The invite closes soon. Get your response in before the deadline Hi openssf-wg-vul-disclosures@..., The deadline is approaching to respond to the invite for Determine reoccuring time for openvex sig c

Hi All, Last week an additional Vulnerability Disclosure WG Meeting was added to the calendar for today at 11:00 am EST. The goal of this meeting is to discuss the proposed OSSF Vulnerability Disclosu

What times work for you? Hi, CRob (christopher.robinson@) has invited you to respond to their event, "Determine reoccuring time for openvex sig call." Let them know what's the best time for you. Pleas

Hi All, Please take a look at the Draft Proposal: Open Source Security Foundation Vulnerability Disclosure Policy IMPORTANT: This policy is not about how OpenSSF handles vulnerabilities reported to us

Team – We’ve had a great series of interactions with the Dan’s from Chainguard about their upstream work on VEX & the OpenVEX project over that last month or more. To that end, there is the potential

Hi All, The document below is a proposed specification for defining what is a "OpenSSF Compliant Automated Vulnerability Fix Campaign". This is something being worked on under the Vulnerability Disclo

Fam – Below details the steps that will be taken this year to elect the 2023-2024 TAC for the OpenSSF. Anyone interested in participating, details to register to vote, details about the TAC self-nomin

Hi All, We are establishing a sub-working group under this WG regarding automating vulnerability finding/fixing and reporting at-scale across OSS. The initial proposal for the sub working group can be

Hey there friends! We’re kicking off a new call series, as you may have heard, to allow us to better collaborate with folks in AU/APAC. To that end, if anyone has any topics they’d like to discuss in

By popular demand, we are adding an additional call each month to collaborate with our friends in APAC around Vulnerability Disclosure good practices. There is a new calendar event in the community ca

We’re seeking to find a good time to meet up and include our friends from APAC TZs. If you are interested and able to join us, please vote in our poll(1) by 13Jan2023 5pm EST so we can setup meetings

Very much on topic for our working group, I came across this article the other day that speaks to things near and dear to my (and many others) heart(s). Take a few minutes to read this article and thi

Team – Please review Issue 120(1) that speaks to reviewing and voting to approve our WG Charter. We’d love your feedback if changes are needed and then for you to express if we adopt it or refuse it u

All, FYI: GitHub now supports private reporting of security vulnerabilities to projects! This is a big deal. Details here: https://docs.github.com/en/code-security/security-advisories/guidance-on-repo

SIG & friends – The OSS-SIRT SIG has been working since summer to revise the initial OpenSSF’s Mobilization Plan(1) Stream 5. We are pleased to announce that our work is nearly complete and we are see

Subject: [OpenSSF] The US Securing Open Source Software Act of 2022 is a step in the right direction Good day from Singapore, I have just come across this article. Sharing it for more awareness. Artic

Hello group! During our WG call this week we talked about three possible next projects for the group (listed below). Please take some time before out next call and review each and provide any thoughts

Hi all, As discussed on the TAC call yesterday, just a quick note to share that: We will be cancelling all OpenSSF meetings during the holiday periods of Nov. 24-25 and Dec. 26-30. Please let us know

Hello! OpenSSF Staff are undertaking an effort to provide better data and reporting to our community in a number of different ways. One of these ways is to gauge Working Group and committee participat

Hello everyone. The Vuln Disclosure WG is pleased to announce that the .01 version of our Coordinated disclosure guide for Finders working with OSS maintainers(1) has been published! We’ll be part of