Skip to main content

📣 Submit your proposal: OpenSSF Community Days: Europe, Korea | Open Source SecurityCon

search

OpenSSF Working Groups

OpenSSF Working Groups are open to everyone!

Participating in working groups and their sigs/projects is the best way to immerse yourself in OpenSSF and the critical challenges facing open source security today.

Join the community today!

Best Practices for Open Source Developers

Want to help drive open source security education or help develop best practices? We have a lot of projects and groups that are working towards these goals.

  • We envision a world where software developers can easily IDENTIFY good practices, requirements and tools that help them create and maintain secure world-class software, helping foster a community where security knowledge is shared and amplified.
  • We seek to provide means to LEARN techniques of writing and identifying secure software using methods best suited to learners of all types.
  • We desire to provide tools to help developers ADOPT these good practices seamlessly into their daily work.

Best: GitHub | Slack | Mailing List

Artificial Intelligence / Machine Learning (AI/ML) Security

We formed in September 2023 after the growing problem of AI/ML Security in open source. Join is to discuss the possible security impacts of AI / ML technologies on open source software, maintainers, communities, and their adopters, along with how OSS projects could safely or effectively leverage LLMs to improve their security posture.

AI: GitHub | Slack | Mailing List

BEAR (Belonging, Empowerment, Allyship, and Representation)

We formed in December 2023 to help increase representation and strengthen the overall effectiveness of the cybersecurity workforce.

BEAR: GitHub |Slack | Mailing List

Global Cyber Policy

Seeks to assemble subject matter experts from many disciplines to collaboratively discuss legislation, regulation, and cybersecurity frameworks and standards that can help stakeholders of all backgrounds meet their compliance obligations.

Global-Cy: GitHub | Slack | Mailing List

Securing Critical Projects

Wonder how critical OSS projects are selected? Then join us! We have progress reports every other week on each project/SIG so it is easy to jump in and get going.

Sec-Crit-Proj: GitHub | Slack | Mailing List

Securing Software Repositories

We provide a collaborative environment for aligning on the introduction of new tools and technologies to strengthen and secure software repositories. Our current project is Repository Service for TUF, join to learn more.

Sec-Soft-Repo: GitHub | Slack | Mailing List

Security Tooling

Our mission is to provide the best security tools for open source developers and make them universally accessible. We talk a lot about SBOMs currently.

Sec-Tool: GitHub | Slack| Mailing List

Supply Chain Integrity

We are helping people understand and make decisions on the provenance of the code they maintain, produce and use. We have great projects like GUAC, SLSA and gittuf that you can work with.

Supply-Ch-Int: GitHub | Slack | Mailing List

Vulnerability Disclosures

We are improving the overall security of the OSS ecosystem by helping advance vulnerability reporting and communication.

To enable OSS maintainers to easily issue VEX documents helping them lower the burden triaging vulnerability reports and communicating impact enable VEX feeds!

Vuln-Disc: GitHub | Slack | Mailing List

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get Involved
Close Menu