/
Security SME seat role definition

Security SME seat role definition

Owned by Ranny Haiby
Last updated: Oct 16, 2024 by Casey Cain
1 min read

The scope of this seat will include, but not be limited to:

The role of the security SME is to work with project TSCs, the TAC and the LFNGB to improve the security of the code produced by LFN projects by

  • Implementing more secure software development culture:

    • Secure software development best practices and tools (e.g. from the survey table),

    • Software development best practices and tools that decrease the vulnerabilities in LFN project code (code scanning, package upgrades),

    • Software supply chain security best practices (SBOM, code/container signing) to increase the security transparency of LFN project code,

    • LFIT security practice improvement,

    • OpenSSF badging assistance.

  • Identify cross open source project security issues and provide action recommendations.

  • Keep track of the The Open Source Software Security Mobilization Plan implementation and identify touch points for LFN projects.

  • Providing subject matter expertise to the TAC.

  • Advising the TAC on security related issues.