Adrian Diglio issues

Results 6 issues of


                                            Adrian Diglio

Suggestion: Add a new section to the "Guide to Security Tools" to cover tools that improve MTTR for OSS vulnerabilities

**Summary**: add a new section to the Guide to Security Tools about tools that help improve OSS patching speed (i.e. Mean Time To Remediate (MTTR)). These are tools/capabilities that are...

S2C2F needs a website

Investigate OpenSSF processes through the TAC (something like GitHub Pages) that we can publish our own site for S2C2F, and choose a domain name (such as s2c2f.io).

enhancement

Create Supplemental Material for deeper dives and clarification

**Definition of Supplemental Material:** A 1-2 page write up to provide clarification on certain scenarios. Example list of initial Supplemental Guides: - How S2C2F applies to C/C++ OSS - How...

Discuss with OpenSSF TAC about our plans to submit an Exploratory Report to the PAS process for International Standardization

Ensure TAC is aware that S2C2F is stable, and also make TAC aware of possible opportunities to have SLSA join the international standardization alongside the S2C2F.

Create AI Use Case workstream to extend S2C2F guidance for Data Scientist persona

This Issue establishes the formal creation of this workstream under the S2C2F Project within the Supply Chain Integrity WG with a workstream lead and contributors. Working doc: ([link](https://docs.google.com/document/d/1UyvpC52feo7dZsDee2vQLWIMOjoD-dfAIr-cG0dqoHc/edit?usp=sharing)) This workstream...

documentation

enhancement

Proposal: Align Scorecard checks with S2C2F Maturity Level 2 requirements

The OpenSSF has a large portfolio of specifications and tools, and we would like to partner with various tools, specifications, and communities across OpenSSF to work together so we are...

kind/enhancement