What does HackerNews think of wg-securing-critical-projects?
Helping allocate resources to secure the critical open source projects we all depend on.
They can check out the Securing Critical Projects working group, https://github.com/ossf/wg-securing-critical-projects
There are a few ways that OpenSSF and member organizations are already funding direct security work for open source projects, and I'm hoping this expands significantly in the near term.
Disclosure: I'm the Googler that got this funded. The process was roughly:
- We have some extra budget at the end of the year! What are some ways we can spend this to get results while giving back to OSS?
- Hey PSF, do you have any ideas for what you could do with some funding?
- Looks good to me!
We're just getting started, but we're working on ways to make this all more sustainable, scalable, and less ad-hoc.
If you have ideas here, please reach out! I'm dlorenc at google dot com, or join in the OpenSSF (openssf.org)! We discuss these topics and more in the Securing Critical Projects WG, info here: https://github.com/ossf/wg-securing-critical-projects/