![]() If you’re interested in helping fund Alpha-Omega please contact us directly at. Please direct colleagues from your organizations to the working groups. We will also be hosting a monthly public meeting on the first Wednesday of each month. In particular the Securing Critical Projects, Best Practices for OSS Developers, and Vulnerability Disclosures groups. What is the engagement model for the public? How can individuals get involved?įor now, the best way for the public to engage is through the OpenSSF working groups. The public will receive a transparent, standardized view of the project’s security posture and compliance with security best practices. It can also include implementing best practices drawn from criteria outlined by the OpenSSF Scorecard and Best Practices Badge projects.Īlpha will track a series of important metrics providing stakeholders with a better understanding of the security of the open source project they depend on. Help can include threat modeling, automated security testing, source code audits, and support remediating vulnerabilities that are discovered. ![]() They will be selected based on the work by the OpenSSF Securing Critical Projects working group using a combination of expert opinions and data, including the OpenSSF Criticality Score and Harvard’s “Census” analysis identifying critical open source software.įor these selected projects, Alpha team members will provide tailored help to understand and address security gaps. These projects will include standalone projects and core ecosystem services. Alpha will be collaborative in nature, targeting and evaluating the most critical open source projects to help them improve their security postures.
0 Comments
Leave a Reply. |