tac
tac copied to clipboard
ossf
Technical Advisory Council
OpenSSF Technical Advisory Council (TAC)
The OpenSSF Technical Advisory Council is responsible for oversight of the various Technical Initiatives (TI) of the OpenSSF.
Get Involved
Although the TAC is composed of a set of official members listed below, any community member is welcome to participate in the TAC discussions.
Official communications occur on the TAC mailing list. Manage your subscriptions to Open SSF mailing lists.
Informal discussions occur in the TAC channel of the OpenSSF Slack. To join, use the following invite link.
Use GitHub Issues to request and discuss agenda items.
If you need support in any part of the process, please email [email protected].
Meetings
The TAC meetings minutes are online and appear on the OpenSSF Community Calendar.
Meetings are also recorded and posted to the OpenSSF YouTube channel.
TAC Members
| Name | Position | Organization | Term | |
|---|---|---|---|---|
| Arnaud J Le Hors | Vice Chair | [email protected] | IBM | January 2024 - December 2025 |
| Bob Callaway | [email protected] | January 2024 - December 2024* | ||
| Christopher "CRob" Robinson | Chair | [email protected] | Intel | January 2024 - December 2024* |
| Dan Appelquist | [email protected] | Samsung | January 2024 - December 2024 | |
| Michael Lieberman | [email protected] | Kusari | January 2024 - December 2024 | |
| Zach Steindler | [email protected] | GitHub | January 2024 - December 2024 | |
| Marcela Melara | [email protected] | Intel | January 2024 - December 2025 | |
| Sarah Evans | [email protected] | Dell | January 2024 - December 2024* | |
| Jautau "Jay" White | [email protected] | Microsoft | January 2024 - December 2025 |
NOTE: * marked entries denote OpenSSF Governing Board appointed members, others are community elected.
Charter
The TAC is chartered as part of the Open Source Security Foundation Charter.
Technical Initiatives
The governance of TIs is documented in the process section. This section provides you with all the information about the different types of initiatives and how they are managed, as well as how to propose a new initiative. It also covers the different levels of maturity a TI can be in, the requirements that must be met to move up to the next level, as well as the benefits that come with each level.
The following Technical Initiatives have been approved by the TAC. You may learn more about their status through their quarterly reports.
Working Groups (WGs)
| Name | Repository | Notes | Status |
|---|---|---|---|
| Vulnerability Disclosures | https://github.com/ossf/wg-vulnerability-disclosures | Meeting Notes | Graduated |
| Security Tooling | https://github.com/ossf/wg-security-tooling | Meeting Notes | Incubating |
| Security Best Practices | https://github.com/ossf/wg-best-practices-os-developers | Meeting Notes | Graduated |
| Metrics & Metadata | https://github.com/ossf/wg-metrics-and-metadata | Meeting Notes | Incubating |
| Securing Critical Projects | https://github.com/ossf/wg-securing-critical-projects | Meeting Notes | Incubating |
| Supply Chain Integrity | https://github.com/ossf/wg-supply-chain-integrity | Meeting Notes | Incubating |
| Securing Software Repositories | https://github.com/ossf/wg-securing-software-repos | Meeting Notes | Graduated |
| End Users | https://github.com/ossf/wg-endusers | Meeting Notes | Incubating |
| Diversity, Equity, & Inclusion | https://github.com/ossf/wg-dei | Meeting Notes | Incubating |
| AI/ML Security | https://github.com/ossf/ai-ml-security | Meeting Notes | Incubating |
Projects
| Name | Repository/Home Page | Notes | Sponsoring Org | Status |
|---|---|---|---|---|
| Allstar | https://github.com/ossf/allstar | Meeting Notes | Securing Critical Projects WG | TBD |
| Best Practices Badge | https://github.com/coreinfrastructure/best-practices-badge | Mailing list | Best Practices WG | TBD |
| Criticality Score | https://github.com/ossf/criticality_score | Meeting Notes | Securing Critical Projects WG | TBD |
| Fuzz Introspector | https://github.com/ossf/fuzz-introspector | Meeting Notes | Security Tooling WG | TBD |
| GUAC | https://github.com/guacsec/guac | Meeting Notes | Supply Chain Integrity WG | Incubating |
| gittuf | https://github.com/gittuf/gittuf | TBD | Supply Chain Integrity WG | Sandbox |
| OpenVEX | https://github.com/openvex | Meeting Notes | Vulnerability Disclosures WG | Sandbox |
| OSV Schema | https://github.com/ossf/osv-schema | Meeting Notes | Vulnerability Disclosures WG | TBD |
| Package Analysis | https://github.com/ossf/package-analysis | Meeting Notes | Securing Critical Projects WG | TBD |
| Package Feeds | https://github.com/ossf/package-feeds | Meeting Notes | Securing Critical Projects WG | TBD |
| Protobom | http://github.com/bom-squad/protobom | Meeting Notes | Security Tooling WG | Sandbox |
| Repository Service for TUF | https://github.com/repository-service-tuf/repository-service-tuf | Meeting Notes | Securing Software Repositories WG | Incubating |
| S2C2F | https://github.com/ossf/s2c2f | Meeting Notes | Supply Chain Integrity WG | Incubating |
| SBOMit | https://github.com/sbomit | Meeting Notes | Security Tooling WG | Sandbox |
| Scorecard | https://github.com/ossf/scorecard | Meeting Notes | Best Practices WG | TBD |
| Security Insights Spec | https://github.com/ossf/security-insights-spec | Meeting Notes | Metrics & Metadata WG | TBD |
| Security Metrics | https://github.com/ossf/Project-Security-Metrics | Meeting Notes | Metrics & Metadata WG | TBD |
| Sigstore | https://github.com/sigstore | Meeting Notes | OpenSSF TAC | Graduated |
| SLSA | https://github.com/slsa-framework/slsa | Meeting Notes | Supply Chain Integrity WG | TBD |
| SLSA Tooling | https://github.com/ossf/wg-supply-chain-integrity/blob/main/slsa-tooling.md | Meeting Notes | Supply Chain Integrity WG | TBD |
OpenSSF affiliated projects
| Name | Repository | Notes | Status |
|---|---|---|---|
| Core Toolchain Infrastructure | Coming Soon | TBD | TBD |
| Alpha Omega | https://github.com/ossf/alpha-omega | TBD | TBD |
Special Interest Groups (SIGs) - To Be Completed
SIGs can be created and managed without formal approval from the TAC. The following is for information purpose only.
| Name | Repository/Home Page | Notes | Governing Org | Status |
|---|
Overview Diagrams
Diagrams with an overview of the OpenSSF, including its projects and SIGs, are available in the presentation OpenSSF Introduction (including Diagrammers’ Society diagrams) as created and maintained by the OpenSSF Diagrammer's Society.
Antitrust Policy
Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.
Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.
ossf