Hey team. Our new target for delivery of the Finder CVD guide(1) is 6Sept. That means we need to get the text wrapped up so we can get help from the LF copyeditors around 31Aug. To that end, we’re goi

Hi everyone, In today's meeting, we decided that our goal date to complete the OSS Coordinated Disclosure Guide for Finders is August 31 (21 days away!) so that LF editors can finalize the doc before

Hello, all! During the call today, Madison made the helpful observation that our next call (August 10) lands during Black Hat/DEFCON, so many people may not be available. How would we like the handle

Sorry for the mis-posting, this was directed at +openssf-wg-vul-disclosures@... , as a follow-up to the meeting yesterday.-- Francis Perron Open Source Security @ Google LLC

Greetings Open Source Friends – On behalf of the OSSF’s Vulnerability Disclosure Working Group(1) I am pleased to announce that we will be adopting Stream 5 and parts of Stream 6 from the OSSF Mobiliz

ACTION REQUIRED BY EoD 10JUNE2022 Team – If you are interested in collaborating on further developing the plan laid out by the OSSF(1) please fill out the doodle(2) below to let us know your intereste

The voting has concluded. Out of those that expressed a preference, 4 of the group voted to remove the memes, and 1 voted to keep them. Several others expressed opinions but did not come down on the b

Someone in one of the slack channel posted a link to this ACM conference today: https://scored.dev It’s the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED '22)

Please respond to the list by EoD 3June2022 so your vote can be tallied Team – In our current CVD Guide for Finders working with OSS maintainers project(1) we currently have several memes and gifs app

Working Group Report 24May2022 WG Name: Vulnerability Disclosures WG Git Repo: https://github.com/ossf/wg-vulnerability-disclosures WG Meeting Notes: gdoc WG Lead(s): CRob WG Members: 16 regular atten

Team, please review <SUBJECT> for our next team call so we can provide suggestions on the plan and if we feel this should exist within our Working Group. Provided we decide to move forward, we’ll setu

Hey team – I was fortunate to be involved in the recent Summit in DC around improving OSS security. Unsurprisingly, there are some items in the plan that are heavily related to our work. I’d love to t

While discussing the new CVD guide during today's meeting, we were wondering about the target to release/unveil this at BlackHat in August. Specifically, the BlackHat CFP has closed. Did anyone propos

Team – just a reminder that my popular demand, our regularly scheduled meeting time has changed. Starting this upcoming Wednesday, we will be meeting fortnightly at 11am EST. Looking forward to seeing

Just FYI! -------- Forwarded Message -------- Subject: Speak at Global Security Vulnerability Summit @ Open Source Summit NA, June 21-24 - Austin, TX | Deadline is April 1 Date: Wed, 30 Mar 2022 15:24

Hey there team! A few items I’m following up on from our call yesterday (I got it down to one email instead of many!): Review of WG Charter We’d like feedback on the working group charter and official

Dear all, I was looking forward to the OpenSSF Vulnerability Disclosures Working Group meeting today, and joined what appears to be the appropriate Zoom room. However, nobody is there currently - coul

Hi teams – Just as a reminder, Wednesday at 10am EST we’ll be meeting with several folks from sig.eu to discuss open source software security models. If you are interested, please join us a the link b

Hi Oliver. My name is CRob and I’m the working group lead for the OpenSSF’s Vulnerability Disclosure working group. Nice to virtually meet you. I got your contact today during the OSSF’s Technical Adv

Hello everyone. Our next regularly scheduled call will be 21Feb. That day also happens to be a US holiday, where many members may not be working that day. Do we wish to still meet or defer until 7Apri