David A. Wheeler
David A. Wheeler
Add some small sound effects when there is a lab success. The goal is to be (1) motivating, and (2) aid accessibility for those who cannot perceive the background color...
We should probably add `-D_LIBCPP_ENABLE_HARDENED_MODE=1`. It helps for C++ when using libc++ and the LLVM compiler. See: https://libcxx.llvm.org/Hardening.html#using-hardening-modes
The current C/C++ compiler option guidelines have a lot of good information. We should re-review other materials to see if we're missing something that should be in there. I don't...
The existing OpenSSF fundamentals course has some material on build and distribution security. It'd be useful to expand that using information from SLSA, SSC, and other materials.
On 2023-06-06 Melba Lopez walked through a number of comments on the S2C2 document. See the [WG meeting notes](https://docs.google.com/document/d/10Q_VOvKsGaYJoK-5yJY4868mTkYZjEo-6xV6ghYS84k/edit#) for the discussion we had then. We need to walk through...
Crosswalk S2C2F with ["Taxonomy of Attacks on OSS Supply Chains" by Ladisa et al.](https://arxiv.org/abs/2204.04008) Perhaps we should use their terminology, or at least mention its alternative names.
Per discussion 2023-02-28, S2C2F should ensure that expansion of binary patches is equivalent to what would be downloaded from scratch.
Brainstorm ideas on how to improve "Principles for Package Repository Security" from CISA OSS Summit
Thank you SO MUCH for your work on the "Principles for Package Repository Security". Today several of us brainstormed about ways to possible improve it, as part of the CISA...
FYI, CII Best Practices badge has a new mechanism to make its results easier to integrate in to dashboards: https://github.com/coreinfrastructure/best-practices-badge/issues/1460 You can easily see the passing criteria here: https://bestpractices.coreinfrastructure.org/criteria/0
I propose that the "CII Best Practices badge" project be moved into this "Identifying Security Threats" WG as a sub-project, because this WG has a strong focus on metrics. I...