2024 Security Seat Election

Owned by Casey Cain
Last updated: Oct 30, 2024 by Amy Zwarico
2 min read

The scope of this seat will include, but not be limited to:

The role of the security SME is to work with project TSCs, the TAC and the LFNGB to improve the security of the code produced by LFN projects by

  • Implementing more secure software development culture:

    • Secure software development best practices and tools (e.g. from the survey table),

    • Software development best practices and tools that decrease the vulnerabilities in LFN project code (code scanning, package upgrades),

    • Software supply chain security best practices (SBOM, code/container signing) to increase the security transparency of LFN project code,

    • LFIT security practice improvement,

    • OpenSSF badging assistance.

  • Identify cross open source project security issues and provide action recommendations.

  • Keep track of the The Open Source Software Security Mobilization Plan implementation and identify touch points for LFN projects.

  • Providing subject matter expertise to the TAC.

  • Advising the TAC on security related issues.

Election Mechanics

How to nominate yourself

The election process occurs in two phases: the Nomination phase and the Election phase.

Self Nomination Phase

Individuals interested in running for this position must update this wiki page with their biography and statement of intent on why you would be a good person to hold this position.

The nomination phase starting Oct 17, 2024  and will conclude on Oct 31, 2024 17:00 PDT. 

Election Phase

If there are multiple nominees: A Condorcet election will be initiated by the LF using a ranked choice voting platform.  All TAC members will receive an invitation to vote. In the case of multiple candidates the timing is as follows:

  • The election phase will begin on with the distribution of the vote via email

  • The election phase will end four (4) full business days later in the same time zone the poll was initiated from (typically PDT).

 

Information on Candidates

Name: Amy Zwarico

Company: AT&T

Short Biography: Amy Zwarico is a Cybersecurity Expert in AT&T’s Chief Security office, specializing in 5G, software, and open source security. She is an active security contributor to the O-RAN Alliance and to Linux Foundation Networking. Amy has worked in the telco industry for 30 years, beginning with BellSouth and then with AT&T, where she began her career implementing web based integrations to BSS/OSS systems. For the past 25 years she has focused on mobility security, application security, cloud security, and applied cryptography. She holds a PhD in Computer and Information Science from the University of Pennsylvania.

Statement of Intent: If I am elected to this position, I will continue to lead the LFN in defining actionable standards that will help LFN projects produce secure code.