[Action Requested] Call for 2022 WG Priority Ideas
15 views
Skip to first unread message
David A. Wheeler
Oct 20, 2021, 7:51:27 PM10/20/21
to wg-securing-critical-projects, Brian Behlendorf, Jory Burson
All:
We want to help ensure that everyone’s ideas are tapped into when creating the first draft of the OpenSSF budget for 2022.
Please reply on this mailing list, by next Tuesday October 26, what you think this working group (or the OpenSSF more broadly) should do in 2022. Please focus on what you think should be the top priorities & why (since there are limited resources). Brian, Jory, & I will try to collate the ideas so the governing board & TAC can discuss them further.
If you want some ideas, you can look at the OpenSSF Wishlist:
https://docs.google.com/document/d/1yLo713am8_hvU90Lw0YdYBvXhfTjh7Shn4ATXPNX9ic/edit
--- David A. Wheeler (& Brian Behlendorf & Jory Burson)
David A. Wheeler
Oct 20, 2021, 7:53:59 PM10/20/21
to wg-securing-critical-projects, Brian Behlendorf, Jory Burson
Derek Zimmer
Oct 28, 2021, 10:18:22 PM10/28/21
to David A. Wheeler, wg-securing-critical-projects, Brian Behlendorf, Jory Burson
I think out of where our priorities overlap (OSTIF and OpenSSF) we should:
(as a workgroup) Continue refining and improving our criteria to help
identify and, most importantly, prioritize critical projects. One of
the key problems we face with these ideas is that we can build many
lists and justify why certain projects are members of that list, but
with very limited resources we have to admit to ourselves that we only
have the budget to work on 20-50 projects in a significant capacity.
We have to identify who needs the most help among the projects that
are the most critical to the ecosystem in order to maximize our
impact.
(as openssf) Direct alpha-omega on prioritization of projects for
review. In my opinion repos, compilers, and interpreters should have
supply chain security reviewed as a priority, and should be the first
in line for things like free yubikeys and free security consulting.
(as OSTIF) Continue to secure funding to review projects that are
identified as high priority by this working group.
Derek Zimmer
Executive Director
Open Source Technology Improvement Fund
> --
> You received this message because you are subscribed to the Google Groups "wg-securing-critical-projects" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to wg-securing-critical...@googlegroups.com.
> To post to this group, send email to wg-securing-cr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/wg-securing-critical-projects/0B6DB9E1-9A6F-42FC-9F3E-08CA5920BDCE%40linuxfoundation.org.
> For more options, visit https://groups.google.com/d/optout.
(as a workgroup) Continue refining and improving our criteria to help
identify and, most importantly, prioritize critical projects. One of
the key problems we face with these ideas is that we can build many
lists and justify why certain projects are members of that list, but
with very limited resources we have to admit to ourselves that we only
have the budget to work on 20-50 projects in a significant capacity.
We have to identify who needs the most help among the projects that
are the most critical to the ecosystem in order to maximize our
impact.
(as openssf) Direct alpha-omega on prioritization of projects for
review. In my opinion repos, compilers, and interpreters should have
supply chain security reviewed as a priority, and should be the first
in line for things like free yubikeys and free security consulting.
(as OSTIF) Continue to secure funding to review projects that are
identified as high priority by this working group.
Derek Zimmer
Executive Director
Open Source Technology Improvement Fund
> You received this message because you are subscribed to the Google Groups "wg-securing-critical-projects" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to wg-securing-critical...@googlegroups.com.
> To post to this group, send email to wg-securing-cr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/wg-securing-critical-projects/0B6DB9E1-9A6F-42FC-9F3E-08CA5920BDCE%40linuxfoundation.org.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages