The role of the security SME is to work with project TSCs, the TAC and the LFNGB to improve the security of the code produced by LFN projects by
- Implementing more secure software development best practices and tools
- Secure software development best practices and tools (e.g. from the survey table),
- Software development best practices and tools that decrease the vulnerabilities in LFN project code (code scanning, package upgrades),
- Software supply chain security best practices (SBOM, code/container signing) to increase the security transparency of LFN project code,
- LFIT security practice improvement,
- OpenSSF badging assistance.
- Providing subject matter expertise to the TAC.
- Advising the TAC on security related issues.