ossf / Governance-Committee

Governance Committee
Apache License 2.0
4 stars 0 forks source link

New Associate Member Application: Trifecta Tech Foundation #36

Closed hythloda closed 4 weeks ago

hythloda commented 1 month ago

What is your name? Erik Jonkers

What is your email? erik@trifectatech.org

What is your member company? Trifecta Tech Foundation

Identify which category their organization falls under: Non-profit

Link to your website: https://trifectatech.org/

What is your organizational mission statement: Open infrastructure software in the public interest

What drives your interest in joining the OpenSSF? We share OpenSSF's mission to secure open source software, in general and specifically for infrastructure software, and on the technical side, on memory safety

What are your organization’s aspirations for contributing to the OpenSSF, and how do you anticipate that your membership will bolster the OpenSSF's growth and support? We'd like to be a factor in increasing open source security, specifically memory safety, by contributing to best practises and tooling, but also by creating projects that are successful examples of real-world improvements that can be used to increase visibility of OpenSSF's mission.

Could you summarize your organization’s contributions to OpenSSF? We have not yet contributed to OpenSSF directly. We intend to contribute to the memory safety SIG. We are also a regular contributor to the Rust ecosystem which indirectly contributes to OpenSSF goals and projects. We have contributed (ie are the maintainers of) projects part of the Open Source Software Security Mobilization Plan, memory safety stream. (not sure this question is about past/current of future contributions)

Please include any contributions made to OpenSSF or other OpenSSF projects and open-source projects developed using any OpenSSF dependencies. We are the maintainer of three projects originating from Prossimo. One of those, the NTP project is part of OpenSSF's Open Source Software Security Mobilization Plan, https://openssf.org/oss-security-mobilization-plan/ It seems likely that we have contributed to "open-source projects developed using any OpenSSF dependencies", but I'm not sure how to get that data.

How many developers do you expect to have contribute to OpenSSF projects in the next 6-12 months? Are there other roles such as researchers, analysts or any other positions that you plan on contributing? N/A (we host projects in our foundation and our maintainers contribute to those projects)

How do you currently leverage any OpenSSF resources in your organization? We use the OpenSSF scorecard. See https://github.com/pendulum-project/ntpd-rs. We make use of resources about criticality of open source software, to argue for relevance of (security improvements) of those components and (if that works) raise funds for our work.

Do you have signing authority for your entire institution? If no, who does? Yes, but need to co-sign with one other board member

Do you agree to follow the OpenSSF Code of Conduct Yes

1. Organizational Information/Alignment:

Organizational Mission Alignment:

Non-Profit, Government, or Academic Status:

Brand Alignment and Reputation:

2. Commitment to Open Source Security and Contribution:

Commitment to Contribution:

Commitment to Open Source Security:

Commitment to Open Source Security:

Utilization of OpenSSF Resources:

Educational and Community Engagement:

3. Compliance and Ethics:

Open Source Licensing and Compliance:

No Conflict of Interest:

Naomi-Wash commented 4 weeks ago

The OpenSSF Governance Committee approved this foundation to become an OpenSSF associate member on 03 Oct. 2024.