CRob
CRob
**Question** Hello! My name is CRob and I work with the Developer Best Practices Working Group of the Linux Foundation's Open Source Security Foundation (OpenSSF) "Great Multi-Factor Authentication (MFA) Distribution...
The TAC shall create simple, accessible guidelines to help empower our communities to understand what tools and channels are available, how best to communicate with distributed asynchronous communities, and where...
There has been a request to map all OSSF TI's (WGs, Projects, SIGs, etc.) using the LF's landscape tool. Examples today include: 1) The OSSF Membership list - https://openssf.org/about/members/ 2)...
The process for nomination, the voting process itself, the Governing Board nominated seats, how the TAC chooses a chair/vice-chair, as well as key dates/milestones should be clearly represented in the...
The current TAC & SCIR voting process is documented here(1) and has served the OpenSSF since the origination of the foundation. It is desirable to have better definition and enable...
A short-lived working committee should be created under the TAC for the purpose of conducting a review to ensure existence, consistency, and accuracy for all Foundation group documentations (TAC, WG,...
Hi. The OSSF TAC is seeking to get an issue(1) closed out. We want to ensure all working groups have a complete charter.md file and as I reviewed this group's...
Our friends at Ericsson have developed a set of code examples and guidance grounded in the MITRE CWE framework (https://cwe.mitre.org/). This work was originally inspired by SEI Cert's secure coding...
Create a “Security Skills for Developers” document that lists key skills job applicants should have, along with ways to acquire those skills/credentials, and evangelize to academia and to developers
Create a “secure developer training” check for the Scorecard. If a credential or certification can be found, present that alongside the standard scorecard checks to highlight projects that have trained...