Hello team – this is the second request to gather a quorum of votes to accept or deny the request to adopt the Memory Safety SIG as part of our working group. We’ve had five eligible working group mem

Team – We have opened an issue(1) for WG members(2) to vote on the potential for our WG to adopt a new SIG aligned with the Mobilization Plan (stream 4) around Memory Safety. Please ask questions, mak

The team behind the forming Memory Safety SIG would like to present its proposed agenda, get feedback from the community members and to be considered as a SIG under the BEST working group, at the next

All: FYI. Endor Labs released on 2023-03-01 a document titled "The Top 10 Open Source Software (OSS) Risks". Their page says that they "teamed up with over 20 CISOs and CTOs to identify the top 10 sec

Hello TAC-friends! On our next call the BEST WG will be reporting out on our current and upcoming activities. To that end, we’re providing our report(1) today as a pre—read for you all. We’re looking

Fam – Below details the steps that will be taken this year to elect the 2023-2024 TAC for the OpenSSF. Anyone interested in participating, details to register to vote, details about the TAC self-nomin

I have a proposed modification to the "Concise Guide to Evaluating OSS". The primary change I propose is that *you* don't have to evaluate code, you could hire someone else, read reviews by others, et

All – to anyone interested, we are assembling a focused group to collaborate on the C/C++ Compiler BP Guide! We will be meeting Wednesdays from 9am EST / 1400 UTC starting on 15Feb and meeting every o

Team – I’ve created a doodle poll to try and find a common time to assemble and collaborate on our C/C++ Compiler Flag guide(2). Please share this with anyone you feel would add value to our group and

Anyone interested in working on a source code management best practices guide is welcome to join us every other Wednesday from 10-11am EST starting this week. We’ll spend some time organizing ourselve

TAC – The OSSF’s EDU.SIG team has finished our “final” draft of our revisions to the Mobilization Plan Stream 1. The relevant links and details about the plan can be found in TAC Issue #134 (1). We’d

Team – With one of my other working groups, we’ve had a request to set up calls that allow folks from APAC to participate. Would this group be interested and open to participating in such an endeavor

BEST Working Group – We’ve set up a poll to find a time to collaborate on our next project, a Source Code Management Best Practices guide. Please vote(1) for times you are available if you desire to h

FYI, We will not be having the scheduled Collect & Curate Content EDU.SIG meeting this Thursday. Thanks! Dave -- Dave Russo Senior Principal Program Manager, Secure Development Red Hat Product Securit

Hello all – The DEI subcommittee would LOVE your opinion on a bi-weekly meeting time that works out for the majority of folks who would like to join us in our focused efforts to move forward to addres

Team – we’ve had numerous members express interest in devoting time to collaborating specifically on our Diversity, Equity, and Inclusion goals for the SIG. If you wish to join in the conversation and

EDU.SIG & BEST WG members – the EDU.SIG has completed our work on the next draft of the Education plan that we desire to share with the TAC in early 2023. Please take some time and read through the pl

Team – please review Issue 103(1) and review our WG Charter and express your vote so we can close this matter. Thanks all! - https://github.com/ossf/wg-best-practices-os-developers/issues/103 Cheers,

All, FYI: GitHub now supports private reporting of security vulnerabilities to projects! This is a big deal. Details here: https://docs.github.com/en/code-security/security-advisories/guidance-on-repo

Subject: [OpenSSF] The US Securing Open Source Software Act of 2022 is a step in the right direction Good day from Singapore, I have just come across this article. Sharing it for more awareness. Artic