In this episode of "What's in the SOSS," CRob, Ben Cotton, and Eddie Knight discuss the Open Source Project Security Baseline. This baseline provides a common language and control catalog for software security, enabling maintainers to demonstrate their project's security posture and fostering confidence in open source projects. They explore its integration with other OpenSSF projects, real-world applications like the GUAC case study, and its value to maintainers and stakeholders. The role of documentation in security is emphasized, ensuring secure software deployment. The effectiveness of the baseline is validated through real-world applications and refined by community feedback, with future improvements focusing on better tooling and compliance mapping.Episode Chapters00:00 - Welcome & Introductions02:40 - Understanding the Open Source Project Security Baseline05:54 - The Importance of Defining a Security Baseline08:49 - Integrating Baseline with Other OpenSSF Projects11:42 - Real-World Applications: The Glock Case Study14:21 - Value for Maintainers and Other Stakeholders17:29 - The Role of Documentation in Security20:37 - Future Directions for the Baseline and Orbit23:26 - Community Engagement and FeedbackEpisode links:Ben Cotton’s LinkedIn pageEddie Knight’s LinkedIn pageOSPS Baseline websiteOSPS Baseline githubOSPS Baseline slackOSPS ORBIT Working GroupOpenSSF Tech Talk: How to use the OSPS Baseline to Better Navigate Standards and RegulationsGemara projectGUAC projectGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

Ver todos los episodios