Merge pull request #354 from ossf/Danajoyluck-patch-2

Create security_baseline_sandbox_stage.md
ossf · Jul 23, 2024 · 9f28023 · 9f28023
2 parents 914f2e9 + 05ff0ed
commit 9f28023
Showing 1 changed file with 44 additions and 0 deletions.
diff --git a/process/sig-lifecycle-documents/security_baseline_sandbox_stage.md b/process/sig-lifecycle-documents/security_baseline_sandbox_stage.md
@@ -0,0 +1,44 @@
+## Creation of a new Special Interest Group (SIG) at Sandbox stage
+
+### Proposed focus, intent, goals, and/or deliverables
+
+The goal of this SIG is to evolve [OpenSSF security baseline](https://github.com/ossf/tac/blob/a90b9838739ac18df43197fdd89f045c1a1e4dc3/process/security_baseline.md) for Linux Foundation wide adoption.
+
+For OpenSSF adoption of the security baseline, there needs to be a home for tracking the adoption, for maintainers to raise issues to refine the security baseline, merge the baseline back to TAC lifecycle, and for OpenSSF to develop the roadmap for the security baseline. It will provide a venue for early adopters to share their reusable code and findings with other maintainers. The pilot adoption builds the foundation for wider adoption of the security baseline in OpenSSF and in Linux Foundation.  
+
+This SIG creates a venue for other participating foundations to help evolve the OpenSSF security baseline into a security baseline that can be applied to a broad range of software-based projects. The group will define the right level of risks that the security baseline is applicable for, the effectiveness measurement of the security baseline, and the adoption path of the security baseline at the minimum.
+
+Members of this group will be from various Linux foundations and entities outside of Linux Foundation. Reducing duplicate effort and achieving a higher level of security across Linux FOundation participating foundations is one of the goals of the group. 
+
+
+### List SIG Lead(s)
+The SIG must have a minimum of 1 Lead
+  * Eddie Knight, OpenSSF Security Insights lead, Sonatype, GitHub ID: eddie-knight
+  * Michael Lieberman, OpenSSF GUAC lead, Kusari, GitHub ID: mlieberman85
+
+### List of interested individuals
+The SIG have a minimum of 3 members with 2 different organizational affiliations.
+  * Adolfo "Puerco" García Veytia, CNCF kubernetes SIG Release Technical Lead, OpenSSF Protobom, OpenVEX maintainer, Staklock, GitHub ID: puerco
+  * Justin Cappos, CNCG TUF, in-toto, Uptane, OpenSSF gittuf maintainer, New York University.  GitHUb ID: JustinCappos
+  * David Wheeler, OpenSSF Best Practice Badge maintainer, OpenSSF, GitHub ID: david-a-wheeler
+  * Dana Wang, OpenSSF security baseline maintainer, OpenSSF, GitHub ID: danajoyluck
+
+### Governing Body
+SIGs may report to an existing OpenSSF Working Group or directly to the TAC as their governing body. The SIG commits to providing the governing body quarterly updates on progress.
+  * Security Best Practices Working Group
+
+CRob and Dana Wang had conversations about this initiative. CRob has agreed to be the sponsor of this SIG and welcome the group to join Security Best Practices Working Group. 
+
+### SIG References
+The SIG should provide a list of existing resources with links to the repository, and if available, website, a roadmap, demos and walkthroughs, and any other material to showcase the existing breadth, maturity, and direction of the SIG.
+| Reference           | URL |
+|---------------------|-----|
+| Repo                |     |
+| Meeting Agenda      |     |
+| OSSF Calendar Entry |     |
+| Website             |     |
+| Security.md         |     |
+| Roadmap             |     |
+| code-of-conduct.md  |     |
+| Demos               |     |
+| Other               |   [OpenSSF security baseline](https://github.com/ossf/tac/blob/a90b9838739ac18df43197fdd89f045c1a1e4dc3/process/security_baseline.md)   |