|
[RFC] Focus Group to finalize CVD guide text doodle poll 2 messages
Hey team. Our new target for delivery of the Finder CVD guide(1) is 6Sept. That means we need to get the text wrapped up so we can get help from the LF copyeditors around 31Aug. To that end, we’re goi
Hey team. Our new target for delivery of the Finder CVD guide(1) is 6Sept. That means we need to get the text wrapped up so we can get help from the LF copyeditors around 31Aug. To that end, we’re goi
|
By
CRob Robinson (Intel)
·
|
|
Availability for Working Session on Reporter Guide
Hi everyone, In today's meeting, we decided that our goal date to complete the OSS Coordinated Disclosure Guide for Finders is August 31 (21 days away!) so that LF editors can finalize the doc before
Hi everyone, In today's meeting, we decided that our goal date to complete the OSS Coordinated Disclosure Guide for Finders is August 31 (21 days away!) so that LF editors can finalize the doc before
|
By
Madison Oliver
·
|
|
What to do about the August 10 call? 6 messages
Hello, all! During the call today, Madison made the helpful observation that our next call (August 10) lands during Black Hat/DEFCON, so many people may not be available. How would we like the handle
Hello, all! During the call today, Madison made the helpful observation that our next call (August 10) lands during Black Hat/DEFCON, so many people may not be available. How would we like the handle
|
By
VM (Vicky) Brasseur
·
|
|
[openssf-sig-osssirt] [RFC] Security Advisory Template.md 2 messages
Sorry for the mis-posting, this was directed at +openssf-wg-vul-disclosures@... , as a follow-up to the meeting yesterday.-- Francis Perron Open Source Security @ Google LLC
Sorry for the mis-posting, this was directed at +openssf-wg-vul-disclosures@... , as a follow-up to the meeting yesterday.-- Francis Perron Open Source Security @ Google LLC
|
By
Francis Perron
·
|
|
[FYI] OSS-SIRT SIG kickoff - 5July2022
Greetings Open Source Friends – On behalf of the OSSF’s Vulnerability Disclosure Working Group(1) I am pleased to announce that we will be adopting Stream 5 and parts of Stream 6 from the OSSF Mobiliz
Greetings Open Source Friends – On behalf of the OSSF’s Vulnerability Disclosure Working Group(1) I am pleased to announce that we will be adopting Stream 5 and parts of Stream 6 from the OSSF Mobiliz
|
By
CRob Robinson (Intel)
·
|
|
[AR] Vuln Disclosure WG SIG(s) to address Steam 5 & 6 - Please vote by 10June2022 4 messages
ACTION REQUIRED BY EoD 10JUNE2022 Team – If you are interested in collaborating on further developing the plan laid out by the OSSF(1) please fill out the doodle(2) below to let us know your intereste
ACTION REQUIRED BY EoD 10JUNE2022 Team – If you are interested in collaborating on further developing the plan laid out by the OSSF(1) please fill out the doodle(2) below to let us know your intereste
|
By
CRob Robinson (Intel)
·
|
|
[DECISION] RE: [AR] WG VOTE - to meme or not to meme? DUE EoD 3June2022
The voting has concluded. Out of those that expressed a preference, 4 of the group voted to remove the memes, and 1 voted to keep them. Several others expressed opinions but did not come down on the b
The voting has concluded. Out of those that expressed a preference, 4 of the group voted to remove the memes, and 1 voted to keep them. Several others expressed opinions but did not come down on the b
|
By
CRob Robinson (Intel)
·
|
|
Propose the new researcher CDG to Scored? 2 messages
Someone in one of the slack channel posted a link to this ACM conference today: https://scored.dev It’s the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED '22)
Someone in one of the slack channel posted a link to this ACM conference today: https://scored.dev It’s the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED '22)
|
By
VM (Vicky) Brasseur
·
|
|
[AR] WG VOTE - to meme or not to meme? DUE EoD 3June2022 6 messages
Please respond to the list by EoD 3June2022 so your vote can be tallied Team – In our current CVD Guide for Finders working with OSS maintainers project(1) we currently have several memes and gifs app
Please respond to the list by EoD 3June2022 so your vote can be tallied Team – In our current CVD Guide for Finders working with OSS maintainers project(1) we currently have several memes and gifs app
|
By
CRob Robinson (Intel)
·
|
|
[FYI] May update for Vuln Disclosures WG for TAC
Working Group Report 24May2022 WG Name: Vulnerability Disclosures WG Git Repo: https://github.com/ossf/wg-vulnerability-disclosures WG Meeting Notes: gdoc WG Lead(s): CRob WG Members: 16 regular atten
Working Group Report 24May2022 WG Name: Vulnerability Disclosures WG Git Repo: https://github.com/ossf/wg-vulnerability-disclosures WG Meeting Notes: gdoc WG Lead(s): CRob WG Members: 16 regular atten
|
By
CRob Robinson (Intel)
·
|
|
[RFA] Homework for our next call - Please review OSSF "The Open Source Software Security Mobilization Plan" streams 5 & 6
Team, please review <SUBJECT> for our next team call so we can provide suggestions on the plan and if we feel this should exist within our Working Group. Provided we decide to move forward, we’ll setu
Team, please review <SUBJECT> for our next team call so we can provide suggestions on the plan and if we feel this should exist within our Working Group. Provided we decide to move forward, we’ll setu
|
By
CRob Robinson (Intel)
·
|
|
[RFC] OSSF WH OS Summit II proposal - Vuln Disclosure
Hey team – I was fortunate to be involved in the recent Summit in DC around improving OSS security. Unsurprisingly, there are some items in the plan that are heavily related to our work. I’d love to t
Hey team – I was fortunate to be involved in the recent Summit in DC around improving OSS security. Unsurprisingly, there are some items in the plan that are heavily related to our work. I’d love to t
|
By
CRob Robinson (Intel)
·
|
|
Unveiling the Researcher CVD Guide…? 3 messages
While discussing the new CVD guide during today's meeting, we were wondering about the target to release/unveil this at BlackHat in August. Specifically, the BlackHat CFP has closed. Did anyone propos
While discussing the new CVD guide during today's meeting, we were wondering about the target to release/unveil this at BlackHat in August. Specifically, the BlackHat CFP has closed. Did anyone propos
|
By
VM (Vicky) Brasseur
·
|
|
REMINDER - New Group Call date/time - 20April2022 11am EST
Team – just a reminder that my popular demand, our regularly scheduled meeting time has changed. Starting this upcoming Wednesday, we will be meeting fortnightly at 11am EST. Looking forward to seeing
Team – just a reminder that my popular demand, our regularly scheduled meeting time has changed. Starting this upcoming Wednesday, we will be meeting fortnightly at 11am EST. Looking forward to seeing
|
By
CRob Robinson (Intel)
·
|
|
Speak at Global Security Vulnerability Summit @ Open Source Summit NA, June 21-24 - Austin, TX | Deadline is April 1
Just FYI! -------- Forwarded Message -------- Subject: Speak at Global Security Vulnerability Summit @ Open Source Summit NA, June 21-24 - Austin, TX | Deadline is April 1 Date: Wed, 30 Mar 2022 15:24
Just FYI! -------- Forwarded Message -------- Subject: Speak at Global Security Vulnerability Summit @ Open Source Summit NA, June 21-24 - Austin, TX | Deadline is April 1 Date: Wed, 30 Mar 2022 15:24
|
By
Brian Behlendorf
·
|
|
[RFC] Feedback needed from 21March WG Call 4 messages
Hey there team! A few items I’m following up on from our call yesterday (I got it down to one email instead of many!): Review of WG Charter We’d like feedback on the working group charter and official
Hey there team! A few items I’m following up on from our call yesterday (I got it down to one email instead of many!): Review of WG Charter We’d like feedback on the working group charter and official
|
By
CRob Robinson (Intel)
·
|
|
Meeting time for this working group - 4PM GMT or 4PM EST? 3 messages
Dear all, I was looking forward to the OpenSSF Vulnerability Disclosures Working Group meeting today, and joined what appears to be the appropriate Zoom room. However, nobody is there currently - coul
Dear all, I was looking forward to the OpenSSF Vulnerability Disclosures Working Group meeting today, and joined what appears to be the appropriate Zoom room. However, nobody is there currently - coul
|
By
Sebastian Crane
·
|
|
[FYI] Upcoming call on OSS Security Maturity Models 2March2022
Hi teams – Just as a reminder, Wednesday at 10am EST we’ll be meeting with several folks from sig.eu to discuss open source software security models. If you are interested, please join us a the link b
Hi teams – Just as a reminder, Wednesday at 10am EST we’ll be meeting with several folks from sig.eu to discuss open source software security models. If you are interested, please join us a the link b
|
By
CRob Robinson (Intel)
·
|
|
[RFC] Questions regarding the OSSF Vuln Disclosure working group? 2 messages
Hi Oliver. My name is CRob and I’m the working group lead for the OpenSSF’s Vulnerability Disclosure working group. Nice to virtually meet you. I got your contact today during the OSSF’s Technical Adv
Hi Oliver. My name is CRob and I’m the working group lead for the OpenSSF’s Vulnerability Disclosure working group. Nice to virtually meet you. I got your contact today during the OSSF’s Technical Adv
|
By
CRob Robinson (Intel)
·
|
|
[RFC] 21Feb Working Group call? 2 messages
Hello everyone. Our next regularly scheduled call will be 21Feb. That day also happens to be a US holiday, where many members may not be working that day. Do we wish to still meet or defer until 7Apri
Hello everyone. Our next regularly scheduled call will be 21Feb. That day also happens to be a US holiday, where many members may not be working that day. Do we wish to still meet or defer until 7Apri
|
By
CRob Robinson (Intel)
·
|