Closed SecurityCRob closed 11 months ago
A common challenge to those wanting to (or being driven to) move to memory safer programming languages is the extreme hurdle of legacy code. What could we do to ease this transition?
I've summarized the comments/feedback to date into a "TL/DR" version that sits at the bottom of our gdoc. Pasting here for documentation in our issue:
TL/DR BEST MVSR
Mission Our Mission is to provide open source developers with best practices recommendations and easy ways to learn and apply them. We seek to fortify the open-source ecosystem by championing and embedding best security practices, thereby creating a digital environment where both developers and users can trust and rely on open-source solutions without hesitation.
Vision We envision a world where software developers can easily IDENTIFY good practices, requirements and tools that help them create and maintain secure world-class software, helping foster a community where security knowledge is shared and amplified. We seek to provide means to LEARN techniques of writing and identifying secure software using methods best suited to learners of all types. We desire to provide tools to help developers ADOPT these good practices seamlessly into their daily work.
Strategy
Roadmap To deliver on our Strategy, the BEST Working Group will do the following:
A common challenge to those wanting to (or being driven to) move to memory safer programming languages is the extreme hurdle of legacy code. What could we do to ease this transition?
This is a challenge our Memory Safety SIG(https://github.com/ossf/Memory-Safety) is attempting to tackle @ccpalmer . any thoughts you may have are welcome!
group talked through and approved 1st draft of MVSR for the team. We will continue to refine and update via PRs going forward
MVSR (Mission, Vision, Strategy, Roadmap)[1] is a tool that helps provide a consistent way of expressing our goals and efforts across the foundation. All working groups have been asked to express themselves using this format which should also help the group plan for future work/projects. All are welcome to participate, I've created a copy[2] of the template for our group to use in this exercise. I've provided an example of how an MVSR could look from the Security Toolbelt group[3] for reference.
[1] - https://docs.google.com/document/d/1p6hOlE4eH1xvQ9pP7swCH2tmIJJ-6G3vnYI8MDzSCQk/edit [2] - https://docs.google.com/document/d/1_l6Yvvjmg2QMqVnWlgw9l6L2Xug2dHnkuZgK5CsDSak/edit [3] - https://github.com/ossf/Diagrammers-Society/tree/main/SecurityToolbelt