ossf / wg-metrics-and-metadata
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
☆221Updated 6 months ago
Related projects ⓘ
Alternatives and complementary repositories for wg-metrics-and-metadata
- OpenSSF Security Tooling Working Group☆299Updated 6 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆180Updated last week
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆177Updated 9 months ago
- Technical Advisory Council☆109Updated this week
- Helping allocate resources to secure the critical open source projects we all depend on.☆331Updated last month
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated 8 months ago
- OpenSSF Working Group on Securing Software Repositories☆91Updated 3 weeks ago
- OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secon…☆150Updated this week
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆189Updated 2 months ago
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆179Updated last week
- A community collection of security reviews of open source software components.☆92Updated 8 months ago
- OpenSSF Governance and Legal Docs☆70Updated 5 months ago
- OpenVEX Specification☆131Updated 4 months ago
- Software Component Verification Standard (SCVS)☆135Updated 7 months ago
- This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.☆137Updated 2 years ago
- Generate a score for your sbom to understand if it will actually be useful.☆221Updated 3 months ago
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆365Updated this week
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆169Updated 9 months ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆59Updated this week
- threatspec - continuous threat modeling, through code☆332Updated 3 years ago
- ☆228Updated this week
- Cryptography Bill of Materials☆58Updated last month
- ☆101Updated last month
- Stakeholder-Specific Vulnerability Categorization☆129Updated this week
- Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.☆84Updated 2 weeks ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆119Updated 5 months ago
- Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)☆180Updated last month
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆72Updated last month
- Open Source Software Secure Supply Chain Framework☆235Updated 2 years ago
- ☆80Updated this week