CRob
CRob
Creation of OSSF Project training videos so that people can become informed about: - Sigstore - Scorecard - S2C2F - SLSA - Secure software consumption - BP Badges - And...
Create a “Secure Developer” Job description that lists off key skills that should be sought after by hiring organizations. Vet this with HR/People team professionals and then attempt to influence...
We discussed today in our call about the need to find, identify, and evangelize resources that are available to developers and maintainers to help detect social engineering, identify and defend...
A pain point this group identified between Finder/Researchers and Maintainers is the lack of an easy, consistent way to share vuln. reports that capture enough information that makes them actionable...
Following along with our two existing CVD guides, what guidance can we share with open source consumers around OSS CVD, vuln mgmt, or resources they should get involved in on...
Talked about in out 9/27/2022 call, Francis suggested we build/find tools/automation that can help maintainers and others implement suggestions in CVD guides
I'd like to use this issue to talk about what elements we'd like to see in a security policy that could be easily used by open source projects and maintainers...
Hello. The OSSF TAC is seeking to get an issue(1) closed out. We want to ensure all working groups have a complete charter.md file and as I reviewed this group's...
initial load of BEST WG TAC report. still waiting for WG member feedback prior to presenting