Skip to content

Latest commit

 

History

History
84 lines (57 loc) · 7.01 KB

goals.md

File metadata and controls

84 lines (57 loc) · 7.01 KB

End User Working Group

Mission and Goals

The End Users Working Group (WG) represents the interests of public and private sector organizations that primarily consume open source rather than produce it.

The mission of the End User Working Group is to ensure that the distinct and impactful voice of end users is heard in the development and delivery of the technical vision of OpenSSF.

Our goals:

  • Ensure that the use cases for end user consumption of open- source software are understood and factored into OSSF programs.
  • Provide the resources required by End Users to develop and implement more efficient and effective strategies, processes, tools, best practices and solutions that secure software supply-chains
  • Provide a forum for learning from the experience and insights of peers
  • Create an End Users working group, with representation from key private industry, public sectors, and multiple geographical regions.
  • Establish user representation and active participation in OpenSSF working groups and leadership, both in the TAC and the Governing Board

Draft Definition

The End Users Working Group represents the interests of public and private sector organizations that primarily consume open- source rather than produce it.

Draft Mission

TAC blog post

The mission of the End User Working Group is to:

  • Ensure that the distinct and impactful voice of end users from all industries, sectors and geographies are heard in the development and delivery of the technical vision of OpenSSF.
  • Provide an open-forum for end-users to collaboratively (1) Describe the challenges of identifying and deploying open- source software in a secure way, (2) create guidance to address those challenges , and (3) share and contribute to end user solutions and developing best practices to address those challenges.
  • Promote open-source security and OpenSSF offerings to industry and government peers who are facing similar challenges.

Draft Initial Deliverables

  • Ensure that the use cases for end users consumption of open- source software is understood and factored into OSSF programmes.
    • Refine Personas document
    • Develop a high level architecture and threat model of an end user within the supply chain
    • Identify controls/checks of interest to consumers when ingesting OSS / vendor software (OSSF Scorecard)
  • Bring more end users and their perspectives into the End Users working group, ensuring representation from as many industries, sectors and geographical regions as possible
    • Contact list showing multiple Linux Foundation groups contacted, individual companies also contacted
  • Establish End User representation and active participation in OpenSSF leadership, both TAC and the Governing Board
    • Create matrix to show representation within working groups
      • Identify sub-team / focus areas
        • Recruitment
        • Marketing
        • Promote best practices and outreach
  • Development of guides, whitepapers and materials focused on strategies and solutions for better security in software supply chains and open source software, and targeted towards end users.
    • Phase 1: Identify which guides / material is missing from existing material

Intro Email

Draft - OpenSSF End User Working Group Intro Document

The Open Source Security Foundation (OpenSSF: openssf.org), a cross-industry organization hosted at the Linux Foundation, is working with technology companies, enterprises and government bodies globally, to address the security of open- source software. The End Users Working Group (WG) represents the interests of public and private sector organizations in the OpenSSF that primarily consume open source rather than produce it.

The mission of the End User Working Group (EUWG) is to ensure that the distinct and impactful voice of end users is heard in the development and delivery of the technical vision of OpenSSF.

Our goals:

  • Ensure that the use cases for end user consumption of open source software are understood and factored into OpenSSF programs.
  • Provide the resources required by End Users to develop and implement more efficient and effective strategies, processes, tools, best practices and solutions that secure software supply-chains
  • Provide a forum for learning from the experience and insights of peers
  • Create and maintain an End Users working group, with representation from key private industry, public sectors, and multiple geographical regions.

Introduction: End User WG Intro

Introduction to OpenSSF

Open Source Security Foundation (OpenSSF) brings together the world’s most important open source security initiatives, and the companies and individuals that support them, to identify and fix security vulnerabilities in open- source software and develop improved tooling, training, research, best practices, and vulnerability disclosure practices.

What are the open- source software supply chain security challenges?

Open-source software has become the foundation on which our digital economy is built. Recent vulnerabilities, such as the one impacting Log4j, have caused governments and businesses to prioritize software supply chain security and realize the need to be fully abreast of the open source ecosystem, as well as contributing to it. For more information please see: OpenSSF: State of open-source security 2022, from Snyk and the Linux Foundation.

End User WG Mission

The mission of the End User Working Group is to:

  • Ensure that the distinct and impactful voice of end users from all industries, sectors and geographies are heard in the development and delivery of the technical vision of OpenSSF.
  • Provide an open-forum for end-users to collaboratively (1) Describe the challenges of identifying and deploying software that includes open-sourceopen source software in a secure way, (2) create guidance to address those challenges , and (3) share and contribute to end user solutions and developing best practices to address those challenges.
  • Promote open-source security and OpenSSF offerings to industry and government peers who are facing similar challenges.

This is a new working group within OpenSSF and to ensure the voice of the end user is strongly represented, we are looking for enterprise end users from across industries and geographies to join and actively contribute. You do not need to be a Linux Foundation or OpenSSF member to join the working group.