Stakeholder analysis

[hythloda]

We need to perform a stakeholder analysis is to outline the key stakeholders and their needs for the project. It is important to have a clear understanding of each stakeholder and what they are expecting from the project from the start.

[SecurityCRob]

I'll start us out, patches/comments welcome.
From my perspective we need to address the following audiences with our collective work:

• Open Source maintainers/developers/projects: need useful tools, processes, and training to do their jobs securely, with minimal friction and loss of velocity.
• The OpenSSF Membership: similar needs to maintainers, but also focus on supply chain security.
• The OpenSSF Governing Board: needs clear data and updates on foundation activities to make business decisions.
• Open Source Consumers: need tools and signals to understand and evaluate the security qualities of the software they are using and the supply chains it is created in.
• Other Open Source Foundations/Standards Bodies: needs collaboration on areas of shared interest and in the furtherance of the open source ecosystem.

[gkunz]

Additional groups could include security researchers and policy makers (OSPOs thereof).

[sevansdell]

@hythloda / @SecurityCRob where should this stakeholder analysis live? Is this a staff document, TAC process page, or something else? I recommend we post what we have to date, and iterate as needed.