Awesome
OpenVEX SIG
<img align="right" src="https://github.com/ossf/OpenVEX/blob/main/OSSF-VEX.png" width="400" height="400">The OpenSSF's OpenVEX Special Interest Group (SIG) is a group dedicated to the transparent sharing of vulnerability data through open formats, like VEX, so that participatants throughout the open source software supply chain have clear signals and better understanding of the impact of security vulnerabilities to the software and components they produce, depend upon, consumer, and deliver.
The group has two primary foci:
- The maintenance and upkeep of the OpenVEX spec and tooling
- Promotion of sharing of vulnerability infomration through formats such as VEX, evangelization and support transmitting VEX information throughout the open source ecosystem, working with industry groups, standards bodies, and tooling projects to promote universal use of VEX as a means to communicate affectedness of software to vulnerabilities.
Motivation
[Background / use cases of the problem to be solved]
Objective
[What is to be achieved with this initiative]
[OKRs - OPTIONAL]
Scope
[What is in and out of scope]
Prior Work
- List of prior and/or related projects
Get Involved
- Official communications occur on the [OpenVEX SIG Mailing List] (https://lists.openssf.org/g/openssf-sig-openvex). Manage your subscriptions to Open SSF mailing lists.
- Slack Channel #openssf-sig-openvex
Quick Start
- Areas that need contributions
- Where to file issues
Meeting Times
The OpenVEX Community meets every other Monday at 12:00 PDT / 21:00 CET. Our meetings are listed on the OpenSSF's Public Calendar. We alternate between a community/advocacy call and a technical call, all are welcome to both!
- Zoom Link: https://zoom.us/j/99998407618
- Meeting Minutes
Governance
[TODO: Update this link to your specific CHARTER.md file] The CHARTER.md outlines the scope and governance of our group activities.
Team Members
- Technical Lead name - Adolfo García Veytia (aka puerco)
- Evangelism Lead name - Jay White
SIG Maintainers
SIG Collaborators
- Rose Judge, VMWare
- Art Manion, ANALYGENCE
- Isaac Hepworth, Google
- Madison Oliver, GitHub
- Yotam Perkal, Rezilion
- Alex Goodman, Anchore
SIG Contributors
Intellectual Property
In accordance with the OpenSSF Charter (PDF), work produced by this group is licensed as follows:
[TODO: Select below the applicable license(s), delete those that don't apply, and update the LICENSE file accordingly. For specification development refer to the specific instructions on the Community Specification Getting Started page.
Note that for source code, instead of Apache, you may choose to use the MIT License available at https://opensource.org/licenses/MIT. Otherwise, no other license than those listed here may be used without approval from the Governing Board.]
- Software source code
- Apache License, Version 2.0, available at https://www.apache.org/licenses/LICENSE-2.0;
- Data
- Any of the Community Data License Agreements, available at https://www.cdla.io;
- Specifications
- Community Specification License, Version 1.0, available at https://github.com/CommunitySpecification/1.0
- All other Documentation
- Creative Commons Attribution 4.0 International License, available at https://creativecommons.org/licenses/by/4.0/