Skip to content

SBOMit/tac

 
 

Repository files navigation

OpenSSF Technical Advisory Council (TAC)

The OpenSSF Technical Advisory Council is responsible for oversight of the various Technical Initiatives of the OpenSSF.

Get Involved

Official communications occur on the TAC mailing list. Manage your subscriptions to Open SSF mailing lists.

Informal discussions occur in the TAC channel of the OpenSSF Slack. To join, use the following invite link.

Use GitHub Issues to request and discuss agenda items.

If you need support in any part of the process, please email [email protected].

Meetings

The TAC meetings minutes are online and appear on the OpenSSF Community Calendar.

Meetings are also recorded and posted to the OpenSSF YouTube channel.

TAC Members

Name Position Email Organization Term
Arnaud J Le Hors Vice Chair [email protected] IBM April 2023 - March 2024*
Bob Callaway [email protected] Google April 2023 - March 2024
CRob Robinson Chair [email protected] Intel April 2023 - March 2024*
Dan Lorenc [email protected] Chainguard April 2023 - March 2024
Dustin Ingram [email protected] Google April 2023 - March 2024
Michael Lieberman [email protected] Kusari July 2023 - March 2024
Zach Steindler [email protected] GitHub April 2023 - March 2024*

NOTE: * marked entries denote OpenSSF Governing Board appointed members, others are community elected.

Charter

The TAC is chartered as part of the Open Source Security Foundation Charter.

Technical Initiatives

The following Technical Initiatives have been approved by the TAC:

Working Groups

Name Repository Notes Status
Vulnerability Disclosures https://github.com/ossf/wg-vulnerability-disclosures Meeting Notes Incubating
Security Tooling https://github.com/ossf/wg-security-tooling Meeting Notes Incubating
Security Best Practices https://github.com/ossf/wg-best-practices-os-developers Meeting Notes Incubating
Identifying Security Threats https://github.com/ossf/wg-identifying-security-threats Meeting Notes Incubating
Securing Critical Projects https://github.com/ossf/wg-securing-critical-projects Meeting Notes Incubating
Supply Chain Integrity https://github.com/ossf/wg-supply-chain-integrity Meeting Notes Incubating
Securing Software Repositories https://github.com/ossf/wg-securing-software-repos Meeting Notes Incubating
End Users https://github.com/ossf/wg-endusers Meeting Notes Incubating

Overview Diagrams

Diagrams with an overview of the OpenSSF, including its projects and SIGs, are available in the presentation OpenSSF Introduction (including Diagrammers’ Society diagrams) as created and maintained by the OpenSSF Diagrammer's Society.

Projects

Name Repository/Home Page Notes Sponsoring Org Status
Allstar https://github.com/ossf/allstar Meeting Notes Securing Critical Projects WG TBD
Best Practices Badge https://github.com/coreinfrastructure/best-practices-badge Mailing list Best Practices WG TBD
Criticality Score https://github.com/ossf/criticality_score Meeting Notes Securing Critical Projects WG TBD
Fuzz Introspector https://github.com/ossf/fuzz-introspector Meeting Notes Security Tooling WG TBD
gittuf https://github.com/gittuf/gittuf TBD Supply Chain Integrity WG Sandbox
OSV Schema https://github.com/ossf/osv-schema Meeting Notes Vulnerability Disclosures WG TBD
Package Analysis https://github.com/ossf/package-analysis Meeting Notes Securing Critical Projects WG TBD
Package Feeds https://github.com/ossf/package-feeds Meeting Notes Securing Critical Projects WG TBD
Repository Service for TUF https://github.com/vmware/repository-service-tuf Meeting Notes Securing Software Repositories WG Sandbox
SBOMit https://github.com/sbomit Meeting Notes Security Tooling WG Sandbox
Scorecard https://github.com/ossf/scorecard Meeting Notes Best Practices WG TBD
Security Insights Spec https://github.com/ossf/security-insights-spec Meeting Notes Identifying Security Threats WG TBD
Security Metrics https://github.com/ossf/Project-Security-Metrics Meeting Notes Identifying Security Threats WG TBD
Sigstore https://github.com/sigstore Meeting Notes OpenSSF TAC TBD
SLSA Tooling https://github.com/ossf/wg-supply-chain-integrity/blob/main/slsa-tooling.md Meeting Notes Supply Chain Integrity WG TBD

OpenSSF affiliated projects

Name Repository Notes Status
Core Toolchain Infrastructure Coming Soon TBD TBD
Alpha Omega https://github.com/ossf/alpha-omega TBD TBD

Antitrust Policy

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

Releases

No releases published

Packages

No packages published