Reminder: the "Complete Concise Guides (Developing Secure, Evaluating OSS)" will meet August 26, 2-4pm US Eastern Time. See the OpenSSF calendar. The current drafts are here: https://docs.google.com/d

If you're interested in joining the breakout group to complete the two concise guides, please fill out this Doodle poll: https://doodle.com/meeting/participate/id/dwjPlBRb We will work to complete the

FYI: I reordered the items in "Concise Guide for Developing More Secure Software" <https://docs.google.com/document/d/16jUqTEFG-wscZUGR-NGa_3a81GF3YILtH9XgOSkLCTM/edit#> to match the proposed order di

Dear all, If you're interested in participating in the OpenSSF Office hours, please fill in the following form. This time we are aiming at September dates after OSS-EU. In addition to the doodle-like

Team – THANK YOU for all the amazing collab so far. Due to all of YOUR hard work we have reached the next milestone of our efforts – we are now ready to start fleshing out the skeleton of our plan(1),

All, FYI, I just posted an opinion piece (by me) in TEISS titled "The missing ingredient in software security: grassroots education" https://www.teiss.co.uk/news/the-missing-ingredient-in-software-sec

I propose tweaking the "fundamentals" course with text to recommend *not* revealing the presence/absence of email addresses in account creation & password resets. Here's the proposed text: > * If a us

FYI: In the Best Practices badge application ("BadgeApp"), we no longer reveal if a local email address exists when someone tries to create a local account. Details below. Thanks! --- David A. Wheeler

Hello all. Attached is a PDF copy of the WG update I gave today in the TAC. If anyone has any questions or comments, please let me know! Cheers, CRob Director of Security Communications Intel Product

Hello everyone. A reminder to our subproject leads that tomorrow, Tuesday the 9th, our working group is giving a read-out of activities/achievements to the TAC. If you are interested in sharing the am

Team – We have been asked to provide an update to the OSSF TAC about our recent achievements and activities for their 9Aug call. I have started a brief slide deck(1) for that meeting. Can I please get

Hi folks, The OSSF Scorecard team released a beta version of it's GitHub Action - https://github.com/ossf/scorecard-action/releases/tag/v2.0.0-beta.1. The new release adds support for Scorecard GitHub

Hello all, There have been a number of people interested in the OpenSSF Office Hours, thank you! As discussed, here is a doodle poll for the first two sessions of the Office hours, for your availabili

Hello all (cross-posting to both groups as people from both were interested in participating) With the help of some of you, I have been working on the initial plan for the first sessions of the Office

The new Education SIG is trying to do a survey of existing educational materials on "secure development practices, modern code management, deployment methodologies, selecting software components (as a

The "One-page Guide for Developing More Secure Software" is nearing completion! Does anyone have any last-minute proposals/changes? We walked through all high-level comments at the meeting today. Afte

Greetings Open Source Friends – On behalf of the OSSF’s Developer BEST Practices Working Group(1) I am pleased to announce that we will be adopting Stream 1 from the OSSF Mobilization Plan(2) into a n

Working Group Report 24May2022 WG Name: OSS Developer BEST Practices WG Git Repo: https://github.com/ossf/wg-best-practices-os-developers WG Meeting Notes: gdoc WG Lead(s): CRob & Xavier WG Members: 1

OSS Friends – I am pleased to announce that the OSSF’s Developer BEST Practices Working Group has agreed to be stewards of the OpenSSF’s Security Mobilization Plan – Stream 1 (“Deliver Baseline Secure

Hi all, As some of you may know we're keen to expand the international side of OpenSSF, and have a few team members in the APAC region focused on bridging what are language, national firewall, and tim