- Public good: We believe the security of open source is a public good and as an industry we have an obligation to address it for the commonwealth of the community.
- Openness and Transparency: We commit to encouraging all interested stakeholders to participate in the foundation and its working groups. The foundation’s work will be made publicly available.
- Maintainers First: We approach the work of contributing to improving the security of open source software with a strong respect for open source maintainers and developers, with an intent to create resources and tooling to help scale security improvements to benefit the open source ecosystem as a whole.
- Diversity, Inclusion, and Representation: We work to actively invite and include people from a range of backgrounds, locations, identities, and perspectives, and promote a culture of mutual respect and inclusiveness as a requirement for participation
- Agility and Delivery: We work to deliver concrete and useful outputs and tools to help make open source more secure. We do so in a manner that enables us to learn from experience and experiment, and improve our outputs accordingly.
- Credit where credit is due: We commit to a culture where people’s contributions are recognized and acknowledged fairly.
- Neutrality: We don’t bias toward any ecosystem, vendor or platforms.
- Empathy: We recognize and understand each other’s challenges, perspective and circumstances. We commit to a culture of listening and caring for multiple opinions.