The OpenSSF Technical Advisory Council is responsible for oversight of the various Technical Initiatives of the OpenSSF.
Official communications occur on the TAC mailing list. Manage your subscriptions to Open SSF mailing lists.
Informal discussions occur in the TAC channel of the OpenSSF Slack. To join, use the following invite link.
Use Github Issues to request and discuss agenda items.
The TAC meetings minutes are online and appear on the OpenSSF Community Calendar.
Meetings are also recorded and posted to the OpenSSF YouTube channel.
| Name | Organization | Term | |
|---|---|---|---|
| Abhishek Arya | [email protected] | April 2022 - March 2023 | |
| Aeva Black | [email protected] | Microsoft | April 2022 - March 2023* |
| Bob Callaway | [email protected] | April 2022 - March 2023 | |
| CRob Robinson | [email protected] | Intel | April 2022 - March 2023* |
| Dan Lorenc | [email protected] | Chainguard | April 2022 - March 2023 |
| Josh Bressers | [email protected] | Anchore | April 2022 - March 2023* |
| Luke Hinds | [email protected] | Red Hat | April 2022 - March 2023 |
NOTE: * marked entries denote OpenSSF Governing Board appointed members, others are community elected.
The TAC is chartered as part of the Open Source Security Foundation Charter.
The following Technical Initatives have been approved by the TAC:
| Name | Repository | Notes | Status |
|---|---|---|---|
| Vulnerability Disclosures | https://github.com/ossf/wg-vulnerability-disclosures | Meeting Notes | Incubating |
| Security Tooling | https://github.com/ossf/wg-security-tooling | Meeting Notes | Incubating |
| Security Best Practices | https://github.com/ossf/wg-best-practices-os-developers | Meeting Notes | Incubating |
| Identifying Security Threats | https://github.com/ossf/wg-identifying-security-threats | Meeting Notes | Incubating |
| Securing Critical Projects | https://github.com/ossf/wg-securing-critical-projects | Meeting Notes | Incubating |
| Supply Chain Integrity | https://github.com/ossf/wg-supply-chain-integrity | Meeting Notes | Incubating |
| Securing Software Repositories | https://github.com/ossf/wg-securing-software-repos | Meeting Notes | Incubating |
| End Users | https://github.com/ossf/wg-endusers | Meeting Notes | Incubating |
| Name | Repository | Notes | Sponsoring Org | Status |
|---|---|---|---|---|
| Allstar | https://github.com/ossf/allstar | Meeting Notes | Securing Critical Projects WG | TBD |
| Best Practices Badge | https://github.com/coreinfrastructure/best-practices-badge | Mailing list | Best Practices WG | TBD |
| Criticality Score | https://github.com/ossf/criticality_score | Meeting Notes | Securing Critical Projects WG | TBD |
| Fuzz Introspector | https://github.com/ossf/fuzz-introspector | Meeting Notes | Security Tooling WG | TBD |
| OSV Schema | https://github.com/ossf/osv-schema | Meeting Notes | Vulnerability Disclosures WG | TBD |
| Package Analysis | https://github.com/ossf/package-analysis | Meeting Notes | Securing Critical Projects WG | TBD |
| Package Feeds | https://github.com/ossf/package-feeds | Meeting Notes | Securing Critical Projects WG | TBD |
| Repository Service for TUF | https://github.com/vmware/repository-service-tuf | TBD | Securing Software Repositories WG | Sandbox |
| Scorecard | https://github.com/ossf/scorecard | Meeting Notes | Best Practices WG | TBD |
| Security Insights Spec | https://github.com/ossf/security-insights-spec | Meeting Notes | Identifying Security Threats WG | TBD |
| Security Metrics | https://github.com/ossf/Project-Security-Metrics | Meeting Notes | Identifying Security Threats WG | TBD |
| Sigstore | https://github.com/sigstore | Meeting Notes | OpenSSF TAC | TBD |
| Name | Repository | Notes | Status |
|---|---|---|---|
| GNU Toolchain Infrastructure | Coming Soon | TBD | TBD |
| Alpha Omega | https://github.com/ossf/alpha-omega | TBD | TBD |
Charters for these Technical Intiatives are located in the Charters directory of this repository.
Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.
Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent