The most up-to-date version of the Charter can be found in the Sample Member Participation Agreement.
The Open Source Security Foundation Charter
As Amended 9 November 2023
As Amended 9 November 2023
1) Mission and Scope of the Open Source Security Foundation.
a) The purpose of the Open Source Security Foundation (the “OpenSSF”) is to inspire and enable the community to secure the open source software we all depend on, including development, testing, fundraising, infrastructure, and support Technical Initiatives. Participation in Technical Initiatives will be open to anyone, regardless of membership.
b) Technical Initiatives may join or be established under the Technical Advisory Council (the “TAC”). The OpenSSF raises funds to support the Technical Initiatives. The OpenSSF operates under the guidance of the Governing Board of the OpenSSF (the “Governing Board”) and The Linux Foundation (the “LF”) as may be consistent with The Linux Foundation’s tax-exempt status.
c) The Governing Board manages the OpenSSF. The OpenSSF will also have Committees that may be established by the Governing Board. Committees report to the Governing Board.
2) Membership.
a) The OpenSSF will be composed of Premier, General, and Associate Members (each, a “Member” and, collectively, the “Members”, or, alternatively, “OpenSSF Member” and “OpenSSF Members”, respectively) in Good Standing. All OpenSSF Members must be current corporate members of the LF (at any level) to participate in the OpenSSF as a OpenSSF Member. All participants in the OpenSSF enjoy the privileges and undertake the obligations described in this Charter, as from time to time amended by the Governing Board with the approval of the LF. During the term of their membership, all OpenSSF Members will comply with all such policies as the LF Board of Directors and/or the OpenSSF may adopt with notice to members.
b) Premier Members will be entitled to appoint a representative to the Governing Board and any Committee.
c) General Members, acting as a class, will be entitled to annually elect one representative to the Governing Board for every ten General Members, up to a maximum of three representatives, provided that there will always be at least one General Member representative, even if there are less than ten General Members. The Governing Board determines the election process.
d) The Associate Member category of OpenSSF Membership is limited to Associate Members of The Linux Foundation. The Governing Board may establish additional criteria for joining the OpenSSF as an Associate Member. If the Associate Member is a membership organization, Associate Membership in the OpenSSF does not confer any benefits or rights to the members of the Associate Member.
e) OpenSSF Members will be entitled to:
i) participate in OpenSSF general meetings, initiatives, events and any other activities; and
ii) identify themselves as members of the OpenSSF and have their logo or name displayed on materials denoting the OpenSSF Members.
3) Governing Board
a) The OpenSSF Governing Board membership will consist of:
i) one primary representative appointed by each Premier Member, who may also delegate authority to an alternate representative; both primary and alternate representatives may attend each meeting;
ii) the elected General Member representative or representatives per section 2.c, and in the event of a vacancy the Governing Board may appoint the candidate with the next highest vote total in the most recent election to serve the remainder of the term;
iii) one TAC Representative (as defined herein) or an alternative representative as designated by the TAC with reasonable prior notice to the Chair of the Governing Board;
iv) one Associate Member Representative elected by the Governing Board, in the event of a vacancy the Governing Board may appoint the candidate with the next highest vote total in the most recent election to serve the remainder of the term; and
v) one Security Community Individual Representative (SCIR) elected by contributors to Technical Initiatives (TI), in the event of a vacancy the Governing Board may appoint the candidate with the next highest vote total in the most recent election to serve the remainder of the term.
b) The Associate Member and Security Community Individual Representative will serve a renewable one-year term coinciding with the regular annual OpenSSF General Member and TAC elections, respectively.
c) The TAC Representative shall be the chairperson of the TAC.
d) The representatives appointed by Premier Members, elected by General Members, and the Associate Member Representative each represent their respective Member organizations and may be replaced by their Member organization.
e) Conduct of Meetings
i) Governing Board meetings will be limited to the Governing Board representatives, designated alternatives, invited guests and LF staff.
ii) Governing Board meetings follow the requirements for quorum and voting outlined in this Charter.
iii) The Governing Board meetings will be private unless decided otherwise by the Governing Board. The Governing Board may invite guests (e.g. committee chairpersons) to participate in consideration of specific Governing Board topics (but such guests may not participate in any vote on any matter before the Governing Board). The Governing Board may choose to hold open, community meetings at its discretion.
f) Officers
i) The officers (“Officers”) of the OpenSSF Governing Board will be a Chairperson (“Chair”). Additional Officer positions may be created by the Governing Board.
ii) Officers will assist any OpenSSF staff with execution objectives and priorities that will further the OpenSSF mission.
iii) The Chair will preside over meetings of the Governing Board, and will submit minutes for Governing Board approval.
iv) Officers will serve for a period of one year until their successors are elected and qualified.
g) The Governing Board will be responsible for overall management of the OpenSSF, including:
i) approve procedures for the nomination and election of any representative to the Governing Board and any Officer or other positions created by the Governing Board;
ii) Establish any criteria for organizations to become Associate Members of the OpenSSF;
iii) oversee all OpenSSF business and community outreach matters and work with the LF on any legal matters that arise;
iv) adopt and maintain policies or rules and procedures for the OpenSSF (subject to LF approval);
v) nominate and elect Officers of the OpenSSF Governing Board;
vi) establish advisory bodies, committees, programs or councils to support the mission of the OpenSSF and/or its Technical Initiatives;
vii) approve a budget directing the use of funds raised by the OpenSSF from all sources of revenue for the OpenSSF;
viii) approve directed fundraising proposals for specific Technical Initiatives that will raise and spend funds within the Working Group or Project;
ix) establish any conformance programs and solicit input (including testing tools) from the applicable governance body of any Technical Initiative for defining and administering any programs related to conformance with any Technical Initiative (each, a “Conformance Program”);
x) facilitate crowdfunding opportunities in support of OpenSSF Technical Initiatives; and
xi) vote on all decisions or matters coming before the Governing Board.
x) create and maintain a Governing Board Policies and Procedures to document committee creation, as well as clarify other helpful operations.
4) Intellectual Property Policy
a) Unless otherwise approved by the Governing Board, each Technical Initiative supported by OpenSSF may accept contributions and release deliverables licensed according to the following:
i) Software source code
(1) Apache License, Version 2.0, available at https://www.apache.org/licenses/LICENSE- 2.0; or
(2) MIT License available at https://opensource.org/licenses/MIT;
ii) Data
(1) Any of the Community Data License Agreements, available at https://www.cdla.io;
iii) Specifications
(1) Community Specification License, Version 1.0, available at https://github.com/CommunitySpecification/1.0
iv) All other Documentation
(1) Creative Commons Attribution 4.0 International License, available at https://creative commons.org/licenses/by/4.0/.
b) Technical Initiatives will require that all new inbound source code contributions must also be accompanied by a Developer Certificate of Origin (https://developercertificate.org) sign-off in the source code system that is submitted through a TAC-approved contribution process which will bind the authorized contributor and, if not self-employed, their employer to the applicable license;
c) A Technical Initiative may seek to integrate and contribute back to other open source projects (“Upstream Projects”). In such cases, the Technical Initiative will conform to all license requirements of the Upstream Projects, including dependencies, leveraged by the Technical Initiative. Upstream Project code contributions not stored within the Technical Initiative’s main code repository will comply with the contribution process and license terms for the applicable Upstream Project.
5) Technical Advisory Council (TAC)
a) The TAC will be composed of six (6) representatives elected annually by all active contributors to Technical Initiatives and three (3) representatives appointed by the Governing Board. The terms of the 3 representatives appointed by the Governing Board are for 1 year. The terms of the 6 elected representatives are for 2 years, in 2 groups staggered so that each year 3 terms expire. For that purpose, on the first year (2024), 3 members will be randomly selected to serve for a single year. If any TAC elected representative seat is vacant and more than 90 days remain until the next election, the Governing Board may fill such vacancy by appointing the candidate with the next highest vote total in the most recent election to serve the remainder of the term of the vacant seat.
b) OpenSSF Members that are part of a group of Related Companies (as defined in Section 8) may have no more than two voting representatives on the TAC.
c) The role of the TAC is to structure and facilitate collaboration among the Technical Initiatives. The TAC will be responsible for:
i) developing an overall technical vision for the community;
ii) approving, establishing, structuring, organizing, and archiving Technical Initiatives;
iii) creating, maintaining and amending the policies and procedures for Technical Initiative onboarding and communications with the TAC;
iv) working with the Technical Initiatives to identify any resource or funding requirements and prioritizing recommendations to the Governing Board;
v) facilitating crowdfunding opportunities in support of OpenSSF Technical Initiatives;
vi) annually electing a chairperson to preside over meetings, set the agenda for meetings, ensure meeting minutes are taken, and who will also serve on the Governing Board as the TAC’s representative (the “TAC Representative”); and
vii) coordinating such other technical community matters related to the success of Technical Initiatives and the mission of the OpenSSF
d) The TAC will document Policies and Procedures, including expected roles and responsibilities, to fulfill the technical objectives of the Foundation.
6) Voting
a) Quorum for Governing Board will require at least fifty percent of the members in good standing. If advance notice of the meeting has been given per normal means and timing, with at least seven (7) days notice for meetings to make ordinary decisions, the meeting may continue to meet even if quorum is not met, but will be prevented from voting on any decisions at the meeting.
i) A Governing Boarding member as defined in section 3, must have had a representative attend 50% of Governing Board meetings within the annual membership agreement, as applicable, in order to vote within a Governing Board meeting.
b) Ideally decisions will be made based on consensus. If, however, any decision requires a vote to move forward, the voting representatives will vote on a one vote per voting representative basis.
c) Except as provided in Section 15.a. or elsewhere in this Charter, decisions by vote at a meeting will require a simple majority vote, provided quorum is met. Except as provided in Section 15.a. or elsewhere in this Charter, decisions by electronic vote without a meeting will require a simple majority of all voting representatives. For resolutions that do not propose Charter language changes, in an electronic vote after one week, in the absence of a simple majority, a “lazy consensus” will be used to default approval of the proposing committee’s recommendations.
d) In the event of a tied vote with respect to an action that cannot be resolved by the TAC, the TAC Representative may refer the matter to the Governing Board. In the event of a tied vote with respect to an action that cannot be resolved by the Governing Board, the chairperson may refer the matter to the LF for assistance in facilitating a decision.
e) If the election of any of the TAC Representative, Associate Member Representative, or Security Community Individual Representative would result in a group of Related Companies having three votes, the respective role will be non-voting.
f) If more than two representatives on the Governing Board are employed by the same Member or by a group of Related Companies (as defined in Section 8), those members will have their number of votes limited to two votes across all Related Companies.
7) Subsidiaries and Related Companies
a) Definitions:
i) “Subsidiaries” means any entity in which a Member owns, directly or indirectly, more than fifty percent of the voting securities or voting membership interests of the entity in question;
ii) “Related Company” means any entity which controls or is controlled by a Member or which, together with a Member, is under the common control of a third party, in each case where such control results from ownership, either directly or indirectly, of more than fifty percent of the voting securities or voting membership interests of the entity in question; and
iii) “Related Companies” are entities that are each a Related Company of a Member.
b) Only the legal entity which has executed a Participation Agreement and its Subsidiaries will be entitled to enjoy the rights and privileges of such OpenSSF Membership.
c) If a OpenSSF Member is itself a foundation, association, consortium, open source project, membership organization, user group or other entity that has members or sponsors, then the rights and privileges granted to such OpenSSF Member will extend only to the employee- representatives of such OpenSSF Member, and not to its members or sponsors, unless otherwise approved by the Governing Board in a specific case.
d) OpenSSF Membership is non-transferable, non-salable and non-assignable, except an OpenSSF Member may transfer its current OpenSSF Membership benefits and obligations to a successor of substantially all of its business or assets, whether by merger, sale or otherwise; provided that the transferee agrees to be bound by this Charter and the Bylaws and policies required by LF membership.
8) Good Standing
a) The Linux Foundation’s Good Standing Policy is available at https://www.linuxfoundation.org/good-standing-policy and will apply to Members of the OpenSSF.
9) Trademarks
a) Any trademarks relating to the OpenSSF or a Technical Initiative, including without limitation any mark relating to any Conformance Program, must be transferred to and held by the Linux Foundation or one of its affiliates and available for use pursuant to the trademark usage policy of the Linux Foundation (available at https://www.linuxfoundation.org/trademark-usage) or such affiliate.
10) Antitrust Guidelines
a) All Members must abide by The Linux Foundation’s Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy.
b) All Members must encourage open participation from any organization able to meet the membership requirements, regardless of competitive interests. Put another way, the Governing Board will not seek to exclude any member based on any criteria, requirements or reasons other than those that are reasonable and applied on a non-discriminatory basis to all members.
11) Budget
a) The Governing Board will approve an annual budget and never commit to spend in excess of funds raised. The budget and the purposes to which it is applied must be consistent with both (i) the non-profit and tax-exempt mission of the Linux Foundation and (ii) the aggregate goals of the Technical Initiatives.
b) The Linux Foundation will provide the Governing Board with regular reports of spend levels against the budget. Under no circumstances will the Linux Foundation have any expectation or obligation to undertake an action on behalf of the OpenSSF or otherwise related to the OpenSSF that is not covered in full by funds raised by the OpenSSF.
c) In the event an unbudgeted or otherwise unfunded obligation arises related to the OpenSSF, the Linux Foundation will coordinate with the Governing Board to address gap funding requirements.
12) General & Administrative Expenses
a) The Linux Foundation will have custody of and final authority over the usage of any fees, funds and other cash receipts.
b) A General & Administrative (G&A) fee will be applied by the Linux Foundation to funds raised to cover membership records, finance, accounting, and human resources operations. The G&A fee will be 9% of the OpenSSF’s first $1,000,000 of gross receipts each year and 6% of the OpenSSF’s gross receipts each year over $1,000,000. Individual Technical Initiative funding arrangements may be setup under alternative arrangements by approval of the Governing Board and the Linux Foundation.
13) General Rules and Operations. The OpenSSF activities must:
a) engage in the work of the project in a professional manner consistent with maintaining a cohesive community, while also maintaining the goodwill and esteem of the Linux Foundation in the open source community;
b) respect the rights of all trademark owners, including any branding and usage guidelines;
c) engage or coordinate with the Linux Foundation on all outreach, website and marketing activities regarding the OpenSSF or on behalf of any Technical Initiative that invoke or associate the name of any Technical Initiative or the Linux Foundation; and
d) operate under such rules and procedures as may be approved by the Governing Board and confirmed by the Linux Foundation.
14) Amendments
a) This Charter may be amended by a simple majority vote of Governing Board members in good standing per section 7.a.i, and subject to approval by The Linux Foundation.