Open david-a-wheeler opened 1 year ago
@SecurityCRob - plausible?
heck yeah. Let's make sure the high-level is captured in the plan, and we can add this to the list of stuff to create/find.
Related to Goal 1.3 [1] & 1.4 [2]. As we build out specifics of desired content and learning paths we'll want to ensure this perspective is accounted for.
[1] -https://github.com/ossf/education/blob/main/plan/1.0%20Collect%20and%20Curate%20Content.md#13-goal-determine-venues-and-personas-that-content-will-be-created-fordelivered-to [2] - https://github.com/ossf/education/blob/main/plan/1.0%20Collect%20and%20Curate%20Content.md#14-goal-define-training-areas-of-focus
@SecurityCRob @david-a-wheeler good stuff. Haven't opened a separate issue yet, but the FINOS Open Source Readiness (OSR) SIG is working with TODO Group and others to develop a Body of Knowledge for readiness and maturity. We've love to incorporate OpenSSF education into our BoK, oriented towards the roles and personas we are mapping out, both in the OSPO and organization. Please let me know how best to collaborate.
Sounds good. There are multiple ways to collaborate:
As the OSSF TAC and GB review, edit, and ideally approve the plan, we’ll start to form back up again in small focus groups. As that happens perhaps we could have a joint call to talk about your personas and what you’d like to see out of the group deliverables.
Cheers,
CRob Director of Security Communications Intel Product Assurance and Security
From: Jim St.Clair @.> Sent: Tuesday, February 7, 2023 10:11 AM To: ossf/education @.> Cc: Robinson, Christopher @.>; Mention @.> Subject: Re: [ossf/education] Software Manager education (Issue #48)
@SecurityCRobhttps://github.com/SecurityCRob @david-a-wheelerhttps://github.com/david-a-wheeler good stuff. Haven't opened a separate issue yet, but the FINOS Open Source Readiness (OSR) SIG is working with TODO Group and others to develop a Body of Knowledge for readiness and maturity. We've love to incorporate OpenSSF education into our BoK, oriented towards the roles and personas we are mapping out, both in the OSPO and organization. Please let me know how best to collaborate.
— Reply to this email directly, view it on GitHubhttps://github.com/ossf/education/issues/48#issuecomment-1420936330, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AQRFDLECGG6SCN4PSLQ2XFDWWJQ2DANCNFSM6AAAAAASIJWWQY. You are receiving this because you were mentioned.Message ID: @.**@.>>
Managers who oversee software developers also need education!
First, they need "why it matters" - including past $ fines, big events, etc.
They also need to know what software developers need to know. They don't need to know it themselves, but managers need to know what to look for. Here's my propose list of knowledge areas:
This list of items is from "LINUX FOUNDATION & OPEN SOURCE SECURITY FOUNDATION INPUT TO CYBERSECURITY RFI FROM THE OCND" by Clyde Seepersad, David A. Wheeler, and John Ogle.
I'm sure they need to know other things!