By Yesenia Yser
Overview
Hands-on experience and contributions to open source software (OSS) projects are a major advantage for obtaining a job in software engineering (SWE) and/or cybersecurity. At the same time, mentoring and coaching experiences are increasingly viewed as important leadership skills in tech jobs. Programs like the LFX Mentorship are one way to offer these experiences and opportunities.
A core goal of the OpenSSF BEAR working group (WG) is to empower underrepresented individuals seeking opportunities in the cybersecurity workforce. Combining our powers with OpenSSF and Linux Foundation (LFX) mentorship program as a sponsor, the BEAR WG has partnered with RSTUF and GITTUF projects for the Summer 2025 OpenSSF Mentorship program.Â
The program will run from June through August and will offer a small stipend to mentees. Applications are open until Sunday May 18, 2025.
Why are we hosting mentorships?
Students and individuals from underrepresented groups often do not have the expertise to start their own projects or the resources for relevant coursework to boost the skills they need to enter the cybersecurity workforce. Cybersecurity/OSS professionals may not be able to easily find opportunities to mentor and coach others in the field through their employer, or may wish to broaden the scope of their experience.
This is our way to give back to the community and support the open source maintainers, the open source ecosystem, and the incoming subject matter expertises.
What projects are available for the summer?
Repository Service for TUF (RSTUF)
Purpose
The purpose of this project is to enhance the (Repository Service for TUF RSTUF) implementation by tackling critical areas that would significantly improve its functionality, scalability, and ease of adoption. RSTUF is designed to manage content distribution efficiently using the TUF (The Update Framework), but it currently has areas where improvements in delegation flexibility, performance, testing, and documentation are needed. This project will allow RSTUF to handle larger and more complex scenarios, while providing an improved experience for both developers and adopters.
Goal
Enable succinct hash-bin delegations within custom delegations: Enhance the flexibility of RSTUF’s delegation model to allow for more fine-grained delegation control.
Improve performance on the online role bumping process: Optimize the process of updating large numbers of delegated roles to improve scalability, especially in environments where there are many roles to manage.
Enhance the developer experience by improving functional tests: Improve the effectiveness, reusability, and performance of the functional tests that ensure RSTUF’s features work across releases.
Improve documentation to facilitate easier adoption: Enhance the user-facing documentation to make it clearer, more comprehensive, and more accessible for new adopters, thus accelerating the onboarding process.
Resource links
Mentorship Application: Apply here
Slack channel: #repository-service-tuf
GitHub: https://github.com/repository-service-tufÂ
Gittuf
Purpose
gittuf is a security layer for Git repositories, allowing for a security policy to be applied independently of the service the repository may be hosted on (e.g. GitHub, Gitlab, Bitbucket, etc…). The purpose of this project is to improve gittuf in several domains, such as functionality, usability, and ease of access for new users.
Goal
Build a tool to help with visualization of gittuf’s metadata: gittuf uses metadata inspired by The Update Framework (TUF). While there is functionality in gittuf to examine its metadata, a visualization tool would help with understanding how gittuf’s metadata is structured, especially for new users and complex policies.
Enable temporary/time-limited approvals: There may be cases when a developer may need to exercise some discretionary authority and approve something in violation of the policy (e.g. a critical security patch at 4am may not be able to be approved by the full team required in policy). Adding approvals that will satisfy the policy for some duration of time (but not infinitely) would serve to improve this aspect of gittuf.
Resource links
Mentorship Application: Apply here
Slack channel: #gittuf
GitHub: https://github.com/gittuf/gittuf
Top of mind
Are you passionate about open source and eager to contribute to impactful projects? Our mentorship program is designed to guide you through the process, from application to interview, and help you develop the right mindset for success. Here are five essential tips to get you started:
- Understand the Requirements
Before applying, make sure you thoroughly read the program guidelines and requirements. Familiarize yourself with the project’s goals, the skills needed, and the expected commitment. This will help you tailor your application to highlight your strengths and align with the project’s needs. Feel free to reach out to the project specific slack channel with any questions.
- Craft a Compelling Application
Your application is your first impression. Focus on showcasing your relevant experience, skills, and enthusiasm for the project. Be specific about your contributions to previous projects (professional, academic, or curiosity) and how they relate to the mentorship program. Avoid submitting a non personalized. GenAI writeup. A well-crafted and personalized application can set you apart from other candidates.
- Prepare for the Initial Conversation with Mentor
Before your first conversation with your mentor, take some time to understand the project’s problem statement—what challenge is it trying to solve, and why does it matter? Spend a bit of time reviewing the open source project itself: browse through the README, issues, and contribution guidelines to get a sense of how the community works and what’s currently being built. Be ready to talk about your technical skills and how you’ve approached solving problems in the past, even if you’re still learning. Most importantly, come with a curious mindset. It’s completely okay not to know everything—mentorship is about growth. Asking thoughtful questions shows your commitment to learning and contributes to building a strong, collaborative relationship from the start.
- Leverage Available Resources
Take advantage of the resources provided by the mentorship program. This might include documentation, tutorials, and community forums. Engaging with these resources can deepen your understanding of the project and demonstrate your proactive approach to learning.
- Adopt a Growth Mindset
Approaching the application process with a growth mindset is crucial. Be open to feedback and view challenges as opportunities for growth. Remember, the mentorship program is not just about what you already know, but about what you can learn and how you can contribute to the community.
Conclusion
We are thrilled to launch our Open Source Project Mentorship Program and invite passionate individuals to apply. This program is an excellent opportunity to enhance your skills, collaborate with experienced mentors, and make meaningful contributions to the open source community. Remember, the journey from application to interview is a learning experience in itself. By understanding the requirements, crafting a compelling application, preparing thoroughly, leveraging available resources, and adopting a growth mindset, you can set yourself up for success.
We look forward to seeing your applications and welcoming you to our vibrant community. Together, let’s build something amazing!
About the Author
Born and raised in Miami, Yesenia is a first generation Cuban American paving the way to “awaken the warrior spirit within us all’ – protecting us in both the digital and the physical world. As a cybersecurity expert, Yesenia has managed global crises with the unique skill set she’s gained as a practitioner and instructor in Brazilian Jiu Jitsu.
She’s helped Fortune 100 companies strategize their software supply chain security risks and initiatives. Currently, she is empowering the world with changes for AI Security and Open Source Software at Microsoft.Â