I would put everything in the software transparency area as counting as ‘Open source security”. They are for closed source as well but I think there is enough effort specific to open source that it would rate inclusion. So the work at https://ntia.gov/page/software-bill-materials which has wound down and now is the work at https://www.cisa.gov/sbom.
I’d include the CSAF/VEX work https://oasis-open.github.io/csaf-documentation/ - again for more than open source but open source is a major focus. Similarly with https://opencybersecurityalliance.org/pace/. In fact I’d widen it to all of OCA (https://opencybersecurityalliance.org/) since all the projects in it are open source security projects.
--
Duncan Sparrell
sFractal Consulting
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more at http://vsre.info/
--
You received this message because you are subscribed to the Google Groups "I am The Cavalry" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
iamthecavalr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/iamthecavalry/80ead517-bb15-4b13-889b-7f4340b7e878n%40googlegroups.com.
One more to add to the list is https://nonprofitcyber.org/ which seems to me to be trying to do the same thing you are.
“Nonprofit Cyber is a coalition of implementation-focused cybersecurity nonprofits to collaborate, work together on projects, voluntarily align activities to minimize duplication and increase mutual support, and link the community to key stakeholders with a shared communication channel”
To view this discussion on the web visit https://groups.google.com/d/msgid/iamthecavalry/CO1PR19MB5128CAC9A13AD04DA4F7E423BAD69%40CO1PR19MB5128.namprd19.prod.outlook.com.