This Education SIG is a group working within the OpenSSF's Best Practices Working Group formed to advance and deliver upon The OpenSSF's Mobilization Plan - Stream 1. This SIG is dedicated to providing industry standard secure software development training materials that will educate learners of all levels and backgrounds on how to create, compose, deploy, and maintain software securely using best practices in cyber and application security.
Historically, little attention is paid in traditional software engineering coursework that highlights and teaches the importance of good cyber security hygiene and secure development techniques. Complicating the lack of trained developers is the ever-growing shortage of trained cyber security professionals that can assist developers as they create, test, and release their code.
- Provide access to open and widely available education materials to all learners
- Materials will be maximally accessible and easy to consume for all learners
Deliver Baseline Secure Software Development Education and Certification to All by:
- Collecting & Curating Content
- Expanding Training
- Rewarding & incentizing Developers
- Currently the SIG is focsued on finalizing the EDU.SIG Plan rewrite. Comments, feedback and PRs welcome!
- We've recently started to assemble a DEI subcommittee to focus on moving forward our desire to provide education and training to learners of all levels and backgrounds, especially for historically underserved and underrepresented communities within the open source ecosystem. You can particpate and learn more on our EDU.SIG DEI Slack Channel
- We have an open call for cybersecurity and open source development content. Please contact us through our lists, slack, or github repo if you are interested in contributing and collaborating with us!
[What is in and out of scope]
- Training and education around secure software development, management, deployment, distribution and data access controls
- Incentivize learning and hiring of certified practictioners
- Provide platform(s) for showcasing certifications for learners
- Collaboration with educators
- Improve existing security education and OSS project security with our educational material
- Reporting of unknown security vulnerabilities in open source projects or taking action to remediate vulnerabilities.
- Helping projects or individual enterprises with remediating their own security exposures from another open-source project’s security vulnerabilities
- Providing personal guidance or feedback to individuals or groups using the educational materials
- Assisting with technical issues related to the educational materials
Details of what the SIG will be delivering can be found in the revise plan
The SIG currently has two initiatives it is caretaking at this time:
- The OpenSSF's Education Plan
- The Glossary that contains terms and definitions and how they are used across the OpenSSF
- Official communications occur on the [email protected].
Manage your subscriptions to Open SSF mailing lists. - Mobilization Stream 1 Slack
- Developer Best Practices WG Slack
- Education SIG Diversity & Inclusion Sub-committee Slack
- Education SIG Diversity & Inclusion Sub-committee Mailing List
- Areas that need contributions
- Review of the Proposed Education Plan
- Review of terms/definitions in the Glossary
- Where to file issues - https://github.com/ossf/education/issues
-
The Full SIG meets every other Wednesday @ 09:00am EST. The invite is available on the OpenSSF Community Calendar.
-
The Diversity, Equality, and Inclusion (DEI) subcommittee meets every other Tuesday @ 11am EST. The invite is available on the OpenSSF Community Calendar.
-
The Diversity, Equality, and Inclusion (DEI) subcommittee meets every other Tuesday @ 11am EST. The invite is available on the OpenSSF Community Calendar.
The CHARTER.md outlines the scope and governance of our group activities.
- Lead name: CRob
- Co-Lead name: Dave Russo
- Christopher "CRob" Robinson, Intel
- Dave Russo, Red Hat
- David A Wheeler, LF/OSSF
- Emily Fox, Apple, CNCF TOC
- Glenn ten Cate, SKF
- Judy Kelly, Red Hat
- Sal Kimmich, Sonatype
- VM (Vicky) Brasseur, Wipro
- Avishay Balter, Microsoft
- Brian Fox, Sonatype, OSSF GB
- Christine Abernathy, F5
- Dan Appelquist, Snyk
- Eric Tice, Wipro
- Georg Kunz, Ericsson
- Marta Rybczynska, OSTC
- Matt Rutkowski, IBM
- Randall T. Vasquez, Gentoo/Homebrew
- Riccardo ten Cate, SKF
- Sebastian Crane, SPDX
- Co-Lead Christine Abernathy, F5
- Co-Lead Jay White, Microsoft