Comments (8)
david-a-wheeler
commented on August 15, 2024
1
This may be useful: What Is a Vision Statement?.
from tac.
david-a-wheeler
commented on August 15, 2024
Per the TAC meeting, it may be useful to look at the charter (adding more technical meat but still aspirational): https://github.com/ossf/foundation/blob/main/Review%20Copy%20Only%20-%20Not%20for%20Execution_OpenSSF%20Participation%20Agreement%20and%20Charter%20(rev.%202020%2011-10-2020).pdf
from tac.
david-a-wheeler
commented on August 15, 2024
Per the 2020-12-01 TAC meeting, the plan is to put proposed text in this issue & discuss it here in this issue. Final version will go into a document file on GitHub (e.g., TAC README.md or its own vision.md file); the final version will not be a Google docs document.
from tac.
kaywilliams
commented on August 15, 2024
I created rough draft vision as a starting point for discussion. I am copy pasting below, but I also created a google doc here, in case people want to put comments in the doc or experiment with revisions. (Sorry, I know we discussed keeping all iteration in the GitHub issue, but it felt unnatural to me.)
OpenSSF Technical Vision
We envision a future where participants in the Open Source Software ecosystem focus on delivering high quality products and services, with security handled naturally and automatically in the background. Aspects of this vision include the following:
- Security administrators (from project maintainers to government regulators) can specify security policy in a manner that can be easily automated.
- Developer tool providers can consume security policy and automate conformance across the developer workflow (from code commits to distribution).
- Developers can be informed when manual action is needed to remediate projects that have fallen out of conformance.
- Auditors can observe all actions (automated and manual) taken within the full supply chain of a software product.
- Consumers and researchers can identify security issues and have this information flow backwards through the supply chain to someone who can address the issue.
- Developers can provide notifications about product defects, mitigations, quality and supportability and have this information flow forward across the ecosystem system to all consumers.
<need a closing sentence?>
from tac.
JonZeolla
commented on August 15, 2024
Left some redlines in the doc
from tac.
kaywilliams
commented on August 15, 2024
Accepted, thanks @JonZeolla
from tac.
kaywilliams
commented on August 15, 2024
In the TAC meeting on Dec 15, we discussed the following next steps:
- Electronic Vote - due by January 8
- Kay to discuss with Ryan to kick off vote after 1st of the year
from tac.
kaywilliams
commented on August 15, 2024
Resolved with this merge.
from tac.
Related Issues (20)
- New issue template development for TI updates HOT 3
- [Technical Initiative Funding Request] - S2C2F PAS Submission Funding Request HOT 11
- Make getting/staying involved in TIs easier HOT 4
- WG lifecycle update HOT 4
- TAC Vote Needed - Enable GitHub Secret Scanning and Push Protection HOT 22
- Publish TI funding requests cycles. HOT 1
- Programmatic Help with Standardization HOT 1
- [Technical Initiative Funding Request]: Sigstore Documentation Modernization HOT 10
- Project Onboarding Action Items HOT 5
- Threat Model for an Open Source Project - Yes/No? HOT 12
- [Technical Initiative Funding Request]: Cybersecurity Workforce Development (Education Focus) HOT 18
- Add benefits/impact questions to TI funding request template
- Proposal: Expanding Security Benchmarks for Critical OSS in OpenSSF HOT 2
- Proposal: Funding Critical Projects POC with commercial vendors HOT 9
- Advice Needed - Staff-Produced Architecture Document Review Process HOT 5
- Should Scorecard Adoption in project-lifecycle.md besides TI Gives? HOT 2
- [IP policy and license review] Bomctl Sandbox Project Entry
- Provide Logos to Sandbox Projects HOT 5
- Resolve FRSCA HOT 6
- Resolve Status of Projects Lagging in Onboarding HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tac.