tac
tac copied to clipboard
ossf
Technical Advisory Council
This document provides an update on the activities and discussions of the Vulnerability Disclosures Working Group for Q4 2025, including proposals for standardizing vulnerability reporting and addressing challenges in the...
Best Practices WG Update to the TAC - Q4 2025
### Technical Initiative Supply-chain Levels for Software Artifacts (SLSA) Project ### Lifecycle Phase Incubation ### Funding amount 50000 ### Problem Statement With the release of the SLSA Source Track specification...
### Technical Initiative Supply-chain Levels for Software Artifacts (SLSA) Project ### Lifecycle Phase Incubation ### Funding amount $50,000 ### Problem Statement The current SLSA reference tooling, specifically [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) and [slsa-verifier](https://github.com/slsa-framework/slsa-verifier),...
### Technical Initiative Sigstore ### Lifecycle Phase Graduated ### Funding amount $96,000 ### Problem Statement Sigstore allows signers to audit how they sign artifacts such as binaries, containers and attestations,...
### Technical Initiative SLSA ### Lifecycle Phase Incubating ### Funding amount $300 for 2 quarters of cloud usage ### Problem Statement The SLSA BuildEnv track extends build integrity requirements of...
CVE-BIN is being onboarded to OpenSSF. Could we please have their license scanned as part of their application? Repo: https://github.com/intel/cve-bin-tool License: [GPLv3](https://github.com/intel/cve-bin-tool?tab=GPL-3.0-1-ov-file) cc @jeffcshapiro
As of September 24, the SCI Working Group has existed without a Chair. On October 8, Michael Lieberman and I facilitated a discussion of revamping the focus and priorities of...
