tac
tac copied to clipboard
ossf
Technical Advisory Council
OpenSSF Projects cannot lag in signing the Charter and the Contributor Agreement (CA). These items confirm their onboarding as projects of the OpenSSF. Without these documents these projects have no...
[Bomctl](https://github.com/bomctl/bomctl) is seeking Sandbox Project Entry into the OpenSSF under the Security Tools WG. In following the [Sandbox Process](https://github.com/ossf/tac/blob/main/process/project-lifecycle.md#submission-process) - the bomctl maintainers are requesting the "one-time IP policy and...
Identifying and assisting critical links in the open-source software supply chain remains a challenge for the open-source community and the Open Source Security Foundation. I am writing to introduce a...
We have been trying to get a number of projects through this process of being fully onboarded but have hit a brick wall with getting approval on the following -...
Several TIs have reported much lower participation than usual lately. While there are many external factors that are affecting participation at the moment, there's a general sense that there are...
### Problem Statement Sigstore's documentation is primarily focused on developer signing, which is misaligned with Sigstore's MVSR and adoption strategy, automated signing through CI providers/trusted publishing. Additionally, the documentation only...
Hi everyone, I've recently noticed a proliferation of security parameter/configuration specifications within our company, such as the "Redis security configuration baseline." Upon reviewing these specifications, I discovered many rules originate...
From our Q2 2024 TI funding request reviews, common questions asked to submitted requests revolved around why the requested effort is beneficial to the project/broader OpenSSF ecosystem, and what the...
Model_transparency started as a SIG after https://github.com/ossf/ai-ml-security/issues/10 but since it produces code and specs it needs to be a project.
**Problem Statement** _Talent shortage of cybersecurity professionals_ Demand exceeds supply within the cybersecurity workforce, as cited by numerous statistics and studies in recent years [1](https://legal.thomsonreuters.com/blog/growing-threats-outpace-cybersecurity-workforce/) , [2](https://www.csoonline.com/article/657598/cybersecurity-workforce-shortage-reaches-4-million-despite-significant-recruitment-drive.html), [3](https://www.washingtonpost.com/politics/2021/08/02/cybersecurity-202-governments-facing-severe-shortage-cyber-workers-when-it-needs-them-most/)) leading to...
