All: We recently passed the deadline for content submission on the “Guide to coordinated vulnerability disclosure for open source software projects”: https://github.com/ossf/oss-vulnerability-guide Ho

I’m +1 on cancelling (or rescheduling) the mtg set to occur on Labor Day given the amount of US-based contributors to this group. However, I believe it is on not the 12th but the 6th (there appears to

Hey team – it is Labor Day here in the States next Monday. Our next call was to be then, but I’m wondering if we need to change that plan. We can cancel the call for next week, try to reschedule it, o

Group – a group of us got together to review the latest batch of comments on our group project today. We’d invite the group to review our “Guide to implementing a coordinated vulnerability disclosure

Hello OpenSSFer’s! My name is CRob and I’m the working group lead for the Vulnerability Disclosures working group in the OpenSSF(1). We are very fortune to have arranged to have folks from the CVE pro

Hey team – I’ve been talking with the CVE folks about attending our call. Sadly we can’t muster more than one for the proposed July 26th date. We’ve agreed that they should be able to have better repr

Hi all, In the vulnerability disclosure whitepaper, there will be a section that gives recommendations for how OSS maintainers should set up and manage a coordinated disclosure process. Since we will

FYI: Kurt Seifried just posted an article titled "The future of DWF”: https://opensourcesecurity.io/2021/07/15/the-future-of-dwf/ It looks like they’re dissolving the DWF, and working with the Cloud S

Hey Team – for those of us collab'ing on our whitepaper project(1), the group decided to set a date for ourselves to get the first draft all wrapped up and ready to go! We’re looking to have all contr

Adding to this great list by David (I’ll also have additional comments later) – I’d love to see a standardization of what an inbound-to-vendor/project bug report contains, such that vendors get good a

Hey team – folks from the CVE Board and program have offered to come to a future call with us to share updates to the program and get our feedback and suggestions. I think it’ll be important for us to

Hey all! Those of us who popped into the call today just wanted to remind ourselves (and everyone else) the current main project is working on the white paper (see notes from 5-3 https://github.com/os

Hey Team! As you may guess from the change in my email address, I went through a change in jobs recently. New jobs bring new meetings and calendar challenges. I very much want to continue working with

Congratulations on your new role! 11am Pacific (2pm ET) is a yes from me 6/7am Pacific (9/10am ET) are a no (time conflict) Cheers Jennifer Jennifer Fernick (she/her) SVP & Global Head of Research NCC

Team - I've sent out two Doodle polls to see about finding a time to talk about the Challenges and Approaches sections of our whitepaper project. Please consider voting on times and joining us in thes

Hi all, Per the working group meeting today, this is the coordinated vulnerability disclosure for OSS projects guide[1] that was published last month. It's intended to be a decently opinionated resour

The OpenSSF community has been working fast and furious since its formation last year to improve the security of the open source ecosystem. We all know this is no small mission and so we’re taking a m

Hi! A bunch of details about the next WG meeting on Monday: Time Monday February 8th, 2021 4:00 PM GMT / 8:00 AM Pacific Links Zoom link: https://zoom.us/j/93780393562?pwd=ZzNmYjg4Y1JHREtWNnNCUUZIVXlK

Hi, I will not be able to attend to facilitate the meeting, and I got no feedback that there is interest in holding the meeting today. I cancelled the meeting today and will work on setting up the nex

Hi! A bunch of details about the next WG meeting on Monday: Time Monday January 11th, 2021 4:00 PM GMT / 8:00 AM Pacific Links Zoom link: https://zoom.us/j/99945119899?pwd=WWl6V3dmaGMrWC9RYlp2ZWtPVDJV