Comms for SLSA 1.0 — let's plan

[Isaac Hepworth]

Hello SLSA friends.

As we approach the 1.0 Stable release of the SLSA specification in the coming month, we have some joined-up comms to plan.

I expect we're going to want a blog post on openssf.org announcing and celebrating the milestone. I expect Chainguard will want to post something on its own blog; I expect Google will want to as well. Perhaps VMWare too? @Joshua Lock, you might know. IBM also, @Melba Lopez?

We'll likely want some press pre-briefing, too, using the OpenSSF blog post as its center of gravity. Social stuff as well.

In any case I wanted to make sure that the right folks are in touch with each other in order to make a proper plan. @Scott Westover here on cc will be leading comms from Google's side. @Jennifer Bly, am I right in thinking that you'll be leading from OpenSSF? Who else should be involved?

I'd happily draft a first pass at a comms plan, and share it with the group and community, but there may be others better placed to take the lead on that. Possibly much of this is already in motion! In which case, I'd just like to ask that Scott be included :)

Thanks,

Isaac

[Michael Lieberman]

Kusari has stuff planned as well. For planning, you can just include me.

--
You received this message because you are subscribed to the Google Groups "slsa-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to slsa-discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/CAMYDBzEg81Z4-YXY1LBcxdfb9nBvr9M4bwXW_EVyF48Wwp9NCg%40mail.gmail.com.

[Tracy Miranda]

Thanks Isaac.

Chainguard definitely want to help spread the word far and wide! 

Leading comms for Chainguard will be @Kaylin Trychon & @Sarah O'Rourke 

Thanks,

Tracy

On Tue, Mar 7, 2023 at 11:32 AM 'Isaac Hepworth' via slsa-discussion <slsa-di...@googlegroups.com> wrote:

--

[Isaac Hepworth]

I think a kick-off meeting would be a great idea. Perhaps we begin with folks who're on the critical path here:

- Jennifer (OpenSSF)

- Kaylin and Sarah (Chainguard)

- Scott (Google)

- Michael (Kusari)

- any others who want to make themselves known on this thread

I'd suggest that the small group gather to produce a draft 1.0 comms plan and share it out with the community for feedback.

Thank you!

Isaac

On Tue, Mar 7, 2023 at 9:50 AM Jennifer Bly <jb...@linuxfoundation.org> wrote:

Thanks for getting this thread started! Yes, I will be running point from OpenSSF. We will also want to bring in others as we begin planning - for example, our PR firm for pitching, etc. Perhaps we should have a meeting to discuss this further?

Best,

Jennifer

--

Jennifer Bly

Sr. Marketing & Communications Manager

OpenSSF  | The Linux Foundation

https://openssf.org/

[Jennifer Bly]

Thanks for getting this thread started! Yes, I will be running point from OpenSSF. We will also want to bring in others as we begin planning - for example, our PR firm for pitching, etc. Perhaps we should have a meeting to discuss this further?

Best,

Jennifer

On Tue, Mar 7, 2023 at 11:45 AM Michael Lieberman <mliebe...@gmail.com> wrote:

[Scott Westover]

Adding Sarah and Kaylin back in cause I think the thread forked, and also Kim who leads central security PR for Google. 

A meeting to kick off our outreach plans sounds great! 

[Jennifer Bly]

+1! Also including @Brian Behlendorf and @OpenS...@speakeasystrategies.com (our PR firm) to join as they are able.

Best,

Jennifer

[Claudia Ring]

I would love to join, we will be covering all the SLSA updates as well!

Claudia

[Melba Lopez]

I’m interested in partaking!  Copying my peer @Jeffrey Borek who knows the right path to take inside of IBM for things like this.  @Jeffrey Borek we can start working internally (starting tomorrow) to figure out how to make this happen on our open-source blog we have on ibm.com

 

I’m traveling this week so I’m on and off the computer a lot (don’t have a lot of access to Slack).  Feel free to send over a calendar invite and I’ll be crossing fingers that I can attend!

 

What about adding Microsoft/RedHat?  I know they’ve been in many of the discussions and Jay/Laura have been helping a lot with SLSA positioning.    

 

Melba Lopez

STSM, Supply Chain Security

E-mail: Melba...@ibm.com

Phone: (512) 850-9511

 

My working hours may not be your working hours! Please don’t feel obliged to read or reply to this e-mail outside of your normal working hours.

 

 

From: Jennifer Bly <jb...@linuxfoundation.org>
Date: Tuesday, March 7, 2023 at 12:53 PM
To: Scott Westover <westov...@google.com>, Brian Behlendorf <bbehl...@linuxfoundation.org>, OpenS...@speakeasystrategies.com <OpenS...@speakeasystrategies.com>
Cc: Isaac Hepworth <isa...@google.com>, Michael Lieberman <mliebe...@gmail.com>, Joshua Lock <jl...@vmware.com>, Melba Lopez <Melba...@ibm.com>, slsa-di...@googlegroups.com <slsa-di...@googlegroups.com>, kay...@chainguard.dev <kay...@chainguard.dev>, soro...@chainguard.dev <soro...@chainguard.dev>, Kimberly Samra <kimber...@google.com>
Subject: [EXTERNAL] Re: Comms for SLSA 1.0 — let's plan

+1! Also including @Brian Behlendorf and @OpenSSF_PR@ speakeasystrategies. com (our PR firm) to join as they are able. Best, Jennifer On Tue, Mar 7, 2023 at 1: 08 PM Scott Westover <westoverscott@ google. com> wrote: Adding Sarah and Kaylin

ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd

[Bruno Domingues]

Hi, I am also interested in working on it from Intel's side. I will engage with Intel's PR and let me know how are you planning to coordinate

To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/MW4PR15MB4555AEB6A4B4C9AE1D8E170BF6B49%40MW4PR15MB4555.namprd15.prod.outlook.com.

[Brian Behlendorf]

Hi all! I'm excited to see this released - SLSA is a pillar of the OpenSSF community and will play a key part in the more integrated-architecture picture we hope to paint over the next year.

I am not in a position to answer this question for myself at the moment, but I trust that the Community Spec protocol was followed rigorously and there is a clear vote to accept this document as 1.0 final. Some references:
https://github.com/slsa-framework/governance/blob/main/5._Governance.md 
(https://github.com/slsa-framework/governance/blob/main/5._Governance.md#4-specification-development-process

I want to make sure not only is this a clear consensus product but that we also have no barriers to submitting this to standards bodies like ISO as a PAS, as the LF did with SPDX. I don't know if you have any plans to do that soon; if so it may be worth sharing them in this release. Or, other plans for next steps... Is there a 1.1 in the works, that sort of thing.

Finally and again probably stating something that's already been said, but the more we can get testimonials not just from the direct participants (be sure and reflect the range of participants as well) and large companies but also from end users and start ups who can share how they're using it. Jennifer Blu can lead collecting those and getting sign-offs, but we need to get connected to those orgs and you likely know them better than we do.

It would be helpful to draft some other collateral here if it's not already been done, for both business/PM style audiences and Dec audiences, so that any new traffic generated from the buzz can get connected in to the right place to participate. OpenSSF staff can help here but let us know.

So exciting!

Brian

[Melba Lopez]

Yes yes!! Didn’t mean to forget about Intel!  I know you and Marcela have been working on the spec/positioning side too!

 

Melba Lopez

STSM, Supply Chain Security

E-mail: Melba...@ibm.com

Phone: (512) 850-9511

 

My working hours may not be your working hours! Please don’t feel obliged to read or reply to this e-mail outside of your normal working hours.

 

 

From: Bruno Domingues <brun...@gmail.com>
Date: Tuesday, March 7, 2023 at 7:12 PM
To: Melba Lopez <Melba...@ibm.com>
Cc: Jennifer Bly <jb...@linuxfoundation.org>, Scott Westover <westov...@google.com>, Brian Behlendorf <bbehl...@linuxfoundation.org>, OpenS...@speakeasystrategies.com <OpenS...@speakeasystrategies.com>, Isaac Hepworth <isa...@google.com>, Michael Lieberman <mliebe...@gmail.com>, Joshua Lock <jl...@vmware.com>, slsa-di...@googlegroups.com <slsa-di...@googlegroups.com>, kay...@chainguard.dev <kay...@chainguard.dev>, soro...@chainguard.dev <soro...@chainguard.dev>, Kimberly Samra <kimber...@google.com>, Jeffrey Borek <jbo...@us.ibm.com>
Subject: [EXTERNAL] Re: Comms for SLSA 1.0 — let's plan

Hi, I am also interested in working on it from Intel's side. I will engage with Intel's PR and let me know how are you planning to coordinate On Tue, Mar 7, 2023 at 4: 59 PM 'Melba Lopez' via slsa-discussion <slsa-discussion@ googlegroups. com>

ZjQcmQRYFpfptBannerStart

This Message Is From an Untrusted Sender You have not previously corresponded with this sender.

ZjQcmQRYFpfptBannerEnd

[Arnaud Le Hors]

Hi Brian,

I don’t think we can really say that the Community Spec protocol was followed rigorously per se but I don’t think we are too far off.

 

First the fact is that the 1.0 document is still being worked on so the decision to accept it as final has not been made yet. It’s a good reminder that a formal decision should be made and recorded though.

 

We’ve also been using additional names for the development stages of the spec. We do use “draft” but instead of “approved” we have “final”,  so we ought to make it clear that this is meant to be the same from the protocol point of view.

 

Regards.

-- 

Arnaud  Le Hors - Senior Technical Staff Member - Open Technologies - IBM

 

 

From: slsa-di...@googlegroups.com <slsa-di...@googlegroups.com> on behalf of Brian Behlendorf <bbehl...@linuxfoundation.org>
Date: Wednesday, March 8, 2023 at 2:46 AM
To: Bruno Domingues <brun...@gmail.com>, Melba Lopez <Melba...@ibm.com>
Cc: Jennifer Bly <jb...@linuxfoundation.org>, Scott Westover <westov...@google.com>, OpenS...@speakeasystrategies.com <OpenS...@speakeasystrategies.com>, Isaac Hepworth <isa...@google.com>, Michael Lieberman <mliebe...@gmail.com>, Joshua Lock <jl...@vmware.com>, slsa-di...@googlegroups.com <slsa-di...@googlegroups.com>, kay...@chainguard.dev <kay...@chainguard.dev>, soro...@chainguard.dev <soro...@chainguard.dev>, Kimberly Samra <kimber...@google.com>, Jeffrey Borek <jbo...@us.ibm.com>
Subject: [EXTERNAL] Re: Comms for SLSA 1.0 — let's plan

Hi all! I'm excited to see this released - SLSA is a pillar of the OpenSSF community and will play a key part in the more integrated-architecture picture we hope to paint over the next year. I am not in a position to answer this question for

ZjQcmQRYFpfptBannerStart

To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/853EBB06-8795-4DD2-970D-5DCD6616FD42%40linuxfoundation.org.

[Arnaud Le Hors]

Actually it’s not called “final” but “stable”:

https://slsa.dev/spec-stages

 

I’m going to submit a PR to indicate that this corresponds to the “Approved” state of the Community Spec protocol or we could just rename it if deemed necessary.

-- 

Arnaud  Le Hors - Senior Technical Staff Member - Open Technologies - IBM

 

 

From: slsa-di...@googlegroups.com <slsa-di...@googlegroups.com> on behalf of Arnaud Le Hors <leh...@us.ibm.com>

Date: Wednesday, March 8, 2023 at 2:09 PM
To: Brian Behlendorf <bbehl...@linuxfoundation.org>, Bruno Domingues <brun...@gmail.com>, Melba Lopez <Melba...@ibm.com>
Cc: Jennifer Bly <jb...@linuxfoundation.org>, Scott Westover <westov...@google.com>, OpenS...@speakeasystrategies.com <OpenS...@speakeasystrategies.com>, Isaac Hepworth <isa...@google.com>, Michael Lieberman <mliebe...@gmail.com>, Joshua Lock <jl...@vmware.com>, slsa-di...@googlegroups.com <slsa-di...@googlegroups.com>, kay...@chainguard.dev <kay...@chainguard.dev>, soro...@chainguard.dev <soro...@chainguard.dev>, Kimberly Samra <kimber...@google.com>, Jeffrey Borek <jbo...@us.ibm.com>

Subject: [EXTERNAL] RE: Comms for SLSA 1.0 — let's plan

Hi Brian, I don’t think we can really say that the Community Spec protocol was followed rigorously per se but I don’t think we are too far off. First the fact is that the 1. 0 document is still being worked on so the decision to accept it as

To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/DM4PR15MB5378B0131BED0BA2B23F87D0F4B49%40DM4PR15MB5378.namprd15.prod.outlook.com.

[Brian Behlendorf]

Got it, thanks! I just want us to be clear that it's ready for tools vendors, process mavens, and people thinking about provenance and traceability in the context of new regulations, to dive in and consume and integrate with.

De we think a formal press release is worthwhile here? Something to elevate it above the average blog post, use it as a highlight for press pre-briefs, and tie it to other trends in the news? I'd support that.

Brian

-- 
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehl...@linuxfoundation.org
Twitter: @brianbehlendorf

[Aaron Bacchi]

I’m happy to contribute a couple sentence quote from the industry consumer perspective (Verizon) for the OpenSSF release- I could work w my comms team to get the sign off. Just reach out. 

Thanks

Aaron

To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/49c62151-c9a3-cfb7-6440-2e2a01ca47c0%40linuxfoundation.org.

[Isaac Hepworth]

Thanks all, great to see the excitement here. I definitely share it!

Aaron, particular thanks for volunteering to provide a quote. I suspect we'll want to take you up on that.

I think we can perhaps split the work at hand into two at least to get started:

1. Crafting the comms around the 1.0 Stable release: developing a crisp message which lands well with the audiences about which we care. We have a great existing venue for this work in the form of the SCI Positioning working group. I'd propose that we have the group draft and circulate an initial set of talking points from which we can flesh out fuller comms.
2. Creating and driving a plan for distribution of the message. Here we currently have a gap, afaict, and it was this that I was hoping we might address. Work here would include determining the scope and nature of the comms (to your point, Brian), how PR could help (to yours, Jennifer), which collaborating companies will echo (hi Melba, Bruno, Michael, Scott, Kaylin, etc), what press outreach will look like, etc.

My working hypothesis is that we'll want OpenSSF squarely at the center of (2), and I understand from chatting with Jennifer that she's the right person to pick it up in the first instance. Perhaps I can frame where we're at in a one-pager and we can begin there?

Isaac

[Brian Behlendorf]

Jennifer Bly coordinates messaging across OpenSSF, and while we are extremely deferential to the project communities and local expertise for the specifics, we will want to ensure we're hitting a tone consistent with other OpenSSF comms and voice. So please include her in stream 1. On stream 2 we will need everyone's help of course, but Jennifer oversees the OpenSSF social, blog, and press release channels.

Brian

[Isaac Hepworth]

Makes sense, thanks Brian.

I drafted a one-pager to get us started, or at least on the same page; please take a look and holler if anything looks off, or surprising.

@Jennifer Bly, I made you an editor to take this forward (or discard, and create/share your own!). It's open to suggestions/comments from everyone else.

@Melba Lopez, might we add this to the agenda of the next SCI Positioning meeting?

Isaac

[Melba Lopez]

Yes we can add it as an agenda item 😊

 

I know there are some follow-up blogs we were planning/working on to release shortly after as well to help promote/explain the why’s/how to various audiences. 

 

Melba Lopez

STSM, Supply Chain Security

E-mail: Melba...@ibm.com

Phone: (512) 850-9511

 

My working hours may not be your working hours! Please don’t feel obliged to read or reply to this e-mail outside of your normal working hours.

 

 

From: Isaac Hepworth <isa...@google.com>
Date: Wednesday, March 8, 2023 at 6:04 PM
To: Brian Behlendorf <bbehl...@linuxfoundation.org>
Cc: Aaron Bacchi <aaron....@gmail.com>, Jennifer Bly <jb...@linuxfoundation.org>, Arnaud Le Hors <leh...@us.ibm.com>, Bruno Domingues <brun...@gmail.com>, Jeffrey Borek <jbo...@us.ibm.com>, Joshua Lock <jl...@vmware.com>, Kimberly Samra <kimber...@google.com>, Melba Lopez <Melba...@ibm.com>, Michael Lieberman <mliebe...@gmail.com>, OpenS...@speakeasystrategies.com <OpenS...@speakeasystrategies.com>, Scott Westover <westov...@google.com>, kay...@chainguard.dev <kay...@chainguard.dev>, slsa-di...@googlegroups.com <slsa-di...@googlegroups.com>, soro...@chainguard.dev <soro...@chainguard.dev>
Subject: [EXTERNAL] Re: Comms for SLSA 1.0 — let's plan

Makes sense, thanks Brian. I drafted a one-pager to get us started, or at least on the same page; please take a look and holler if anything looks off, or surprising. @Jennifer Bly, I made you an editor to take this forward (or discard, and

ZjQcmQRYFpfptBannerStart

[Jennifer Bly]

Hi everyone,

Thank you for your enthusiasm! I am looking forward to making this a great announcement. 

I'd really like to get a better sense of the timeline here as the end of March is only 2.5 weeks away, and we will have quite a few moving pieces to make sure we're all in snyc and then to execute on our plan. Would it be possible to aim for the 1.0 release later on a set date in April to give ourselves more time? 

Thanks to Issac for getting the one-pager started, looks great so far. Let's work from that and continue to build from there. Thank you Melba for adding this as an agenda item on the next SCI call, I would like to lean on this group to develop the messaging themes.

Aaron, would love to take you up on providing a quote, and likewise from each of your organizations and others recommended - please leave your recommendations on who else might be able to provide a testimonial in the document or contact me directly.

Best,
Jennifer

[Kris Kooi]

As a point of clarification, the comment period ends on March 24, but we haven't committed to a release date for the final version. We'll probably want at least a week after comments close to address any last-minute feedback, but I wouldn't personally want to push the release date too far into April.

Best,

Kris

To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/CAKyRQsVCtU%2B_gkyuj3ECgrtmJCBcHVmvYxPXspXK8hkqiiK3rg%40mail.gmail.com.

[Isaac Hepworth]

Thanks all! Particular thanks to Jennifer for taking this forward from here. I agree with Kris fwiw on release date. 

One quick note on the follow-up blog posts being planned: it'd be great imo if we had a very deliberate and careful eye on what information might be diverted instead to the core SLSA documentation. Particularly the "how"-type concerns might best belong there, and there's an existing issue capturing the target docs structure we can hang stuff off of.

Perhaps this is a conversation we can have in the Positioning working group next week too. I've added a couple of proposed items to the agenda corral.

Thanks again,

Isaac

[Emmy Eide]

Hi team, 

Sorry I am a bit late in responding. I was on PTO. Red Hat would like to participate in comms as well. Adding @Kathleen Goeschel and @Laura Seay (and myself) to help with that. 

Emmy Eide

She/Her

Director, Product Security, Software Supply Chain

Red Hat

To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/CAMYDBzE8%2BwJw3zQFgJ96%3DUrv%3Dm_%3DTynzppUO57Fxf8U44Vg7Jg%40mail.gmail.com.

[Jennifer Bly]

Thanks Emmy! 

And I'd like to set up a call in the next week for anyone who is able to make it for us to kick off the comms planning for SLSA 1.0. I started a doodle poll here to find a good time: https://doodle.com/meeting/participate/id/enR28vle Would be great to have someone from your organizations to join to discuss and coordinate strategy, but for anyone who is unable to make this call, we'll be sure to take notes.

Best,

Jennifer

--

[Jennifer Bly]

Hi everyone, looks like the best time for many of us is Wednesday, March 15th at 4 PM ET, so I will send around an invite for everyone on this email thread. If I am missing anyone please feel free to forward the invite. And I look forward to discussing strategy tomorrow with those who can make it. For anyone who can't, we will provide notes.

Best,

Jennifer

[Kaylin Trychon]

Thanks, Jennifer! 

--

Kaylin Trychon Vice President of Global Marketing, Communications & External Affairs  Chainguard kay...@chainguard.dev  |  978.490.4036 | chainguard.dev

[Laura Seay]

Thank you! 

--

Laura Seay 
Manager, Product Security Supply Chain Operations 
Red Hat
Email: ls...@redhat.com  
Mobile: (407)267-5666

[Claudia Ring]

I'd love to jump on if you can add me to the invite as well!

Claudia Ring

VP of Marketing

cla...@activestate.com

To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/CAChgSwTemz92xn8BxPd8T_GA55EnQna5Fxeht8vrAJ1bAnARiw%40mail.gmail.com.

[Jennifer Bly]

Hi Everyone,

Picking back up on this thread, now that we have a target date for the SLSA 1.0 release - that being April 19th - I have populated the SLSA 1.0 Comms Plan document with a timeline with some hard dates. I'd appreciate if you could take a look and suggest adjustments if you have any concerns or if something might be missing. 

Most pertinent for many of us here will be that we're looking for company quotes by EOD April 7th that can be inserted directly into the press release draft in progress. Any questions? Please let me know.

Best,

Jennifer

[Jennifer Bly]

Hi everyone,

I want say a big thank you to everyone who has contributed to the SLSA 1.0 Press Release. We are closing in on the final version, so if you want to give one last glance before we call it final tomorrow, please do so. Next week we will begin our media outreach, and our media list is attached. We have settled on releasing the PR on April 19th at 9:00 AM ET at which time the press embargo will lift. Your support in sharing about it with your own networks after that time will be most appreciated.

If you haven't yet shared your approved company quote for in the release or social media handles that you'd like tagged on the day of the announcement, please do.

Best,

Jennifer

Thank you! 

Kaylin Trychon Vice President of Global Marketing, Communications & External Affairs  Chainguard kay...@chainguard.dev  |  978.490.4036 | chainguard.dev

--

Laura Seay 
Manager, Product Security Supply Chain Operations 
Red Hat
Email: ls...@redhat.com  
Mobile: (407)267-5666

[Sharla Lane]

Hi all – Sharla from the Speakeasy Strategies PR team (supporting OpenSSF). To add to what Jennifer shared below, if we get requests for additional commentary, or to speak to someone quoted in the release, we will be sure to reach out and connect you. Tl;dr version:

 

We are:

• Finalizing release tomorrow. If you haven't yet shared your approved company quote for in the release or social media handles that you'd like tagged on the day of the announcement, please do.
• Pitching pre-brief interviews now (marked in the attached)
• Planning to include the release in KubeCon Europe media package (deadline April 10)
• Pitching day-of to full media list, including interview availability for OpenSSF and contributors
• Blog, social posts, media release to go live April 19 at 9am ET
• SLSA contributors welcome to do more media outreach outside of this core list
• We’d love for you to share on your social networks and blogs as well

 

Congrats on the 1.0 release!

 

Thanks,

Sharla

202-664-0499

[Isaac Hepworth]

Thanks all — this is looking great! Great work pulling this all together, Jennifer; with so much now in motion it's hard to believe that this thread started just a month ago.

Excited,

Isaac

[Jennifer Bly]

Hi everyone, 

The press release is finalized: OpenSSF Announces SLSA Version 1.0 Release with quotes from ActiveState, Chainguard, Google, IBM, Intel, Kusari, Microsoft, Red Hat, VMware, and GitHub! As a reminder, this is under embargo until April 19th at 9 AM ET so please do not share until after that time, but at which point, please plan to help us share this news widely. A big thanks to each of you for helping to make this happen. 

The main graphic we will use for the announcement is attached and additional graphics with individual company quotes for sharing on your social channels are in this folder. Recommended posts could go something along the lines of this, but please feel free to adapt for your own channels in your own style with your own commentary (the link below is not live yet, but will be at 9 AM ET on the 19th):

Twitter:

Supply chain attacks are an ever-present threat ⚠️ that's why we're excited about the @theOpenSSF SLSA version 1.0 release today 🎉 SLSA provides specifications for software supply chain security, established by community expert consensus #OSSecurity https://openssf.org/press-release/2023/04/19/openssf-announces-slsa-version-1-0-release/

Mastodon: 

Supply chain attacks are an ever-present threat ⚠️ that's why we're excited about the @ope...@social.lfx.dev SLSA version 1.0 release today 🎉 SLSA provides specifications for software supply chain security, established by community expert consensus #OSSecurity https://openssf.org/press-release/2023/04/19/openssf-announces-slsa-version-1-0-release/ 

Linkedin:

Supply chain attacks are an ever-present threat ⚠️ that's why we're excited about the OpenSSF SLSA version 1.0 release today 🎉 https://openssf.org/press-release/2023/04/19/openssf-announces-slsa-version-1-0-release/ SLSA provides specifications for software supply chain security, established by community expert consensus. SLSA’s framework is organized into a series of levels that describe increasing security rigor, designed to give confidence that software hasn’t been tampered with and can be securely traced back to its source. The stable release of the SLSA 1.0 Build Track lowers the barrier of entry for improvements, helps you focus efforts on improving your build, and reduces the chances of tampering across a large swath of the supply chain. #OSS #OSSecurity #SLSA #SoftwareSupplyChain #SoftwareSupplyChainSecurity 

Best,
Jennifer

[Isaac Hepworth]

Fantastic — thank you Jennifer.

Excited!

Isaac

[Michael Lieberman]

This is awesome!

[Peter Wells]

Great news :) The team at Projects by IF will be amplifying the message!

To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/CAPdZWJciwEu55mHBF3Q_h5gpQwz0PpHv81x%2BT-CFPmxJaKqROQ%40mail.gmail.com.

[Melba Lopez]

Woo hooo!! 

---

From: Peter Wells <peter...@gmail.com>
Sent: Thursday, April 13, 2023 11:38:34 AM
To: Michael Lieberman <mliebe...@gmail.com>
Cc: Isaac Hepworth <isa...@google.com>; Jennifer Bly <jb...@linuxfoundation.org>; Sharla Lane <sha...@speakeasystrategies.com>; Laura Seay <ls...@redhat.com>; Kaylin Trychon <kay...@chainguard.dev>; Aaron Bacchi <aaron....@gmail.com>; Arnaud Le Hors <leh...@us.ibm.com>; Brian Behlendorf <bbehl...@linuxfoundation.org>; Bruno Domingues <brun...@gmail.com>; Emmy Eide <ee...@redhat.com>; Jeffrey Borek <jbo...@us.ibm.com>; Joshua Lock <jl...@vmware.com>; Kathleen Goeschel <kgoe...@redhat.com>; Kimberly Samra <kimber...@google.com>; Kris Kooi <kk...@google.com>; Melba Lopez <Melba...@ibm.com>; OpenS...@speakeasystrategies.com <OpenS...@speakeasystrategies.com>; Scott Westover <westov...@google.com>; Suzanne Ambiel <amb...@vmware.com>; Tim Pepper <tpe...@vmware.com>; slsa-di...@googlegroups.com <slsa-di...@googlegroups.com>; soro...@chainguard.dev <soro...@chainguard.dev>; Jose Palafox <josep...@github.com>; Samantha Chau <samant...@github.com>; Christopher Blake <blak...@us.ibm.com>; Resham R Kulkarni <rrku...@us.ibm.com>; Jay White <jayw...@microsoft.com>; Laura Paine <laur...@github.com>

Subject: [EXTERNAL] Re: Comms for SLSA 1.0 — let's plan

 

Great news :) The team at Projects by IF will be amplifying the message! On Thu, Apr 13, 2023 at 4: 55 PM Michael Lieberman <mlieberman85@ gmail. com> wrote: This is awesome! On Thu, Apr 13, 2023 at 11: 55 AM Isaac Hepworth <isaach@ google. com>

ZjQcmQRYFpfptBannerStart

This Message Is From an Untrusted Sender

You have not previously corresponded with this sender.

 

ZjQcmQRYFpfptBannerEnd

[Claudia Ring]

This is fabulous, great work Jennifer, making this all happen!  Congratulations to everyone who put so much time and effort into making 1.0 a reality, we can't wait to chime and support the community from the ActiveState side!

Claudia Ring

VP of Marketing

cla...@activestate.com

To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/MW4PR15MB455528E2AB63580E7F5371F6F6989%40MW4PR15MB4555.namprd15.prod.outlook.com.

[Sharla Lane]

Hi all,

 

Just a friendly reminder that the release is queued up to go live tomorrow at 9am ET. More details below:

 

• If you haven't yet shared the social media handles that you'd like tagged on the day of the announcement, please do.
• The release is included in the KubeCon Europe media package
• Pre-brief interviews completed with:
• TechTarget, Beth Pariseau
• SDx Central, Sean Michael Kerner
• Has news under embargo:
• CSO, Michael Hill
• Dark Reading, Fahmida Rashid
• The New Stack, Steven Vaughan Nichols
• The Register, Jessica Hardcastle
• VentureBeat, Tim Keary
• Pitching day-of to full media list (attached), including interview availability for OpenSSF and contributors

• Blog, social posts, media release to go live April 19 at 9am ET

• We’d love for you to share on your social networks and blogs as well

 

Thanks again for your participation,

Sharla

[Jennifer Bly]

Hi everyone,

The press release is live!

On the OpenSSF site: https://openssf.org/press-release/2023/04/19/openssf-announces-slsa-version-1-0-release/ 

On PRNewswire: https://www.prnewswire.com/news-releases/openssf-announces-slsa-version-1-0-release-301800584.html 

Our initial social media posts that'd we'd appreciate the help boosting:

Twitter: https://twitter.com/theopenssf/status/1648673347222360066 

Mastodon: https://social.lfx.dev/@openssf/110225615249793087

LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:7054439587913289728 

Plus we will be sharing company quotes on Twitter throughout the day.

Best,

Jennifer

[Isaac Hepworth]

Fantastic — thank you Jennifer and huge congratulations to the team 🙌

[Kaylin Trychon]

Thank you soo much, Jennifer! So great to see the buzz around this announcement here at Kubecon EU!

[Yorkim Parmentier]

Congratulations to all involved in pushing this project over the finish line! It's great to see the positive reception that it's receiving.

To view this discussion on the web visit https://groups.google.com/d/msgid/slsa-discussion/CAM8dGvT%3DkH2VDZu%3DPJCvFCoq%3DT9k4TuNwxn07MMjUKMYfk1vQw%40mail.gmail.com.

--

Regards

Yorkim Parmentier |

Senior TPM, PSS PMO |  Feedback |

yor...@google.com |

+1 650 750 5385

[Scott Westover]

Congrats, everyone! And thanks so much for leading the charge, Jennifer! 

[Jennifer Bly]

Thanks everyone, this was all made possible by an amazing community effort!

To share a quick update on SLSA 1.0 announcement reception so far:

Earned Media Coverage (as of April 20th at 12 PM ET)

 

CSO Online - OpenSSF releases SLSA v1.0, adds software supply chain-specific tracks

The New Stack - OpenSSF Boosts Software Supply Chain Security with SLSA 1.0

SDX Central - OpenSSF gives supply chain security a boost with SLSA 1.0

Heise - Software Supply Chain: GitLab bringt Sicherheit, Effizienz und KI in Einklang

Linux Magazin - KubeCon & CloudNativeCon Europe: OpenSSF veröffentlicht SLSA 1.0

Le Entrepreneur - OpenSSF renforce la sécurité de la chaîne d’approvisionnement avec SLSA 1.0

Techzine Europe - OpenSSF strengthens supply chain security with SLSA 1.0

SD Times - Version 1.0 of SLSA provides specifications for software supply chain security

DevClass - Open source devs finally get a taste of full strength SLSA

AP News – Press release pickup (1 of 383 exact match pickups) 

Owned Content

 

OpenSSF press release - OpenSSF Announces SLSA Version 1.0 Release - 507 views

PRNewswire – Press release to the wire - 847 views, 93 click-throughs

Social Media

56,844 impressions of @theopenssf SLSA 1.0 tweets

1,767 impressions of @OpenSSF SLSA 1.0 Linkedin post

Plus I know there are quite a few more from all of your accounts beyond. If there are any other content pieces I missed or other stats anyone would like to add, please do!

 

Best,
Jennifer

--

Jennifer Bly

Sr. Marketing & Communications Manager

OpenSSF  | The Linux Foundation

https://openssf.org/

On Wed, Apr 19, 2023 at 11:13 AM Emmy Eide <ee...@redhat.com> wrote:

Agreed! A lot of work went into this version. More than most people will ever know. Well done, and thank you to all involved. 

Emmy Eide

She/Her

Director, Product Security, Software Supply Chain

Red Hat