John Mark

Rob U: top 1000 open source projects used in FS? We have limited resources - are we willing to contribute actual resources to this? Will we commit to using output?

Jonathan Meadows: can we use the output of the FSI threat intelligence group fsisac.com - 50K banks - connected to openssf - what is the work product? Created top 100...

Rob U: between FS-ISAC and this group - do we need to exist? James: can we still pull learning from other groups into larger devops automation group? Rhyddian: if there...

Decision: for orgs that haven't signed a CLA, they can open/amend issues, which project leads then convert into cards on the project board Boundaries (James) - are we focusing on...

Bringing this back to the forefront - still feels like we need a way to help provide a curation layer between maintainers and users. Could be metadata store, or could...

- OSS sustainability? Do we hire maintainers? - KDB example - unmaintained and forked into finos governance - Enable and empower engineers - centralized teams, hiring public maintainers, train and...

John Mark Walker - Fannie Mae On Thu, 21 Sept 2023, 12:06 Ragha Vema, ***@***.***> wrote: > Ragha Vema, Fannie Mae > > — > Reply to this email directly,...

Set the scope of the working group: - focus on internal open source management - focus on CI/CD pipeline integration - focus on proactive engagement of open source communities as...

discussion point: golden repos vs or with scanning

Start with guidance from OSR and OpenSSF, adding more details for highly regulated environments. Final publication could be on OSR, OpenSSF, or Finos