You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is your member company? Erlang Ecosystem Foundation (EEF)
Identify which category their organization falls under: Non-profit
Link to your website: erlef.org
What is your organizational mission statement: Foster the community and development of Erlang, Elixir, Gleam and other BEAM computer languages; provide education and promote awareness to the public as well as stimulate enhancements to the ecosystem.
What drives your interest in joining the OpenSSF? Heightened regulatory requirements regarding cybersecurity from the EU, USA, Japan and UK will require all programming language ecosystems to raise their game. The Erlang VM (aka BEAM) supports Erlang, Elixir, Gleam and several other languages. While the BEAM, associated libraries, tooling and package managers have historically had a good reputation for scale and reliability, it is obvious that this new regulatory environment will require much more attention to cybersecurity and the EEF wants to support and leverage new industry standards and best practices.
What are your organization’s aspirations for contributing to the OpenSSF, and how do you anticipate that your membership will bolster the OpenSSF's growth and support? The BEAM community has approximately 20K active maintained OSS packages in use by thousands of production systems. Transaction volumes for such systems scale across many orders of magnitude from those of IOT devices, to vertical custom websites, to WhatsApp's back-end core. The EEF has resolved to lead the BEAM community in raising our game. Initially the community has to catch up on 'basic hygiene' activities. In the medium term, the ecosystem wants to support industry leading supply chain practices.
Could you summarize your organization’s contributions to OpenSSF? Directly the EEF hasn't contributed to the OpenSSF yet. Indirectly the EEF will act as a multiplier in our community for the OpenSSF's messaging and objectives.
Please include any contributions made to OpenSSF or other OpenSSF projects and open-source projects developed using any OpenSSF dependencies. The core Erlang/OTP team have already made contributions to scorecard.dev.
How many developers do you expect to have contribute to OpenSSF projects in the next 6-12 months? Are there other roles such as researchers, analysts or any other positions that you plan on contributing? Directly from the EEF, 0-2. Indirectly from the community, unclear.
How do you currently leverage any OpenSSF resources in your organization? Starting in Q3 last year, the EEF has encouraged the core Erlang/OTP and Elixir language teams to start using Scorecard, Best Practices Badge, OSV, OpenVEX and the C/C++ Compiler Hardening Options Guide (for the BEAM VM). This year the community plans to expand across other systemically important projects.
Do you have signing authority for your entire institution? If no, who does? Yes
Do you agree to follow the OpenSSF Code of Conduct Yes
1. Organizational Information/Alignment:
Organizational Mission Alignment:
Does the organization's mission statement align with the goals of OpenSSF, such as promoting open source security, enhancing software supply chain integrity, or contributing to cybersecurity education?
Yes
No
Non-Profit, Government, or Academic Status:
Is the organization a recognized non-profit, government agency, or academic institution?
Yes
No
Brand Alignment and Reputation:
Is the organization in good standing within its community and the broader open source ecosystem, with a reputation that aligns with OpenSSF's values and brand?
Yes
No
2. Commitment to Open Source Security and Contribution:
Commitment to Contribution:
Has the organization demonstrated a clear interest in actively contributing to the OpenSSF community through development, research, or other relevant activities?
Yes
No
Can the organization commit to contributing a specified minimum number of developers, researchers, analysts, or other professionals to OpenSSF projects within the next 6-12 months?
Yes
No
Commitment to Open Source Security:
Has the organization previously contributed to OpenSSF or other open-source projects?
Yes
No
If not, do they plan on contributing to the OpenSSF?
Does the organization maintain or contribute to open-source projects that use OpenSSF dependencies or tools?
Yes
No
Commitment to Open Source Security:
Does the organization have a history or a nascent plan to promote, improve, or contribute to open source security beyond its participation in OpenSSF?
Yes
No
Utilization of OpenSSF Resources:
Does the organization currently leverage OpenSSF resources, tools, or frameworks within its operations or projects?
Yes
No
Educational and Community Engagement:
Does the organization engage in educational activities, community outreach, or other efforts to spread awareness about open source security?
Yes
No
3. Compliance and Ethics:
Open Source Licensing and Compliance:
Does the organization adhere to open source licensing standards and demonstrate compliance with open source security best practices?
Yes
No
No Conflict of Interest:
Can the organization certify that its membership and contributions to OpenSSF will not pose a conflict of interest with the foundation's objectives and policies?
Yes
No
The text was updated successfully, but these errors were encountered:
What is your name? Alistair Woodman
What is your email? [email protected]
What is your member company? Erlang Ecosystem Foundation (EEF)
Identify which category their organization falls under: Non-profit
Link to your website: erlef.org
What is your organizational mission statement: Foster the community and development of Erlang, Elixir, Gleam and other BEAM computer languages; provide education and promote awareness to the public as well as stimulate enhancements to the ecosystem.
What drives your interest in joining the OpenSSF? Heightened regulatory requirements regarding cybersecurity from the EU, USA, Japan and UK will require all programming language ecosystems to raise their game. The Erlang VM (aka BEAM) supports Erlang, Elixir, Gleam and several other languages. While the BEAM, associated libraries, tooling and package managers have historically had a good reputation for scale and reliability, it is obvious that this new regulatory environment will require much more attention to cybersecurity and the EEF wants to support and leverage new industry standards and best practices.
What are your organization’s aspirations for contributing to the OpenSSF, and how do you anticipate that your membership will bolster the OpenSSF's growth and support? The BEAM community has approximately 20K active maintained OSS packages in use by thousands of production systems. Transaction volumes for such systems scale across many orders of magnitude from those of IOT devices, to vertical custom websites, to WhatsApp's back-end core. The EEF has resolved to lead the BEAM community in raising our game. Initially the community has to catch up on 'basic hygiene' activities. In the medium term, the ecosystem wants to support industry leading supply chain practices.
Could you summarize your organization’s contributions to OpenSSF? Directly the EEF hasn't contributed to the OpenSSF yet. Indirectly the EEF will act as a multiplier in our community for the OpenSSF's messaging and objectives.
Please include any contributions made to OpenSSF or other OpenSSF projects and open-source projects developed using any OpenSSF dependencies. The core Erlang/OTP team have already made contributions to scorecard.dev.
How many developers do you expect to have contribute to OpenSSF projects in the next 6-12 months? Are there other roles such as researchers, analysts or any other positions that you plan on contributing? Directly from the EEF, 0-2. Indirectly from the community, unclear.
How do you currently leverage any OpenSSF resources in your organization? Starting in Q3 last year, the EEF has encouraged the core Erlang/OTP and Elixir language teams to start using Scorecard, Best Practices Badge, OSV, OpenVEX and the C/C++ Compiler Hardening Options Guide (for the BEAM VM). This year the community plans to expand across other systemically important projects.
Do you have signing authority for your entire institution? If no, who does? Yes
Do you agree to follow the OpenSSF Code of Conduct Yes
1. Organizational Information/Alignment:
Organizational Mission Alignment:
Non-Profit, Government, or Academic Status:
Brand Alignment and Reputation:
2. Commitment to Open Source Security and Contribution:
Commitment to Contribution:
Commitment to Open Source Security:
Commitment to Open Source Security:
Utilization of OpenSSF Resources:
Educational and Community Engagement:
3. Compliance and Ethics:
Open Source Licensing and Compliance:
No Conflict of Interest:
The text was updated successfully, but these errors were encountered: