OpenSSF Working Groups
Participating in Working Groups and their SIGs/projects is fun; it’s the best way to immerse yourself in OpenSSF and the critical challenges facing open source security today.
OpenSSF Working Groups are open to anyone.
Best Practices for Open Source Developers
Want to help drive open source security education or help develop best practices? We have a lot of projects and groups that are working towards these goals.
- We envision a world where software developers can easily IDENTIFY good practices, requirements and tools that help them create and maintain secure world-class software, helping foster a community where security knowledge is shared and amplified.
- We seek to provide means to LEARN techniques of writing and identifying secure software using methods best suited to learners of all types.
- We desire to provide tools to help developers ADOPT these good practices seamlessly into their daily work.
Artificial Intelligence / Machine Learning (AI/ML) Security
We formed in September 2023 after the growing problem of AI/ML Security in open source. Join is to discuss the possible security impacts of AI / ML technologies on open source software, maintainers, communities, and their adopters, along with how OSS projects could safely or effectively leverage LLMs to improve their security posture.
Diversity, Equity, & Inclusion
We formed in December 2023 to help increase representation and strengthen the overall effectiveness of the cybersecurity workforce.
Slack | NO UPDATE
Metrics & Metadata
We enable informed confidence in the security of OSS by collecting, curating, and communicating relevant metrics and metadata. Our WG has mostly projects that focus on the code to get this done.
Securing Critical Projects
Wonder how critical OSS projects are selected? Then join us! We have progress reports every other week on each project/SIG so it is easy to jump in and get going.
Securing Software Repositories
We provide a collaborative environment for aligning on the introduction of new tools and technologies to strengthen and secure software repositories. Our current project is Repository Service for TUF, join to learn more.
Our mission is to provide the best security tools for open source developers and make them universally accessible. We talk a lot about SBOMs currently.