Skip to content

Latest commit

 

History

History
49 lines (31 loc) · 1.84 KB

Security-WG-Charter.md

File metadata and controls

49 lines (31 loc) · 1.84 KB

OPEA Security Working Group Charter

Mission

The OPEA Security Working Group aims to establish a "Security First" mindset in the community in order to prevent and respond to security issues.

Problem Statement

It’s often the case that security is only prioritized after a problem – at which point it’s the hardest most expensive time to address. Moreover without a structured response process in place security issues are even more difficult to remediate.

Scope and Priority

The Security Working Group will adopt best practices from established security organizations and educate the community to ensure widespread adoption, i.e., security is everyone's responsibility. Working Group members will also act as subject matter experts to help review pull requests for secure design and implementation.

Goals and Objectives

EOY 2024 Goals

  • Coach maintainers through OpenSSF Security Best Practices Badge process [1].
  • Get our OpenSSF scorecard up and the scores understood [2].
  • Add security deployment mechanisms like Confidential Computing [3].
  • Add secure (vulnerability) reporting process [4].

[1] https://www.bestpractices.dev/en

[2] https://github.com/ossf/scorecard

[3] https://confidentialcomputing.io/

[4] https://github.com/ossf/oss-vulnerability-guide/blob/main/maintainer-guide.md

Decision-making Governance

Most initiatives are intended to be realized through existing community mechanisms like pull requests to the main repositories. In rare cases where the working group may need to make decisions outside of existing processes we will prefer consensus decision making and escalate to the TSC as needed.

Join