ossf / wg-metrics-and-metadataLinks
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.
☆223Updated last year
Alternatives and similar repositories for wg-metrics-and-metadata
Users that are interested in wg-metrics-and-metadata are comparing it to the libraries listed below
Sorting:
- OpenSSF Security Tooling Working Group☆322Updated 6 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆206Updated 3 months ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆195Updated last month
- Technical Advisory Council☆134Updated last week
- Helping allocate resources to secure the critical open source projects we all depend on.☆381Updated 8 months ago
- Software Component Verification Standard (SCVS)☆153Updated 9 months ago
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secon…☆204Updated last week
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆214Updated 2 months ago
- ☆134Updated last week
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆135Updated last month
- ☆102Updated last year
- OpenSSF Working Group on Securing Software Repositories☆125Updated 3 weeks ago
- Secure Software Development Fundamentals courses (from the OpenSSF Best Practices WG)☆197Updated 3 weeks ago
- OpenVEX Specification☆163Updated 7 months ago
- A community collection of security reviews of open source software components.☆96Updated last year
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆223Updated 7 months ago
- threatspec - continuous threat modeling, through code☆371Updated 5 years ago
- OpenSSF Endusers Working Group☆28Updated last year
- Generate a score for your sbom to understand if it will actually be useful.☆236Updated last year
- OWASP Foundation Web Respository☆28Updated 3 weeks ago
- Machine-readable specification for the attestation of security-relevant data.☆69Updated last week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆467Updated this week
- Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.☆110Updated last week
- OpenSSF Governance and Legal Docs☆74Updated 4 months ago
- The Elevation of Privilege Threat Modeling Game☆337Updated last year
- Open Source Vulnerability schema.☆221Updated 2 weeks ago
- Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption☆111Updated last month
- Stakeholder-Specific Vulnerability Categorization☆168Updated last week
- App that simplifies building decision trees to model adverse scenarios☆224Updated last year