security-baseline icon indicating copy to clipboard operation
security-baseline copied to clipboard
verified publisher icon ossf

Clarify language in SA-03's title and objective documentation fields

Open trumant opened this issue 9 months ago • 2 comments

Current state

- id: OSPS-SA-03
    title: |
      The project MUST assess the security posture of all software assets.
    objective: |
      Provide project maintainers an understanding of how the software can be
      misused or broken allows them to plan mitigations to close off the potential
      of those threats from occurring.

Desirable improvements

  • [ ] The title can be more precise. "all software assets" is overly vague. I think this could mean software that is released by the project, but it could well mean that, plus all dependencies of those released assets.
  • [ ] The objective is awkward and should be rephrased

trumant avatar May 14 '25 20:05 trumant