The Open Source Security Foundation (OpenSSF) is a cross-industry forum working to improve security in open source software (OSS). To address the security problems with OSS, OpenSSF aims to support maintainers, improve security policies for public repositories, remove or tag malicious projects, and adopt tooling and security practices. Cloudsmith, a company providing tools for securing software supply chains, has integrated with Sigstore's Cosign and is aligning with OpenSSF initiatives to help customers secure their OSS dependencies and supply chains. The Alpha-Omega Project, funded by Microsoft and Google, aims to improve software supply chain security through direct engagement of software security experts and automated security testing. Other projects include the Software Bill of Materials (SBOM) tooling, Scorecards for automated security checks, SLSA for hardening software supply chains, and the Great MFA Distribution Project providing hardware multi-factor authentication tokens to OSS developers.