|
Respond before deadline: Determine reoccuring time for openvex sig call
The invite closes soon. Get your response in before the deadline Hi openssf-wg-vul-disclosures@..., The deadline is approaching to respond to the invite for Determine reoccuring time for openvex sig c
The invite closes soon. Get your response in before the deadline Hi openssf-wg-vul-disclosures@..., The deadline is approaching to respond to the invite for Determine reoccuring time for openvex sig c
|
By
Doodle
·
|
|
Additional Vulnerability Disclosure WG Meeting Today
Hi All, Last week an additional Vulnerability Disclosure WG Meeting was added to the calendar for today at 11:00 am EST. The goal of this meeting is to discuss the proposed OSSF Vulnerability Disclosu
Hi All, Last week an additional Vulnerability Disclosure WG Meeting was added to the calendar for today at 11:00 am EST. The goal of this meeting is to discuss the proposed OSSF Vulnerability Disclosu
|
By
Jonathan Leitschuh
·
|
|
Invite: Determine reoccuring time for openvex sig call
What times work for you? Hi, CRob (christopher.robinson@) has invited you to respond to their event, "Determine reoccuring time for openvex sig call." Let them know what's the best time for you. Pleas
What times work for you? Hi, CRob (christopher.robinson@) has invited you to respond to their event, "Determine reoccuring time for openvex sig call." Let them know what's the best time for you. Pleas
|
By
Doodle
·
|
|
[For Review] Draft Proposal: Open Source Security Foundation Vulnerability Disclosure Policy
2 messages
Hi All, Please take a look at the Draft Proposal: Open Source Security Foundation Vulnerability Disclosure Policy IMPORTANT: This policy is not about how OpenSSF handles vulnerabilities reported to us
Hi All, Please take a look at the Draft Proposal: Open Source Security Foundation Vulnerability Disclosure Policy IMPORTANT: This policy is not about how OpenSSF handles vulnerabilities reported to us
|
By
Jonathan Leitschuh
·
|
|
VOTE - Adopt OpenVEX as project within the OpenSSF under Vuln Disclosure Working Group (WG) - DUE BY 22March2023
Team – We’ve had a great series of interactions with the Dan’s from Chainguard about their upstream work on VEX & the OpenVEX project over that last month or more. To that end, there is the potential
Team – We’ve had a great series of interactions with the Dan’s from Chainguard about their upstream work on VEX & the OpenVEX project over that last month or more. To that end, there is the potential
|
By
CRob Robinson (Intel)
·
|
|
Proposal: Specification: OpenSSF Compliant Automated Vulnerability Fix Campaign
Hi All, The document below is a proposed specification for defining what is a "OpenSSF Compliant Automated Vulnerability Fix Campaign". This is something being worked on under the Vulnerability Disclo
Hi All, The document below is a proposed specification for defining what is a "OpenSSF Compliant Automated Vulnerability Fix Campaign". This is something being worked on under the Vulnerability Disclo
|
By
Jonathan Leitschuh
·
|
|
[FYI] 2023 TAC & SCIR election process
Fam – Below details the steps that will be taken this year to elect the 2023-2024 TAC for the OpenSSF. Anyone interested in participating, details to register to vote, details about the TAC self-nomin
Fam – Below details the steps that will be taken this year to elect the 2023-2024 TAC for the OpenSSF. Anyone interested in participating, details to register to vote, details about the TAC self-nomin
|
By
CRob Robinson (Intel)
·
|
|
[New Sub Working Group] Automated Vulnerability Disclosures
12 messages
Hi All, We are establishing a sub-working group under this WG regarding automating vulnerability finding/fixing and reporting at-scale across OSS. The initial proposal for the sub working group can be
Hi All, We are establishing a sub-working group under this WG regarding automating vulnerability finding/fixing and reporting at-scale across OSS. The initial proposal for the sub working group can be
|
By
Jonathan Leitschuh
·
|
|
[RFC] Call for Agenda topics - 26Jan2023 APAC Vuln Disc WG call
Hey there friends! We’re kicking off a new call series, as you may have heard, to allow us to better collaborate with folks in AU/APAC. To that end, if anyone has any topics they’d like to discuss in
Hey there friends! We’re kicking off a new call series, as you may have heard, to allow us to better collaborate with folks in AU/APAC. To that end, if anyone has any topics they’d like to discuss in
|
By
CRob Robinson (Intel)
·
|
|
[FYI] New Monthly APAC-friendly WG call
By popular demand, we are adding an additional call each month to collaborate with our friends in APAC around Vulnerability Disclosure good practices. There is a new calendar event in the community ca
By popular demand, we are adding an additional call each month to collaborate with our friends in APAC around Vulnerability Disclosure good practices. There is a new calendar event in the community ca
|
By
CRob Robinson (Intel)
·
|
|
[RFI] Doodle Poll to find APAC-friendly time to hold monthly call
We’re seeking to find a good time to meet up and include our friends from APAC TZs. If you are interested and able to join us, please vote in our poll(1) by 13Jan2023 5pm EST so we can setup meetings
We’re seeking to find a good time to meet up and include our friends from APAC TZs. If you are interested and able to join us, please vote in our poll(1) by 13Jan2023 5pm EST so we can setup meetings
|
By
CRob Robinson (Intel)
·
|
|
[FYI] - Article - "CVE/NVD doesn't work for open source and supply chain security"
2 messages
Very much on topic for our working group, I came across this article the other day that speaks to things near and dear to my (and many others) heart(s). Take a few minutes to read this article and thi
Very much on topic for our working group, I came across this article the other day that speaks to things near and dear to my (and many others) heart(s). Take a few minutes to read this article and thi
|
By
CRob Robinson (Intel)
·
|
|
[RFC] Vote to adopt WG Charter (or provide needed feedback to make it acceptable)
Team – Please review Issue 120(1) that speaks to reviewing and voting to approve our WG Charter. We’d love your feedback if changes are needed and then for you to express if we adopt it or refuse it u
Team – Please review Issue 120(1) that speaks to reviewing and voting to approve our WG Charter. We’d love your feedback if changes are needed and then for you to express if we adopt it or refuse it u
|
By
CRob Robinson (Intel)
·
|
|
FYI: GitHub now supports private vulnerability reporting!!!
2 messages
All, FYI: GitHub now supports private reporting of security vulnerabilities to projects! This is a big deal. Details here: https://docs.github.com/en/code-security/security-advisories/guidance-on-repo
All, FYI: GitHub now supports private reporting of security vulnerabilities to projects! This is a big deal. Details here: https://docs.github.com/en/code-security/security-advisories/guidance-on-repo
|
By
David A. Wheeler
·
|
|
[RFC] OSS-SIRT Plan Revisions ready for review & comments - DUE BY 2DEC2022
SIG & friends – The OSS-SIRT SIG has been working since summer to revise the initial OpenSSF’s Mobilization Plan(1) Stream 5. We are pleased to announce that our work is nearly complete and we are see
SIG & friends – The OSS-SIRT SIG has been working since summer to revise the initial OpenSSF’s Mobilization Plan(1) Stream 5. We are pleased to announce that our work is nearly complete and we are see
|
By
CRob Robinson (Intel)
·
|
|
[OpenSSF] The US Securing Open Source Software Act of 2022 is a step in the right direction
Subject: [OpenSSF] The US Securing Open Source Software Act of 2022 is a step in the right direction Good day from Singapore, I have just come across this article. Sharing it for more awareness. Artic
Subject: [OpenSSF] The US Securing Open Source Software Act of 2022 is a step in the right direction Good day from Singapore, I have just come across this article. Sharing it for more awareness. Artic
|
By
Turritopsis Dohrnii Teo En Ming
·
|
|
[RFC] Please express your opinions on next projects for the group
Hello group! During our WG call this week we talked about three possible next projects for the group (listed below). Please take some time before out next call and review each and provide any thoughts
Hello group! During our WG call this week we talked about three possible next projects for the group (listed below). Please take some time before out next call and review each and provide any thoughts
|
By
CRob Robinson (Intel)
·
|
|
Housekeeping FYIs - Holiday Calendars and Slack Apps
Hi all, As discussed on the TAC call yesterday, just a quick note to share that: We will be cancelling all OpenSSF meetings during the holiday periods of Nov. 24-25 and Dec. 26-30. Please let us know
Hi all, As discussed on the TAC call yesterday, just a quick note to share that: We will be cancelling all OpenSSF meetings during the holiday periods of Nov. 24-25 and Dec. 26-30. Please let us know
|
By
Jory Burson (PM, LF)
·
|
|
[Action Requested] Steps to be credited as a WG Member in LFX Platform
Hello! OpenSSF Staff are undertaking an effort to provide better data and reporting to our community in a number of different ways. One of these ways is to gauge Working Group and committee participat
Hello! OpenSSF Staff are undertaking an effort to provide better data and reporting to our community in a number of different ways. One of these ways is to gauge Working Group and committee participat
|
By
Jory Burson (PM, LF)
·
|
|
[FYI] CVD Guide for Finders .01 now live in OSSF Github!
Hello everyone. The Vuln Disclosure WG is pleased to announce that the .01 version of our Coordinated disclosure guide for Finders working with OSS maintainers(1) has been published! We’ll be part of
Hello everyone. The Vuln Disclosure WG is pleased to announce that the .01 version of our Coordinated disclosure guide for Finders working with OSS maintainers(1) has been published! We’ll be part of
|
By
CRob Robinson (Intel)
·
|