[Suggestion] Scrub Security TAG project resources against OpenSSF disclosure guide

[TheFoxAtWork]

Description: OpenSSD released an Open SSF vulnerability disclosure guide for OSS projects. We want to review our existing project resources and information and ensure it is alignment with the OpenSSF guide.

Impact: discrepancies between these may be confusing for projects.

Scope:

• [ ] Review the OpenSSF guide.
• [ ] Review the Project Resources.
• [ ] Identify missing, incomplete, or different information in the Project resources*
• [ ] Add the OpenSSF guide as a resource in project resources
• [ ] Open a PR with changes to move the project resources in alignment

*There is expected to be some difference, we're focused more on the process and references and less on the "does it say email list or slack channel".

[sayantani11]

@TheFoxAtWork Can I help with this?

[stale[bot]]

This issue has been automatically marked as inactive because it has not had recent activity.

[dutchshark]

This appears to be a good initiative? what's the current status with the fact that @TheFoxAtWork left and there has been no activity since November 5th past year?

[PushkarJ]

Chairs/TLs are meeting with NIST SSDF folks soon. Please remind me to update this issue with more info in a couple of weeks or so.

[stale[bot]]

This issue has been automatically marked as inactive because it has not had recent activity.

[szh]

@PushkarJ any update? I'd be interested in helping out.

[stale[bot]]

This issue has been automatically marked as inactive because it has not had recent activity.

[anvega]

Given there wasn't any meaningful activity here since the issue was first proposed in Sep 27, 2021, I'll proceed to close. Should there be renewed interest in revisiting the proposed initiative, we can reopen the issue and prioritize accordingly.