OpenSSF Celebrates Global Momentum, AI/ML Security Initiatives and Golden Egg Award Winners at Community Day Europe

Foundation honors community achievements and strategic efforts to secure ML pipeline during community event in Amsterdam

AMSTERDAM – OpenSSF Community Day Europe – August 28, 2025 – The Open Source Security Foundation (OpenSSF), a cross-industry initiative of the Linux Foundation that focuses on sustainably securing open source software (OSS), presents the Golden Egg Award during OpenSSF Community Day Europe and celebrates notable momentum across the security industry. The Foundation’s milestones include achievements in AI/ML security, policy education, and global community engagement.

Golden Egg Award Recipients

OpenSSF continues to shine a light on those who go above and beyond in our community with the Golden Egg Awards. The Golden Egg symbolizes gratitude for recipients’ selfless dedication to securing open source projects through community engagement, engineering, innovation, and thoughtful leadership. This year, we celebrate:

• Ben Cotton (Kusari) – for work on GUAC and the Open Source Project Security Baseline (OSPS Baseline)
• Kairo de Araujo (Eclipse Foundation) – for maintaining RSTUF and participation in the Securing Software Repositories Working Group
• Katherine Druckman (Independent) – for dedication to community growth and developer relations (DevRel)
• Eddie Knight (Sonatype) – for advancing OSPS Baseline and creating project courses that strengthen open source security education
• Georg Kunz (Ericsson) – for leadership and contributions within the Best Practices Working Group

Achievements and Milestones

OpenSSF is supported by more than 118 member organizations and 1,519 technical contributors across OpenSSF projects, serving as a vendor-neutral partner to affiliated open source foundations and projects. As securing the global technology infrastructure continues to get more complex, OpenSSF will remain a trusted home to further the reliability, security, and universal trust of open source software.

Over the past quarter, OpenSSF has made several key achievements in its mission to sustainably secure open source software, including:

• The release of a whitepaper by the AI/ML Security Working Group on securing the AI lifecycle, which maps OWASP ML Top 10 threats to MLOps stages and highlights tools like Sigstore and OpenSSF Scorecard.
• Success at the AI Cyber Challenge (AIxCC) at DEF CON. OpenSSF participated as a challenge advisor and will be working with DARPA and ARPA-H to open source the winning systems, infrastructure, and data from the competition.
• Co-launching the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families.
• Publishing the Cyber Resilience Act (CRA) Brief Guide for OSS Developers, a practical overview to help open source maintainers and contributors understand when CRA requirements apply, what obligations exist, and how to prepare — paired with the free express course Understanding the EU Cyber Resilience Act (CRA) (LFEL1001) for those who want deeper learning and a digital badge.
• Co-launching the Global Cyber Policy Working Group to collaborate on global cybersecurity-related legislation, frameworks, and standards which facilitate conformance to regulatory requirements by open source projects and their consumers; with initial focus on EU's CRA legislation.

“Securing the AI and ML landscape requires a coordinated approach across the entire pipeline," said Steve Fernandez, General Manager at OpenSSF. "Through our MLSecOps initiatives with OpenSSF members and policy education with our communities, we're giving practitioners and their organizations actionable guidance to identify vulnerabilities, understand their role in the global regulatory ecosystem, and build a tapestry of trust from data to deployment.”

Global Community Engagement

OpenSSF continues to expand its influence on the international stage. OpenSSF Community Days drew record attendance globally, including standing-room-only participation in India, strong engagement in Japan, and sustained presence in North America.

Supporting Quotes

“As AI and ML adoption grows, so do the security risks. Visualizing Secure MLOps (MLSecOps): A Practical Guide for Building Robust AI/ML Pipeline Security is a practical guide that bridges the gap between ML innovation and security using open-source DevOps tools. It’s a valuable resource for anyone building and securing AI/ML pipelines.” Sarah Evans, Distinguished Engineer, Dell Technologies 

“The whitepaper distills our collective expertise into a pragmatic roadmap, pairing open source controls with ML-security threats. Collaborating through the AI/ML Security WG proved that open, vendor-neutral teamwork can significantly accelerate the adoption of secure AI systems.” Andrey Shorov, Senior Security Technology Specialist at Product Security, Ericsson

"The Cybersecurity Skills Framework is more than a checklist — it’s a practical roadmap for embedding security into every layer of enterprise readiness, open source development, and workforce culture across international borders. By aligning skills with real-world global threats, it empowers teams worldwide to build secure software from the start." Jamie Thomas, Chief Client Innovation Officer and the Enterprise Security Executive, IBM 

“Open source is global by design, and so are the challenges we face with new regulations like the EU Cyber Resilience Act,” said Christopher “CRob” Robinson, Chief Security Architect, OpenSSF. “The Global Cyber Policy Working Group helps policymakers understand how open source is built and supports maintainers and manufacturers as they prepare for compliance.”

“The OpenSSF's brief guide to the Cyber Resilience Act is a critical resource for the open source community, helping developers and contributors understand how the new EU law applies to their projects. It clarifies legal obligations and provides a roadmap for proactively enhancing their code's security.” Dave Russo, Senior Principal Program Manager, Red Hat Product Security

Events and Gatherings

New and existing OpenSSF members are gathering this week in Amsterdam at the annual OpenSSF Community Day Europe. 

OpenSSF will continue its engagement across Europe this fall with participation in the Linux Foundation Europe Member Summit (October 28) and the Linux Foundation Europe Roadshow (October 29), both in Ghent, Belgium. At the Roadshow, OpenSSF will sponsor and host a dedicated track building on last year’s standing-room-only CRA workshop. On October 30, OpenSSF will co-host the European Open Source Security Forum with CEPS in Brussels, bringing together open source leaders, European policymakers, and security experts to collaborate on the future of open source security policy. A landing page for this event will be available soon, check the OpenSSF events calendar for updates and registration details.

Additional Resources

• View the complete list of OpenSSF members
• Contribute efforts to one or more of the active OpenSSF working groups and projects
• Sign up for the OpenSSF newsletter to receive updates on upcoming events, resources, and community news.

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry organization at the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at openssf.org. 

###

Media Contact

Grace Lucier
The Linux Foundation
pr@linuxfoundation.org