openssf-wg-best-practices@lists.openssf.org | [openssf-tac] Proposal: OpenSSF TAC to resolve WG "home" for CII Best Practices badge project

Home Messages Hashtags Subgroups

Date Date 1 - 3 of 3

[openssf-tac] Proposal: OpenSSF TAC to resolve WG "home" for CII Best Practices badge project

David A. Wheeler #7 On Oct 12, 2020, at 10:57 AM, Dan Lorenc <dlorenc@...> wrote: i'm not sure we really reached a concrete plan here in the last TAC meeting. Does anyone have any feedback on my suggestions above? I want to make sure we unblock the decisions and give the WGs and the Badging program a clear path forward. I was at the last TAC meeting. Here’s my understanding of the plan: 1. Each WG will propose its scope; the TAC will review/tweak and eventually approve them. I imagine that will be a key topic on Oct 20. 2. The TAC will revisit the CII Best Practices badge location in its Nov 3 meeting (it will revisit 2-4 weeks after the last one, but since WG scopes will happen first, I don’t expect it to come up until Nov 3): - The hope was that having approved WG scopes (for at least Best Practices and Security Threats/metrics WGs) would make it easier for the TAC to make its decision. The decision might even be obvious from the approved scopes. - If at least one of those two WGs scopes haven’t been approved by then, I expect the TAC would delay until those two WG scopes are approved, & then revisit. Of course, my understanding could be wrong. --- David A. Wheeler
More All Messages By This Member
Kay Williams <kayw@...> #14 Hi all, My recommendation is to complete an analysis of the three related initiatives (Best Practices Badge, Security Metrics and Security Scorecards) before deciding on homes for any one of them. This analysis includes understanding the goals, user scenarios, requirements, and technology roadmap across all three. Once we have this understanding, we can then have a more reasoned discussion about what parts live in which working groups. Here is a link to the document where we are capturing this analysis. https://docs.google.com/document/d/1qoCnDW6eo17pZv09P114D07YpgFD45AEB0lgY8ixOyY/edit# Would it help to include members from the best practices group in these discussion to keep everyone on the same page? Kay toggle quoted message Show quoted text From: openssf-tac@... <openssf-tac@...> On Behalf Of Dan Lorenc via lists.openssf.org Sent: Monday, October 26, 2020 12:02 PM To: David A. Wheeler <dwheeler@...> Cc: openssf-wg-best-practices@...; openssf-tac@...; openssf-wg-security-threats@...; Michael Dolan <mdolan@...>; Chris Aniszczyk <caniszczyk@...>; Lindsay Gendreau <lmays@...>; Todd Benzies <tbenzies@...> Subject: Re: [openssf-tac] Proposal: OpenSSF TAC to resolve WG "home" for CII Best Practices badge project To circle back here again - in the TAC meeting last week I believe we discussed Kay writing up some of her thoughts on working group scopes before a vote. Kay, will you be able to share that soon? I'm still concerned the TAC hasn't given these working groups a clear answer or set of next steps yet. Dan Lorenc On Mon, Oct 12, 2020 at 11:50 AM David A. Wheeler <dwheeler@...> wrote: On Oct 12, 2020, at 10:57 AM, Dan Lorenc <dlorenc@...> wrote: > > i'm not sure we really reached a concrete plan here in the last TAC meeting. Does anyone have any feedback on my suggestions above? I want to make sure we unblock the decisions and give the WGs and the Badging program a clear path forward. I was at the last TAC meeting. Here’s my understanding of the plan: 1. Each WG will propose its scope; the TAC will review/tweak and eventually approve them. I imagine that will be a key topic on Oct 20. 2. The TAC will revisit the CII Best Practices badge location in its Nov 3 meeting (it will revisit 2-4 weeks after the last one, but since WG scopes will happen first, I don’t expect it to come up until Nov 3): - The hope was that having approved WG scopes (for at least Best Practices and Security Threats/metrics WGs) would make it easier for the TAC to make its decision. The decision might even be obvious from the approved scopes. - If at least one of those two WGs scopes haven’t been approved by then, I expect the TAC would delay until those two WG scopes are approved, & then revisit. Of course, my understanding could be wrong. --- David A. Wheeler
More All Messages By This Member
Kay Williams <kayw@...> #15 Is there a pressing need for an immediate TAC vote? I’m not aware, but I may be missing something. Generally, decisions like these are better resolved by the parties directly involved (members of the Best Practices and Identifying Security Threats WGs). toggle quoted message Show quoted text From: Dan Lorenc <dlorenc@...> Sent: Monday, October 26, 2020 1:16 PM To: Luke Hinds <lhinds@...> Cc: Kay Williams <kayw@...>; David A. Wheeler <dwheeler@...>; openssf-wg-best-practices@...; openssf-tac@...; openssf-wg-security-threats@...; Michael Dolan <mdolan@...>; Chris Aniszczyk <caniszczyk@...>; Lindsay Gendreau <lmays@...>; Todd Benzies <tbenzies@...> Subject: Re: [openssf-tac] Proposal: OpenSSF TAC to resolve WG "home" for CII Best Practices badge project I think I must have misunderstood, I thought we were waiting for a writeup of the WG scopes rather than of the three projects. I'd rather try to get this decision made than wait on a potentially longer-term reconciliation, especially with the Scorecards project. That one is brand new and I didn't intend for it to interfere with or delay any of the ongoing discussions. The CII Best Practices project has been around for a long time and is fairly well understood by everyone at this point, thanks to David's patient presentations :). I don't think we're realistically going to learn any more about it. I'll suggest we move this to a vote either in the meeting next week, or via email if we decide to cancel. Does that make sense? If anything, I'd prefer we discuss changes to the scopes of the working groups rather than the projects. My opinion is that the CII Best Practices Badge program aligns most closely with the Best Practices WG. Dan Lorenc On Mon, Oct 26, 2020 at 2:59 PM Luke Hinds <lhinds@...> wrote: On Mon, Oct 26, 2020 at 7:46 PM Kay Williams via lists.openssf.org <kayw=microsoft.com@...> wrote: Hi all, My recommendation is to complete an analysis of the three related initiatives (Best Practices Badge, Security Metrics and Security Scorecards) before deciding on homes for any one of them. This analysis includes understanding the goals, user scenarios, requirements, and technology roadmap across all three. Once we have this understanding, we can then have a more reasoned discussion about what parts live in which working groups. Here is a link to the document where we are capturing this analysis. https://docs.google.com/document/d/1qoCnDW6eo17pZv09P114D07YpgFD45AEB0lgY8ixOyY/edit# Would it help to include members from the best practices group in these discussion to keep everyone on the same page? Most certainly. Kay From: openssf-tac@... <openssf-tac@...> On Behalf Of Dan Lorenc via lists.openssf.org Sent: Monday, October 26, 2020 12:02 PM To: David A. Wheeler <dwheeler@...> Cc: openssf-wg-best-practices@...; openssf-tac@...; openssf-wg-security-threats@...; Michael Dolan <mdolan@...>; Chris Aniszczyk <caniszczyk@...>; Lindsay Gendreau <lmays@...>; Todd Benzies <tbenzies@...> Subject: Re: [openssf-tac] Proposal: OpenSSF TAC to resolve WG "home" for CII Best Practices badge project To circle back here again - in the TAC meeting last week I believe we discussed Kay writing up some of her thoughts on working group scopes before a vote. Kay, will you be able to share that soon? I'm still concerned the TAC hasn't given these working groups a clear answer or set of next steps yet. Dan Lorenc On Mon, Oct 12, 2020 at 11:50 AM David A. Wheeler <dwheeler@...> wrote: On Oct 12, 2020, at 10:57 AM, Dan Lorenc <dlorenc@...> wrote: > > i'm not sure we really reached a concrete plan here in the last TAC meeting. Does anyone have any feedback on my suggestions above? I want to make sure we unblock the decisions and give the WGs and the Badging program a clear path forward. I was at the last TAC meeting. Here’s my understanding of the plan: 1. Each WG will propose its scope; the TAC will review/tweak and eventually approve them. I imagine that will be a key topic on Oct 20. 2. The TAC will revisit the CII Best Practices badge location in its Nov 3 meeting (it will revisit 2-4 weeks after the last one, but since WG scopes will happen first, I don’t expect it to come up until Nov 3): - The hope was that having approved WG scopes (for at least Best Practices and Security Threats/metrics WGs) would make it easier for the TAC to make its decision. The decision might even be obvious from the approved scopes. - If at least one of those two WGs scopes haven’t been approved by then, I expect the TAC would delay until those two WG scopes are approved, & then revisit. Of course, my understanding could be wrong. --- David A. Wheeler
More All Messages By This Member

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms