/wg-endusers

OpenSSF Endusers Working Group

Apache License 2.0Apache-2.0

OpenSSF End Users

Anyone is welcome to join our open discussions.

Quick Start

Meeting times

Every 2 weeks, Thursday 10am EST/3pm UTC. The meeting invite with zoom details is available on the public OSSF calendar

Meeting notes

Meeting notes are maintained in a Google Doc. If attending please add your name, and if a returning attendee, please change the color of your name from gray to black.

Areas that need contributions

  • WG Documentation
  • Others TBD

Where to file issues

Issues can be reviewed and filed here

Objective

The End User Working Group aims to ensure that the distinct and impactful voice of end users is heard in the development and delivery of the technical vision of The Open Source Security Foundation (OpenSSF).

Vision

The End Users Working Group (WG) represents the interests of public and private sector organizations that primarily consume open source rather than produce it.

We strive to:

  • Ensure that the use cases for end user consumption of open-source software are understood and factored into OSSF programs.
  • Provide the resources required by end users to develop and implement more efficient and effective strategies, processes, tools, best practices and solutions that secure software supply-chains.
  • Provide a forum for learning from the experience and insights of peers.
  • Create an End Users Working Group, with representation from key private industry, public sectors, and multiple geographical regions.
  • Establish end user representation and active participation in OpenSSF working groups and leadership, both in the TAC and the Governing Board.

Scope

Based on the objective, mission, and goals above, we look to deliver specific delivereables:

  • Ensure that the use cases for end user consumption of open-source software are understood and factored into OSSF programs.
    • Refine Personas document
    • Develop a high level architecture and threat model of an end user within the supply chain
    • Identify controls/checks of interest to end users when ingesting OSS / vendor software (OSSF Scorecard)
  • Provide the resources required by end users to develop and implement more efficient and effective strategies, processes, tools, best practices and solutions that secure software supply-chains
    • Bring more end users and their perspectives into the End Users Working Group, ensuring representation from as many industries, sectors and geographical regions as possible
    • Contact list showing multiple Linux Foundation groups contacted, individual companies also contacted
    • Development of guides, whitepapers, and materials focused on strategies and solutions for better security in software supply chains, open source software, and targeted towards end users.
      • Phase 1: Identify which guides / material is missing from existing material
  • Provide a forum for learning from the experience and insights of peers
    • Establish end user representation and active participation in OpenSSF leadership, both TAC and the Governing Board_
    • Create matrix to show representation within working groups
      • Identify sub-team / focus areas
        • Recruitment
        • Marketing
        • Promote best practices and outreach

Current Work

TBD

Related Activities

TBD

Governance

The CHARTER.md outlines the scope and governance of our group activities.

  • Lead - Jon Meadows
  • Co-Lead -

Project Maintainers

TBD

Project Collaborators

TBD

Project Contributors

TBD

Antitrust Policy Notice

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.