The scope of this seat will include, but not be limited to:
The role of the security SME is to work
...
with project TSCs, the TAC and the LFNGB to improve the security of the code produced by LFN projects by
- Implementing GB to implement more secure software development culture:
- Secure software development best practices and tools (e.g. from the survey table),
- Software development best practices and tools that decrease the vulnerabilities in LFN project code (code scanning, package upgrades)
- Role #2
- Role #3
- ....
- ,
- Software supply chain security best practices (SBOM, code/container signing) to increase the security transparency of LFN project code,
- LFIT security practice improvement,
- OpenSSF badging assistance.
- Identify cross open source project security issues and provide action recommendations.
- Keep track of the The Open Source Software Security Mobilization Plan implementation and identify touch points for LFN projects.
- Providing Provide subject matter expertise to the TAC and advise .
- Advising the TAC on security related issues.