Category

Blog

OpenSSF Public Town Hall – November 9 2020, 10am Pacific

By Blog

Please join us for the first-ever OpenSSF Town Hall Meeting on November 9, 2020 from 10 AM to 12 PM Pacific Time (US and Canada).

In this meeting, we will share updates and celebrate accomplishments during the first three months of the project. Attendees will hear from the Governing Board, Technical Advisory Council, and Working Group leads, have an opportunity for Q+A, and learn more about how to get involved in the project. Click here to register.

Agenda

  • Welcome and Overview
  • What’s Happening
    • Governing Board and Planning Committee
    • Technical Advisory Council
    • Working Groups
      • Identifying Security Threats – security metrics for open source projects
      • Security Tooling – state of the art, globally accessible security tools
      • Best Practices – awareness and education of security best practices
      • Vulnerability Disclosures – efficient vulnerability reporting and remediation
      • Digital Identity Attestation – ensuring the provenance of open source code
      • Securing Critical Projects – hands-on help for critical open source projects
  • Discussion + Q&A

This is a public meeting and everyone is welcome!  Please register using the link below to receive a  confirmation email with an option to add the meeting to your personal calendar.

http://bit.ly/OpenSSFTownHall

We are actively seeking individuals and companies to join us and get involved in securing the open source ecosystem. The town hall meeting is a great opportunity for those not currently involved to learn more about the work we are doing at OpenSSF and how to become a part of it!

We hope to see you there!

OpenSSF seeks Security Community Individual Representative for Governing Board

By Blog

The Open Source Security Foundation (OpenSSF) is accepting nominations for the Security Community Individual Representative seat on our Governing Board. The nomination period is open until October 23 2020, after which voting will occur, to conclude on November 5 2020. In this post, we would like to provide some additional information about the role, including its’ activities and our rationale behind creating this position. At the bottom of the post, we share a link where nominations can be submitted, as well as contact information.

What is OpenSSF?
The OpenSSF is a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by building a broader community, targeted initiatives, and best practices. Current initiatives are linked to from our GitHub page.

The OpenSSF was established on the premise that security researchers need a mechanism to allow them to collaboratively address methods needed to secure the open source supply chain. It recognizes that security researchers across the globe within organizations have common interests and concerns. OpenSSF facilitates sustained dialogue and project work among private entities, foundations/nonprofits, individual contributors, and academia.

What is involved in serving on the OpenSSF Governing Board?
Governing Board members are responsible for the overall organization and funding of the OpenSSF.  Some activities in which they participate include things like:

  • establishing criteria for membership and dues
  • overseeing business and community outreach
  • adopting and maintaining policies and procedures
  • establishing advisory bodies, committees, programs and councils to support the mission of the OpenSSF
  • approving a budget and fundraising proposals
  • publishing use cases, user stories, websites and priorities to help inform the ecosystem and technical community
  • voting on all decisions or matters coming before the Governing Board

Governing Board (GB) members typically spend 2-3 hours per month preparing for and attending a monthly Governing Board meeting. Many GB members choose to spend additional time in Governing Board related committees which could include strategy, finance, and communications committees.

Like all Governing Board seats, the Security Community Individual Representative seat is unpaid and is held on a volunteer basis, generally as a complement and component of an individual’s primary employment within the industry. As outlined in Section 3 of the OpenSSF Charter, the Security Community Individual Representative will serve a one year term (i.e.: until August 2021), coinciding with the OpenSSF Member Representative elections.

More details about the Governing Board and general organization and operations of OpenSSF are available in the OpenSSF Charter, which should be considered the authoritative document about this role.

Additional OpenSSF governance information can be found on GitHub.

Rationale for Security Community Individual Representative Governing Board seat

When drafting the original Charter for OpenSSF, one thing we were keen on was the prompt introduction of dedicated seats to diversify the perspectives and professional experiences of our Governing Board. Ultimately this included adding and reserving a seat for a representative from a Nonprofit organization or Academia (“Associate Member Representative”), as well as adding and reserving a seat for an individual from the broader technical community who could help bring further perspective (“Security Community Individual Representative”).

Perhaps a bit of a misnomer, the “Security Community Individual Representative” is a dedicated seat for an individual from the open source software maintainer community and/or the security community.

We envisioned that such a seat would be filled by a nominee who showed a longtime dedication to the open source software ecosystem and/or is someone from the security community who has expertise in areas like application security and vulnerability management. We imagined that such a candidate probably would not work at any of the organizations of which the founding members of the OpenSSF GB are members/employees, is likely to have played a fundamental role in the development and maintenance of one or more large or critical open source projects, and/or has worked on securing software at scale through research, engineering, or other security roles, and could help us to ensure that decisions we make and security initiatives we support are a net positive for maintainers, their projects, and the OSS ecosystem. The intention behind the role was to better represent the range of perspectives, backgrounds, needs, and motivations amongst OSS maintainers and security researchers, including individual contributors, and to ensure that a person with this viewpoint would have a dedicated “seat at the table” within OpenSSF governance to help us broaden the range of feedback, ideas, and expertise that would be represented at the Governing Board level.

It should be noted that these are merely some suggested criteria, and anyone who feels they would make a great community rep for an organization focusing on OSS and security is warmly welcomed to apply. By no means are the items listed above a hard requirement for nomination

Submit your nomination
Nominations for the Security Community Individual Representative seat will be open until October 23 2020, and voting will take place until November 5 2020. See nomination instructions below. Once the nomination period closes, voting will be open to members of the openssf-announcements@lists.openssf.org mailing list. Click here to sign up for an OpenSSF mailing list.

Nominations (including self-nomination) can be submitted to the form below (Due October 23rd 2020):
https://docs.google.com/forms/d/e/1FAIpQLSd61bqfR_siMDvWlCC4s3jKxaVAVbOIIrt9_EwDqZ23VPmMlQ/viewform

Questions and Feedback
To share feedback with the OpenSSF Governing Board, please complete this quick form. Additionally, learn more about how to get involved here.

[Editor’s note: This post was updated October 7 2020 to add clarifying language around desirable qualities for a nominee]