...
The scope of this seat will include, but not be limited to:
The role of the security SME is to work with project TSCs, the TAC and
...
the LFNGB to improve the security of the code produced by LFN projects by
Implementing more secure software development culture:
Secure software development best practices and tools (e.g. from the survey table),
Software development best practices and tools that decrease the vulnerabilities in LFN project code (code scanning, package upgrades)
- Role #2
- Role #3
- ....
- Provide
,
Software supply chain security best practices (SBOM, code/container signing) to increase the security transparency of LFN project code,
LFIT security practice improvement,
OpenSSF badging assistance.
Identify cross open source project security issues and provide action recommendations.
Keep track of the The Open Source Software Security Mobilization Plan implementation and identify touch points for LFN projects.
Providing subject matter expertise to the TAC
and advise.
Advising the TAC on security related issues.