Security Review Matrix

This is a drafting space for LFN Quality and Security goals

Define common quality and security goals across LFN projects
Define metrics and tools to measure and verify if goals are reached
Define templates to guide, document and review project progress

Available resources:

Quality Goal	LFN Wiki
Project Vitals	Project Data Template (currently used both for induction and health review)	LFN Lifecycle states and guidelines (metrics per lifecycle stage)	LFN Security Forum Best Practices
Project Name	☑️
Project Creation Date	☑️
Project License	☑️
Community Size	☑️
Contributing organizations (Diversity)	☑️	☑️
Number of contributors		☑️
Legal Details and checks
Lifecycle Stage	☑️
Release schedule	☑️
Adoption		☑️
Project & Community Resources
Website	☑️
Wiki	☑️
Mailing List	☑️
Slack	☑️
Community Meetings	☑️
Project Governance
TSC/TOC	☑️	☑️
Charter	☑️
Code of Conduct	☑️
How to contribute	☑️	☑️
Project Roles	☑️	☑️
Maintainers	☑️	☑️
How to Review	☑️	☑️
Adding/Removing PTLs	☑️	☑️
Sub-Project Lifecycle	☑️	☑️
Dispute Resolution	☑️	☑️
Adding/removing committers	☑️	☑️
Dispute resolution		☑️
Sub-projects without a lead		☑️
Use Case/ Problem Statement
Problem that project solves	☑️
Use Cases Scenarios	☑️
Infrastructure Tooling
Wiki	☑️
Repos	☑️
Bug Tracking tool	☑️
Code review	☑️
Documentation	☑️
CI/CD tooling	☑️
Collaboration Tooling	☑️
Roadmap
Near/long-term objectives	☑️
Milestones	☑️
Risks/Challenges	☑️
Timeline	☑️
Security Best Practices
Security Contacts
Security Policy
Code Scanning		☑️
Seed code handoff		☑️
Coding Standards		☑️	☑️
Security design principals		☑️ OSSF Scorecard
Vulnerability Reporting			☑️
Demonstrate Security Awareness			☑️
Practice Secure Lifecycle Management (per release)			☑️
Documentation			☑️
CI/CD best practices			☑️
Secure project architecture			☑️
Supply Chain Security			☑️
SBOM creation			☑️