ossf / wg-metrics-and-metadata
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
☆222Updated last year
Alternatives and similar repositories for wg-metrics-and-metadata:
Users that are interested in wg-metrics-and-metadata are comparing it to the libraries listed below
- OpenSSF Security Tooling Working Group☆309Updated 11 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆187Updated 3 weeks ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆181Updated last year
- Helping allocate resources to secure the critical open source projects we all depend on.☆353Updated 6 months ago
- Technical Advisory Council☆122Updated last week
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- OpenSSF Governance and Legal Docs☆73Updated 3 months ago
- OpenSSF Working Group on Securing Software Repositories☆103Updated last week
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆207Updated 2 months ago
- Software Component Verification Standard (SCVS)☆143Updated 3 weeks ago
- Open Source Vulnerability schema.☆198Updated 2 weeks ago
- A community collection of security reviews of open source software components.☆93Updated last year
- OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secon…☆170Updated last week
- Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)☆196Updated last month
- A reading list for software supply-chain security.☆362Updated 2 years ago
- This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.☆137Updated 2 years ago
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆193Updated last week
- OpenVEX Specification☆145Updated 3 weeks ago
- Generate a score for your sbom to understand if it will actually be useful.☆229Updated 8 months ago
- OpenSSF Endusers Working Group☆28Updated last year
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆120Updated 3 months ago
- ☆234Updated last week
- ☆100Updated 6 months ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆171Updated 5 months ago
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆315Updated last year
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆395Updated last week
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆130Updated last year
- Stakeholder-Specific Vulnerability Categorization☆146Updated last week
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆88Updated last week
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago