OpenSSF adds five members & new security resources

The Open Source Security Foundation has added five new members and reported new technical resources and community programmes.

ActiveState, Aikido, Minimus and TuxCare joined as General Members, while FreeBSD Foundation joined as an Associate Member. The new members will take part in working groups and technical initiatives that help shape the foundation's direction.

The membership update came alongside broader developments across the organisation's policy, tooling and education work. These include new guidance tied to the European Union Cyber Resilience Act, a Python secure coding guide, an AI security book produced with the Cloud Native Computing Foundation, and the first intake for an ambassador programme.

The Open Source Cyber Reasoning System, or OSS-CRS, has also entered the foundation's sandbox as a new project focused on AI-driven automated vulnerability finding and patching.

The addition reflects growing attention on software supply chain security and the role of artificial intelligence in identifying and managing weaknesses in open source code. Recent work at OpenSSF has also been shaped by rising security requirements and pressure to align organisations and countries around shared standards.

Steve Fernandez, General Manager of OpenSSF, linked the latest changes to those broader shifts in the security landscape.

"As the threat landscape for software supply chains becomes more complex, the need for community driven security standards has never been more urgent," Fernandez said.

"The growth we're seeing in our membership and the arrival of projects like OSS-CRS show that security is an important priority for all. The OpenSSF is providing the practical tools and guidance developers need to build more resilient software," he said.

Policy and guidance

Among the resources highlighted was a roadmap from the Global Cyber Policy Working Group, intended to help maintainers and stewards understand global regulation, including the European Union Cyber Resilience Act.

OpenSSF also published version 1.0.0 of its Secure Coding Guide for Python through the BEST Working Group. The guide sets out anti-patterns and compliant code examples designed to reduce common vulnerabilities.

Another release focused on artificial intelligence and open source security. Produced with the Cloud Native Computing Foundation, the book covers how maintainers, security engineers and researchers can handle AI-generated contributions and use AI in security work.

Community programmes

The organisation has selected eight mentees for its summer mentoring programme. They will work on Repository Service for TUF, GITTUF, SBOMit and Minder.

OpenSSF also introduced the first cohort of its ambassador programme, made up of 13 community leaders. The group is intended to spread security practices more widely across the open source ecosystem.

In a separate update, Security Slam 2026 concluded with dozens of open source projects reaching the Open Source Project Security Baseline and publishing their first formal threat models.

New members

The organisations joining the foundation framed their membership as a way to take part more directly in industry-wide open source security work.

"The Linux Foundation and OpenSSF are where the serious work on open source security gets done. No single organization secures the software supply chain alone. Thirty years of building secure open source infrastructure is what we bring to that work, and that work is better done together," said Abby Kearns, Chief Executive Officer of ActiveState.

"Open source software is the foundation of modern software development, and supporting that ecosystem has always been core to Aikido's mission. Through projects like Safe Chain, Zen Firewall, OpenGrep, and BetterLeaks, we're investing in practical, community-driven security tooling that helps developers build and ship software with speed, trust and confidence. We believe securing open source is a shared responsibility, and we're proud to contribute technologies that make the broader ecosystem safer and more resilient for everyone," said Willem Delbare, Founder and Chief Executive Officer of Aikido Security.

FreeBSD Foundation pointed to the role of widely used infrastructure software in the broader security debate.

"As a critical component of the global digital infrastructure, we believe FreeBSD must be part of the security discussions shaping the future of open source. Joining the OpenSSF will enable us to collaborate with others to help protect the software the world depends on," said Deb Goodkin, Executive Director of FreeBSD Foundation.

Minimus and TuxCare also stressed collective responsibility for strengthening open source security.

"Minimus is proud to join OpenSSF and work alongside its other members to help secure the open source ecosystem that allows us all to thrive. Enabling developers to build on open source components while keeping security teams happy is central to our business, and we intimately understand the responsibility we all share in achieving that goal," said Kat Cosgrove, Head of Developer Advocacy at Minimus.

"TuxCare is pleased to be joining OpenSSF and the cross-industry effort to strengthen open-source security. For more than a decade, we've worked to keep open source secure and reliable in enterprise production over the long term. We see that kind of sustained reliability as essential to the trusted, secure open-source ecosystem OpenSSF envisions," said Igor Seletskiy, Chief Executive Officer of TuxCare.