG in a live session hosted by Kevin Crosby, GitHub.
📖 Read the recap blog, watch the replay, and explore ways you can join the conversation: https://openssf.org/blog/2025/09/11/open-source-friday-with-openssf-global-cyber-policy-working-group/
-
🌏 #India is rapidly climbing the charts in OSS contributions. But as Ram Iyengar notes, “They were doing all of this with zero awareness of security.”
Learn how OpenSSF's building India's #OSSSecurity community: https://openssf.org/blog/2025/07/21/building-indias-open-source-security-community-join-us-in-hyderabad/
Join us: https://events.linuxfoundation.org/openssf-community-day-india/register/
-
Welcome to the OpenSSF family, OpenBao Project! 🎉
#OpenBao is a new sandbox project focused on secure secrets and encryption management—originally forked from Vault & now evolving to serve open source communities even better.
Read the blog: https://openssf.org/blog/2025/06/17/openbao-joins-the-openssf-to-advance-secure-secrets-management-in-open-source/
-
🚨 It’s happening at 1PM ET—don’t miss it!
🎙️ CRA-Ready: How to Prepare Your Open Source Project for EU Cybersecurity Regulations
🔗 Register now: https://openssf.org/resources/tech-talks/tech-talk-cra-ready/
📍 Where: Zoom!What does the EU’s #CRA mean for open source—and how can your project stay ahead?
-
🚨 CI/CD attacks are on the rise.
New blog breaks down recent tj-actions & reviewdog breaches—and offers practical tips for hardening GitHub Actions workflows.
A must-read for open source maintainers: https://openssf.org/blog/2025/06/11/maintainers-guide-securing-ci-cd-pipelines-after-the-tj-actions-and-reviewdog-supply-chain-attacks/
-
🧰 #SBOMs are the foundation of understanding your software supply chain, but picking the right tool can be tricky. In a new blog post, Nathan walks through key SBOM generation tools—from single-language options to multi-language solutions like cdxgen, syft, and tern.
Read the guest blog: https://openssf.org/blog/2025/06/05/choosing-an-sbom-generation-tool/
-
There’s still time to submit your talk for #OpenSSFCommunity Day Europe, happening on 28 August in Amsterdam! 🇳🇱
🗓️ CFP closes 26 May at 23:59 CEST
📖 Read the blog: https://openssf.org/blog/2025/05/09/call-for-proposals-for-openssf-community-day-europe-open-through-26-may-2025/
🎤 Submit your proposal now: https://events.linuxfoundation.org/openssf-community-day-europe/program/cfp/ -
🚨 Last chance to submit your talk!
The CFP for #OpenSSFCommunity Day India closes May 4 (Sunday).
Join us in Hyderabad for a day focused on open source security 🔐
🎤 Submit your proposal now: https://events.linuxfoundation.org/openssf-community-day-india/program/cfp/
-
⏰ Last call! The #RustConf 2025 CFP closes today!
Join us in beautiful #Seattle — or online — for 2+ days of Rust programming talks, hands-on workshops, UnConference sessions, and more.
Submit your proposal now: https://sessionize.com/rustconf-2025
-
📣 Excited to host the OpenSSF #OSSSecurity Meetup May 20 at Fujitsu Yokohama Hub!
Topics: #SBOM Everywhere, Security Tooling WG, #CRA deep dive.
Seats limited — register by May 19! 🔗 https://www.linuxfoundation.jp/events/2025/04/oss-security-meetup-at-fujitsu-yokohama-hub-on-may-20/ -
The #OpenSSF Memory Safety SIG just released the #MemorySafety Continuum!
Practical steps to tackle memory safety risks and strengthen #OSSSecurity — no matter where you are today.
👉 Read more: https://https://openssf.org/blog/2025/04/28/announcing-the-release-of-the-memory-safety-continuum/ -
🌟 Community Day India is back! 🌟
Co-located with #KubeCon India, this is your chance to engage with the brightest minds in software security.
🎤 Submit your proposal by Sunday, April 27.
https://events.linuxfoundation.org/openssf-community-day-india/
#OpenSSF #OpenSSFCommunity #OSSSecurity -
⏪ OpenSSF had a strong presence at #FOSDEM 2025, from the Global Cybersecurity Legislation Preparedness Initiative to SBOMs, supply chain security & compliance.
Read the event recap: https://openssf.org/blog/2025/02/27/fosdem-2025-openssf-community-wrap-up/
#OSSSecurity -
📣 KCD New York 2025 is calling on security experts to share their insights on securing cloud-native technologies!
📅 CFP Closes: Friday, Feb 28, 2025, at 11:59 PM EST
📢 Submit now: https://sessionize.com/kcd-new-york-2025/ -
🛡️ Over 90% of modern apps rely on open source components, but are they secure?
The #OpenSSFScorecard helps assess #OSSsecurity yet adoption is uneven. A centralized dashboard like Ortelius could change the game.
-
📅 Towards the end of 2024, OpenSSF proudly hosted the inaugural #SOSSCommunity Day India, and we’re excited to share that it was a tremendous success!
👉 Check out the wrap-up blog to relive the highlights and explore the key takeaways. https://openssf.org/blog/2025/01/03/soss-community-day-india-2024-wrap-up/
#OpenSSF #OSS #OSSSecurity #OpenSource #supplychainsecurity #Cybersecurity
-
📅 Towards the end of 2024, OpenSSF proudly hosted the inaugural #SOSSCommunity Day India, and we’re excited to share that it was a tremendous success!
👉 Check out the wrap-up blog to relive the highlights and explore the key takeaways. https://openssf.org/blog/2025/01/03/soss-community-day-india-2024-wrap-up/
#OpenSSF #OSS #OSSSecurity #OpenSource #supplychainsecurity #Cybersecurity
-
📅 Towards the end of 2024, OpenSSF proudly hosted the inaugural #SOSSCommunity Day India, and we’re excited to share that it was a tremendous success!
👉 Check out the wrap-up blog to relive the highlights and explore the key takeaways. https://openssf.org/blog/2025/01/03/soss-community-day-india-2024-wrap-up/
#OpenSSF #OSS #OSSSecurity #OpenSource #supplychainsecurity #Cybersecurity
-
📅 Towards the end of 2024, OpenSSF proudly hosted the inaugural #SOSSCommunity Day India, and we’re excited to share that it was a tremendous success!
👉 Check out the wrap-up blog to relive the highlights and explore the key takeaways. https://openssf.org/blog/2025/01/03/soss-community-day-india-2024-wrap-up/
#OpenSSF #OSS #OSSSecurity #OpenSource #supplychainsecurity #Cybersecurity
-
📅 Towards the end of 2024, OpenSSF proudly hosted the inaugural #SOSSCommunity Day India, and we’re excited to share that it was a tremendous success!
👉 Check out the wrap-up blog to relive the highlights and explore the key takeaways. https://openssf.org/blog/2025/01/03/soss-community-day-india-2024-wrap-up/
#OpenSSF #OSS #OSSSecurity #OpenSource #supplychainsecurity #Cybersecurity
-
👏 That's a wrap for our first SOSS Community Day in India! 🎉 Thanks to the community for sharing your insights and expertise on #OSSSecurity. As we close out our 2024 events, we’re excited for what’s to come in 2025! 🚀
#SOSSCommunity -
👏 That's a wrap for our first SOSS Community Day in India! 🎉 Thanks to the community for sharing your insights and expertise on #OSSSecurity. As we close out our 2024 events, we’re excited for what’s to come in 2025! 🚀
#SOSSCommunity -
👏 That's a wrap for our first SOSS Community Day in India! 🎉 Thanks to the community for sharing your insights and expertise on #OSSSecurity. As we close out our 2024 events, we’re excited for what’s to come in 2025! 🚀
#SOSSCommunity -
👏 That's a wrap for our first SOSS Community Day in India! 🎉 Thanks to the community for sharing your insights and expertise on #OSSSecurity. As we close out our 2024 events, we’re excited for what’s to come in 2025! 🚀
#SOSSCommunity -
👏 That's a wrap for our first SOSS Community Day in India! 🎉 Thanks to the community for sharing your insights and expertise on #OSSSecurity. As we close out our 2024 events, we’re excited for what’s to come in 2025! 🚀
#SOSSCommunity -
💡 Engage, Learn, Innovate!
Join us at #SOSSCommunity
Day India to explore cutting-edge solutions for open source security. With sessions on education, tooling, and innovation, it’s the place to connect with experts and potential collaborators. -
💡 Engage, Learn, Innovate!
Join us at #SOSSCommunity
Day India to explore cutting-edge solutions for open source security. With sessions on education, tooling, and innovation, it’s the place to connect with experts and potential collaborators. -
💡 Engage, Learn, Innovate!
Join us at #SOSSCommunity
Day India to explore cutting-edge solutions for open source security. With sessions on education, tooling, and innovation, it’s the place to connect with experts and potential collaborators. -
💡 Engage, Learn, Innovate!
Join us at #SOSSCommunity
Day India to explore cutting-edge solutions for open source security. With sessions on education, tooling, and innovation, it’s the place to connect with experts and potential collaborators. -
💡 Engage, Learn, Innovate!
Join us at #SOSSCommunity
Day India to explore cutting-edge solutions for open source security. With sessions on education, tooling, and innovation, it’s the place to connect with experts and potential collaborators.