CRob

It was discussed in the WG today that we may wish to search to see if any existing art or docs exist on this to kickstart our efforts. The team...

We have this previous issue we may want to merge here https://github.com/ossf/wg-vulnerability-disclosures/issues/100

CPE is a requirement for commercial vendors to supply, so a group of us will always have to deal with it and its progeny. It looks like cpe will be...

for a very good timeline on the incident: https://boehs.org/node/everything-i-know-about-the-xz-backdoor

https://github.com/giuliacassara/awesome-social-engineering https://www.cmu.edu/iso/aware/dont-take-the-bait/social-engineering.html https://www.knowbe4.com/what-is-social-engineering/

https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks https://www.cmu.edu/iso/aware/dont-take-the-bait/social-engineering.html

> Seems the document was not merged, reopening it correct, waiting for WG folks to review and comment

Discussed at 15May call with group. Will merge now.

This is something Red Hat has done for upstream projects for about two decades (as do my pals at Canonical and SUSE since we're CNAs). We have assisted in multiple...

> I align pretty heavily with @Foxboron and @JasonKeirstead, here. > > > There is a security framework built around having one agreed upon way to communicate vulnerabilities. Linux distribution,...