What does HackerNews think of wg-securing-critical-projects?

'Securing Open Source Software Act' introduced to US Senate | Sep 2022

OMG :) OpenSSF will love that story! Straight into the documentation Hall of Fame.

They can check out the Securing Critical Projects working group, https://github.com/ossf/wg-securing-critical-projects

Open Source Security Foundation | Mar 2021

There are active discussions around this, especially in the Securing Critical Projects working group (https://github.com/ossf/wg-securing-critical-projects). These resources will always be scarce relative to the number of open source projects that could benefit, so there's a large focus on developer best practices, improved tooling, and "secure by default" configurations. These are described in the working group README pages (https://github.com/ossf) in more detail.

There are a few ways that OpenSSF and member organizations are already funding direct security work for open source projects, and I'm hoping this expands significantly in the near term.

Google is now a Visionary Sponsor of the Python Software Foundation | Feb 2021

All the overthinking on motivations here is entertaining :)

Disclosure: I'm the Googler that got this funded. The process was roughly:

- We have some extra budget at the end of the year! What are some ways we can spend this to get results while giving back to OSS?

- Hey PSF, do you have any ideas for what you could do with some funding?

- Looks good to me!

We're just getting started, but we're working on ways to make this all more sustainable, scalable, and less ad-hoc.

If you have ideas here, please reach out! I'm dlorenc at google dot com, or join in the OpenSSF (openssf.org)! We discuss these topics and more in the Securing Critical Projects WG, info here: https://github.com/ossf/wg-securing-critical-projects/