Home

Awesome

OpenVEX SIG

<img align="right" src="https://github.com/ossf/OpenVEX/blob/main/OSSF-VEX.png" width="400" height="400">

The OpenSSF's OpenVEX Special Interest Group (SIG) is a group dedicated to the transparent sharing of vulnerability data through open formats, like VEX, so that participatants throughout the open source software supply chain have clear signals and better understanding of the impact of security vulnerabilities to the software and components they produce, depend upon, consumer, and deliver.

The group has two primary foci:

Motivation

[Background / use cases of the problem to be solved]

Objective

[What is to be achieved with this initiative]

[OKRs - OPTIONAL]

Scope

[What is in and out of scope]

Prior Work

Get Involved

Quick Start

Meeting Times

The OpenVEX Community meets every other Monday at 12:00 PDT / 21:00 CET. Our meetings are listed on the OpenSSF's Public Calendar. We alternate between a community/advocacy call and a technical call, all are welcome to both!

Governance

[TODO: Update this link to your specific CHARTER.md file] The CHARTER.md outlines the scope and governance of our group activities.

Team Members

SIG Maintainers

SIG Collaborators

SIG Contributors

Intellectual Property

In accordance with the OpenSSF Charter (PDF), work produced by this group is licensed as follows:

[TODO: Select below the applicable license(s), delete those that don't apply, and update the LICENSE file accordingly. For specification development refer to the specific instructions on the Community Specification Getting Started page.

Note that for source code, instead of Apache, you may choose to use the MIT License available at https://opensource.org/licenses/MIT. Otherwise, no other license than those listed here may be used without approval from the Governing Board.]

  1. Software source code
  1. Data
  1. Specifications
  1. All other Documentation