Project Idea - CVD Guide for OSS Consumers

ossf / wg-vulnerability-disclosures

The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping mature and advocate well-managed vulnerability reporting and communication.

https://openssf.org

Apache License 2.0

175 stars 40 forks source link

Project Idea - CVD Guide for OSS Consumers #115

Open SecurityCRob opened 1 year ago

SecurityCRob commented 1 year ago

Following along with our two existing CVD guides, what guidance can we share with open source consumers around OSS CVD, vuln mgmt, or resources they should get involved in on this topic?

yogeshnmittal commented 1 year ago

@ByteHackr (Sandipan Roy, Red Hat) is interested to be a part of the sub-working group or SIG for this project. I am posting here on his behalf, as he requested

SecurityCRob commented 1 year ago

I've started the outline for the consumer cvd guide: https://docs.google.com/document/d/1aceGbHm_NQWCWRWnoELNLWL-S72CR79CaEA6mnYkyo0/edit

We'll start collaborating on this in the coming weeks along with the End Users WG.

roberthstrand commented 10 months ago

I want to help with this. It is a topic that I want to deep dive into, and I would like to contribute to something from the End Users WG perspective.