New Associate Member Application: Trifecta Tech Foundation

[hythloda]

What is your name? Erik Jonkers

What is your email? erik@trifectatech.org

What is your member company? Trifecta Tech Foundation

Identify which category their organization falls under: Non-profit

Link to your website: https://trifectatech.org/

What is your organizational mission statement: Open infrastructure software in the public interest

What drives your interest in joining the OpenSSF? We share OpenSSF's mission to secure open source software, in general and specifically for infrastructure software, and on the technical side, on memory safety

What are your organization’s aspirations for contributing to the OpenSSF, and how do you anticipate that your membership will bolster the OpenSSF's growth and support? We'd like to be a factor in increasing open source security, specifically memory safety, by contributing to best practises and tooling, but also by creating projects that are successful examples of real-world improvements that can be used to increase visibility of OpenSSF's mission.

Could you summarize your organization’s contributions to OpenSSF? We have not yet contributed to OpenSSF directly. We intend to contribute to the memory safety SIG. We are also a regular contributor to the Rust ecosystem which indirectly contributes to OpenSSF goals and projects. We have contributed (ie are the maintainers of) projects part of the Open Source Software Security Mobilization Plan, memory safety stream. (not sure this question is about past/current of future contributions)

Please include any contributions made to OpenSSF or other OpenSSF projects and open-source projects developed using any OpenSSF dependencies. We are the maintainer of three projects originating from Prossimo. One of those, the NTP project is part of OpenSSF's Open Source Software Security Mobilization Plan, https://openssf.org/oss-security-mobilization-plan/ It seems likely that we have contributed to "open-source projects developed using any OpenSSF dependencies", but I'm not sure how to get that data.

How many developers do you expect to have contribute to OpenSSF projects in the next 6-12 months? Are there other roles such as researchers, analysts or any other positions that you plan on contributing? N/A (we host projects in our foundation and our maintainers contribute to those projects)

How do you currently leverage any OpenSSF resources in your organization? We use the OpenSSF scorecard. See https://github.com/pendulum-project/ntpd-rs. We make use of resources about criticality of open source software, to argue for relevance of (security improvements) of those components and (if that works) raise funds for our work.

Do you have signing authority for your entire institution? If no, who does? Yes, but need to co-sign with one other board member

Do you agree to follow the OpenSSF Code of Conduct Yes

1. Organizational Information/Alignment:

Organizational Mission Alignment:

• Does the organization's mission statement align with the goals of OpenSSF, such as promoting open source security, enhancing software supply chain integrity, or contributing to cybersecurity education?
  • [ ] Yes
  • [ ] No

Non-Profit, Government, or Academic Status:

• Is the organization a recognized non-profit, government agency, or academic institution?
  • [ ] Yes
  • [ ] No

Brand Alignment and Reputation:

• Is the organization in good standing within its community and the broader open source ecosystem, with a reputation that aligns with OpenSSF's values and brand?
  • [ ] Yes
  • [ ] No

2. Commitment to Open Source Security and Contribution:

Commitment to Contribution:

• Has the organization demonstrated a clear interest in actively contributing to the OpenSSF community through development, research, or other relevant activities?
  • [ ] Yes
  • [ ] No
• Can the organization commit to contributing a specified minimum number of developers, researchers, analysts, or other professionals to OpenSSF projects within the next 6-12 months?
  • [ ] Yes
  • [ ] No

Commitment to Open Source Security:

• Has the organization previously contributed to OpenSSF or other open-source projects?
  • [ ] Yes
  • [ ] No
  • [ ] If not, do they plan on contributing to the OpenSSF?
• Does the organization maintain or contribute to open-source projects that use OpenSSF dependencies or tools?
  • [ ] Yes
  • [ ] No

Commitment to Open Source Security:

• Does the organization have a history or a nascent plan to promote, improve, or contribute to open source security beyond its participation in OpenSSF?
  • [ ] Yes
  • [ ] No

Utilization of OpenSSF Resources:

• Does the organization currently leverage OpenSSF resources, tools, or frameworks within its operations or projects?
  • [ ] Yes
  • [ ] No

Educational and Community Engagement:

• Does the organization engage in educational activities, community outreach, or other efforts to spread awareness about open source security?
  • [ ] Yes
  • [ ] No

3. Compliance and Ethics:

Open Source Licensing and Compliance:

• Does the organization adhere to open source licensing standards and demonstrate compliance with open source security best practices?
  • [ ] Yes
  • [ ] No

No Conflict of Interest:

• Can the organization certify that its membership and contributions to OpenSSF will not pose a conflict of interest with the foundation's objectives and policies?
  • [ ] Yes
  • [ ] No

[Naomi-Wash]

The OpenSSF Governance Committee approved this foundation to become an OpenSSF associate member on 03 Oct. 2024.