Powered by open-source: 3 recent developments in cybersecurity

We love open-source cybersecurity projects. From foundational tools like Nmap to modern frameworks like Semgrep, open-source initiatives have been consistent drivers of innovation; and they’ve enhanced transparency and fostered collaboration along the way. 

Over the last few years, open-source haven’t just kept pace with evolving cyber threats – they’ve often been at the forefront of developing the most robust security solutions available today. 

The power of collective experience 

When we spoke to open-source advocate Paulino Calderon (Co-Founder of Websec), he summed up the essence of open-source collaboration:​

“I genuinely believe in the power behind the democratisation of knowledge. I joined a program sponsored by Google that gave funds to open-source projects, and the infamous port/service scanner Nmap took me under its wing. I learned much from collaborating with people worldwide and sharing contributions with millions of users.”

Calderón's journey is evidence of how open-source platforms can serve as incubators for talent and innovation – enabling individuals to contribute to tools that benefit the global community.​

3 Recent open-source developments in cybersecurity 

1. OpenSSF's Security Baseline

In February 2025, the Open Source Security Foundation (OpenSSF) introduced the Open Source Project Security Baseline (OSPS Baseline). This framework offers a structured set of security requirements aligned with international standards, aiming to bolster the security posture of open-source software projects. By providing actionable guidance, the OSPS Baseline empowers developers to enhance their projects' security, fostering a more resilient open-source ecosystem.

2. Semgrep's Evolution

Semgrep, an open-source static analysis tool, has gained prominence for its ability to identify security vulnerabilities in codebases. In early 2025, Semgrep secured USD $100 million in Series D funding to further develop its AI capabilities and expand its reach (as reported by The Wall Street Journal). While transitioning some advanced features to a paid model, Semgrep is committed to its open-source roots – making sure that individual developers continue to benefit from its core functionalities. ​

3. Chainguard's Wolfi Linux Distribution

To address the growing concern of supply chain attacks, Chainguard introduced Wolfi – a Linux distribution designed to enhance software supply chain security. As reported by Wired, Wolfi meticulously verifies and catalogs every component in software containers, to provide enterprises with a robust foundation to build secure applications. This initiative aligns with broader efforts to fortify the software development lifecycle against potential threats. 

Open-source plays an important role in cybersecurity education

Beyond tool development, the existence of open-source projects plays an important role in cybersecurity education. Resources like OWASP Web Security Testing Guide offer comprehensive insights into application security, for example – an invaluable reference for both new practitioners and seasoned professionals. 

Any knowledge that’s freely accessible, and that welcomes open-source input, helps to foster a culture of continuous learning and improvement in the field of cybersecurity. And that’s absolutely essential if we want to maintain a flow of engaged, ambitious, curious and creative talent into this sector. 

And it’s central to a strong future in cybersecurity 

To put it bluntly, the importance of open-source contributions in cybersecurity can’t be overstated. Collaborative efforts, transparency, and shared knowledge are absolutely necessary for building resilient security infrastructures. 

When we embrace and support open-source initiatives, we enhance our collective defense mechanisms and create the potential for more advanced security measures to arise from shared knowledge. 

Calderon put it like this: 

“Together, we can make significant strides toward a future where technology serves as a bridge rather than a barrier, connecting us in our shared pursuit of progress.” ​

And it’s true: the collaborative spirit of the open-source community continues to be a beacon of innovation and resilience in the ever-evolving realm of cybersecurity.​

Register now to join the global cybersecurity community in Riyadh this year.