The role of the security SME is to work with project TSCs, the TAC and the LFNGB to improve the security of the code produced by LFN projects by
- Implementing more secure software development culture:
- Secure software development best practices and tools (e.g. from the survey table),
- Software development best practices and tools that decrease the vulnerabilities in LFN project code (code scanning, package upgrades),
- Software supply chain security best practices (SBOM, code/container signing) to increase the security transparency of LFN project code,
- LFIT security practice improvement,
- OpenSSF badging assistance.
- Identify cross open source project security issues and provide action recommendations.
- Keep track of the The Open Source Software Security Mobilization Plan implementation and identify touch points for LFN projects.
- Providing subject matter expertise to the TAC.
- Advising the TAC on security related issues.