Jan 21, 2026 In Alpha-Omega, Events, FOSDEM, FOSDEM-2026, Grants, Open Source Software, Security

Alpha-Omega at FOSDEM 2026: Confronting the Economics and Reality of Open Source Security

Every year, FOSDEM brings together the people who build, maintain, and depend on open source software. It is a place where hard technical problems meet…

Dec 19, 2025 In Ada Logics, Alpha-Omega, open source AI security, OSTIF

The Open Source AI Series: A security health check of 25 popular open source AI/LLM projects: Findings and lessons learned

Alpha-Omega partnered with Ada Logics and OSTIF to audit 25 widely used open source AI and LLM projects. This post shares key findings, common security…

Nov 24, 2025 In Beach Cleaning Initiative, FreeBSD Foundation, Open Source Security, software supply chain security

Strengthening FreeBSD’s Software Supply Chain: Year Two of Alpha-Omega Support

Alpha-Omega’s second year of support for the FreeBSD Foundation focuses on strengthening the security and maintenance of third party dependencies, advancing SBOM work for the…

Nov 21, 2025 In ecosystem analysis, Open Source Security, package manager data, Software Supply Chain

Documenting Package Manager Data: Insights from ecosyste.ms

ecosyste.ms released new open datasets documenting how 70+ package managers structure metadata, manifests, lockfiles, and registry APIs. This work helps strengthen software supply-chain security and…

Oct 29, 2025 In Alpha-Omega, archive security, Python packaging, Seth Larson, software supply chain security

Slippery Zips and Sticky Tar-Pits: Security and Archives | White Paper by: Seth Larson – Python Software Foundation

This new white paper from Seth Larson of the Python Software Foundation explores how legacy archive formats like ZIP and tar introduce security risks, and…

Oct 21, 2025 In Apache Trusted Releases, Cyber Resilience Act, SBOM

Apache Trusted Releases platform begins second Alpha

Apache Trusted Releases platform begins second Alpha — October 20, 2025 The Apache Software Foundation (ASF) Tooling team advances the Apache Trusted Releases (ATR) platform…

Oct 15, 2025 In Alpha-Omega, Cyber Resilience Act, Open Source Security, OpenRefactory, VEX

How I Learned to Stop Worrying and Love the VEX

Written by Piotr P. Karwasz of the Apache Log4j PMC and OpenRefactory collaborator, this post explores how Vulnerability Exploitability eXchange (VEX) files help determine whether…

Sep 30, 2025 In crates.io, Open Source Security, Rust Foundation, Software Supply Chain, Trusted Publishing

Trusted Publishing: Secure Rust Package Deployment Without Secrets

by Tobias Bieniek: Rust Foundation In April 2025, I began working on what would become one of the most significant security improvements to come to…

Sep 23, 2025 In Alpha-Omega, Maintainers, Open Source, OS Sustainability

Alpha-Omega Endorses the Joint Statement on Sustainable Stewardship

Open source powers the modern software ecosystem, but its foundation is fragile. Package registries and their surrounding infrastructure are the backbone of the open source…

Sep 15, 2025 In Alpha-Omega, Open Source, OSTIF

OSTIF 2025 Alpha-Omega Partnership Updates and Roadmap

By OSTIF Marketing and Community Manager Helen Woeste Sourcing funding is one of the biggest challenges Open Source Technology Improvement Fund (OSTIF) faces as a…

1 2 3 4 Next →

PRESS RELEASE

Nov 1, 2023

OpenJS Foundation Warns Consumer Privacy and Security at Risk in Three-Quarters of a Billion Websites

OpenJS Foundation reports poor security practices across industries in North America, UK and Europe SAN FRANCISCO – November 1, 2023 – Global web infrastructure is in…

BLOG

PRESS RELEASE