Skip to main content

OpenSSF Working Groups

Participating in Working Groups and their SIGs/projects is fun; it’s the best way to immerse yourself in OpenSSF and the critical challenges facing open source security today.

OpenSSF Working Groups are open to anyone.

Join the Community today!

 

Best Practices for Open Source Developers

Want to help drive open source security education or help develop best practices? We have a lot of projects and groups that are working towards these goals.

  • We envision a world where software developers can easily IDENTIFY good practices, requirements and tools that help them create and maintain secure world-class software, helping foster a community where security knowledge is shared and amplified.
  • We seek to provide means to LEARN techniques of writing and identifying secure software using methods best suited to learners of all types.
  • We desire to provide tools to help developers ADOPT these good practices seamlessly into their daily work.

Best: GitHub | Slack | Mailing List


Artificial Intelligence / Machine Learning (AI/ML) Security

We formed in September 2023 after the growing problem of AI/ML Security in open source. Join is to discuss the possible security impacts of AI / ML technologies on open source software, maintainers, communities, and their adopters, along with how OSS projects could safely or effectively leverage LLMs to improve their security posture.

AI: GitHub | Slack | Mailing List


Diversity, Equity, & Inclusion

We formed in December 2023 to help increase representation and strengthen the overall effectiveness of the cybersecurity workforce.

DEI: GitHub |Slack | Mailing List


End Users

We represent the interests of public and private sector organizations that primarily consume open source rather than produce it. Right now, we are focusing on threat modeling. Join us to see how threat modeling works and get your ideas in the current scope.

End Users: GitHub | Slack | Mailing List


Metrics & Metadata

We enable informed confidence in the security of OSS by collecting, curating, and communicating relevant metrics and metadata. Our WG has mostly projects that focus on the code to get this done.

M&M: GitHub | Slack | Mailing List


Securing Critical Projects

Wonder how critical OSS projects are selected? Then join us! We have progress reports every other week on each project/SIG so it is easy to jump in and get going.

Sec-Crit-Proj: GitHub | Slack | Mailing List


Securing Software Repositories

We provide a collaborative environment for aligning on the introduction of new tools and technologies to strengthen and secure software repositories. Our current project is Repository Service for TUF, join to learn more.

Sec-Soft-Repo: GitHub | Slack | Mailing List


Security Tooling

Our mission is to provide the best security tools for open source developers and make them universally accessible. We talk a lot about SBOMs currently.

Sec-Tool: GitHub | Slack| Mailing List


Supply Chain Integrity

We are helping people understand and make decisions on the provenance of the code they maintain, produce and use. We have great projects like GUAC, SLSA and gittuf that you can work with.

Supply-Ch-Int: GitHub | Slack | Mailing List


Vulnerability Disclosures

We are improving the overall security of the OSS ecosystem by helping advance vulnerability reporting and communication.

To enable OSS maintainers to easily issue VEX documents helping them lower the burden triaging vulnerability reports and communicating impact enable VEX feeds!

Vuln-Disc: GitHub | Slack | Mailing List


Learn how to Get Involved today!

Working Groups, Projects, & SIGs