#Netherlands #Amsterdam #OpenSSF #AI/ML Security #Golden Egg Award

OpenSSF Community Day Europe: Celebrating Achievements in Open Source Security

On August 28, 2025, the Open Source Security Foundation (OpenSSF) hosted its Community Day Europe in Amsterdam, showcasing the significant strides made in the realm of open-source security, specifically focusing on AI/ML initiatives. This event served as a platform to honor outstanding contributors through the prestigious Golden Egg Awards, which symbolize recognition for those going above and beyond in securing essential open-source projects.

Honoring the Golden Egg Award Recipients

The Golden Egg Awards highlighted the selflessness and dedication of individuals who have made notable contributions to the open-source community. Among this year's recipients were:

• - Ben Cotton (Kusari) for his work on GUAC and the OSPS Baseline.
• - Kairo de Araujo (Eclipse Foundation), recognized for maintaining RSTUF and involvement in security working groups.
• - Katherine Druckman, acclaimed for her commitment to community development and developer relations.
• - Eddie Knight (Sonatype), honored for advancements in OSPS Baseline and promoting security education.
• - Georg Kunz (Ericsson), acknowledged for leadership in the Best Practices Working Group.

These awards underscore the essential role these individuals play in enhancing the security landscape of open-source software.

Major Achievements in AI/ML Security

The OpenSSF has reported several key milestones as part of its ongoing mission to bolster open-source security. Some of these accomplishments include:
1. Whitepaper Release: The AI/ML Security Working Group published a whitepaper detailing how to secure the AI lifecycle. It maps out the OWASP ML Top 10 threats across MLOps stages and introduces tools like Sigstore and OpenSSF Scorecard.
2. AI Cyber Challenge Success: OpenSSF participated in the AI Cyber Challenge (AIxCC) at DEF CON, acting as an advisor and planning to collaborate with DARPA and ARPA-H to open source the winning systems.
3. Cybersecurity Skills Framework Launch: This framework serves as a global reference that helps organizations navigate essential cybersecurity competencies across various IT job roles.
4. Cyber Resilience Act Guide for OSS Developers: This guide illuminates when CRA requirements apply to open-source maintainers and lays out their obligations, complete with a free online course for deeper understanding.
5. Global Cyber Policy Working Group: To address and collaborate on global cybersecurity legislation, this new initiative focuses initially on the EU's Cyber Resilience Act regulations.

Strengthening Global Community Engagement

OpenSSF's influence continues to spread internationally, with Community Days engaging record numbers of participants. The events have seen strong turnout in various countries, highlighting the growing importance of open-source security completely geared toward community involvement.

The organization is proactively expanding its reach not just in Europe but worldwide, demonstrating the need for collective responsibility in security practices that affect all users and contributors to open-source software.

Moving Forward

As the complexities of securing global technology infrastructure grow, the OpenSSF remains committed to being a dependable ally for ensuring the reliability, security, and universal trust in open source software. With their continuous efforts in community engagement, they are not only addressing current challenges but also paving the way for future standards in software security.

Steve Fernandez, General Manager at OpenSSF, emphasized the necessity for a collaborative approach to secure AI and ML landscapes, asserting, "With our MLSecOps initiatives and community policy education, we provide practical tools and guidance to organizations, enabling them to identify vulnerabilities and forge a strong sense of trust throughout the technology deployment process."

By valuing both security education and community involvement, OpenSSF is positioned to lead the charge in ensuring the safety and integrity of open-source projects globally.

For anyone involved in open-source software, staying informed and engaged with organizations like OpenSSF not only enhances security awareness but also contributes to a safer digital world.

Future Events and Their Impact

OpenSSF will host further engagements this fall, including participation in the Linux Foundation Europe Member Summit and Roadshow, both set to occur in Ghent, Belgium. These events are critical opportunities for collaboration among open source leaders, policymakers, and security experts, all aimed at progressing the dialogue around open-source software security. As each event unfolds, the steadily rising attendance signals a strong commitment from the community to tackle the evolving security landscape together.