Skip to content

opea-project/Security-Working-Group

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 

Repository files navigation

OPEA Security Working Group Charter

Mission

The OPEA Security Working Group aims to establish a "Security First" mindset in the community in order to prevent and respond to security issues.

Problem Statement

It’s often the case that security is only prioritized after a problem – at which point it’s the hardest most expensive time to address. Moreover without a structured response process in place security issues are even more difficult to remediate.

Scope and Priority

The Security Working Group will adopt best practices from established security organizations and educate the community to ensure widespread adoption, i.e., security is everyone's responsibility. Working Group members will also act as subject matter experts to help review pull requests for secure design and implementation.

Goals and Objectives

EOY 2024 Goals

  • Coach maintainers through OpenSSF Security Best Practices Badge process [1].
  • Get our OpenSSF scorecard up and the scores understood [2].
  • Add security deployment mechanisms like Confidential Computing [3].
  • Add secure (vulnerability) reporting process [4].

[1] https://www.bestpractices.dev/en

[2] https://github.com/ossf/scorecard

[3] https://confidentialcomputing.io/

[4] https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md

Decision-making Governance

Most initiatives are intended to be realized through existing community mechanisms like pull requests to the main repositories. In rare cases where the working group may need to make decisions outside of existing processes we will prefer consensus decision making and escalate to the TSC as needed.

Join

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published