David A. Wheeler
David A. Wheeler
[Open Security Training](https://opensecuritytraining.info/) would like for educational material about how to develop secure software be easily reused/relinked so that it can be cross-connected with information on how those vulnerabilities can...
This adds a new link to the old "Census I" paper, specifically to a GitHub repo controlled by the Linux Foundation. We don't know of a reason the old one...
We need an easy link to: https://docs.google.com/spreadsheets/d/1ONZ4qeMq8xmeCHX03lIgIYE4MEXVfVL6oj05lbuXTDM/edit#gid=1024997528
If you can't do something in OpenSSF that you think you should be able to do, or CAN do something you DON'T think you should do, reply to this issue...
In https://github.com/ossf/wg-securing-critical-projects/blob/main/identifying-critical-projects.md add information on Digital Public Goods' DPG-standard and links to the registered projects identified there. See: https://github.com/DPGAlliance/DPG-Standard https://digitalpublicgoods.net/registry/ https://digitalpublicgoods.net/
We seem to have some minor inconsistencies regarding our description of Alpha-Omega (among other things). This slide: https://docs.google.com/presentation/d/1ZQ7WjNH5fQL7qvpFN3jTFt-iQHqPpUc5of_azQc8iic/edit has Alpha-Omega listed as an "associated project" reporting directly to the TAC....
It's sadly easy to accidentally insert secrets into a repository ([here's an example](https://docs.google.com/document/d/1MWBTqpO8XofvN9ElTX5tPB8a7N1N0Wp9JgEQ9ff4Qvo/edit)). We should modify the [SCM Best Practices](https://best.openssf.org/SCM-BestPractices/#recommendations) to say that any SCM should (where practical) enable scanning...
I propose creating a new guidance document, *Correctly using Regular Expressions for Secure Input Validation*. A draft is here: https://docs.google.com/document/d/1Ors5T04Pgh3dcBfelbBrEBrvY3OKB7loUBUJPYBmmZw/edit Here's the background. [Seth Larson’s Regex character “$” doesn't mean...
We need to modify the CSS for the generated pages under /docs to "look like OpenSSF". This will probably involve modifying assets/css/style.scss as well as some other pages. Eventually we...