The OpenSSF April 2026 newsletter covers community updates including the upcoming Community Day North America on May 21 in Minneapolis, new frameworks to modernize Third-Party Notices and SBOMs into machine-readable security intelligence, and runtime context approaches to reduce vulnerability alert fatigue by focusing on the ~15% of CVEs actually loaded in production. Key project milestones include Gemara v1.0.0 release and Security Slam 2026 recognizing projects meeting rigorous security baselines. The newsletter also highlights the OSS-CRS project joining OpenSSF from DARPA's AI Cyber Challenge, SAFE-MCP threat catalog for securing agentic AI, Alpha-Omega security audits for PyPI, Hex, and RubyGems, and ongoing EU Cyber Resilience Act (CRA) readiness work for open source maintainers.
Table of contents
What’s in the SOSS? An OpenSSF Podcast:News from OpenSSF Community Meetings and Projects:In the News:Meet OpenSSF at These Upcoming Events!See You Next Month!Sort: