From 21fe45984f4e8ed6b2eb5123398603e8e2955827 Mon Sep 17 00:00:00 2001 From: Amanda L Martin Date: Thu, 6 Jun 2024 12:50:50 -0400 Subject: [PATCH] minutes through Feb Signed-off-by: Amanda L Martin --- Governing Board Public Minutes/2023-12-12.md | 622 +++++++++++++++++++ Governing Board Public Minutes/2024-2-15.md | 611 ++++++++++++++++++ 2 files changed, 1233 insertions(+) create mode 100644 Governing Board Public Minutes/2023-12-12.md create mode 100644 Governing Board Public Minutes/2024-2-15.md diff --git a/Governing Board Public Minutes/2023-12-12.md b/Governing Board Public Minutes/2023-12-12.md new file mode 100644 index 0000000..5430a77 --- /dev/null +++ b/Governing Board Public Minutes/2023-12-12.md @@ -0,0 +1,622 @@ + +![OpenSSFLogo](https://user-images.githubusercontent.com/51727488/232104184-d3c38a36-cf1e-487f-aba2-c2d548e3f7ef.png) + + +**The Open Source Security Foundation** + +MINUTES OF GOVERNING BOARD (FOR PUBLIC RELEASE) + +12 December 2023 + + + +A meeting of the Governing Board of the Open Source Security Foundation was held on 12 December 2023 at 12:00 am Eastern Time via d teleconference. + +**Governing Board Members In Attendance** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Company + + Governing Board Voting Member + + Governing Board Observer +
Apple + X + Kelly Ann + + Mike Hepple +
Atlassian + + Bala Sathiamurthy + + Robbie Gallagher +
AWS Security + X + Mark Ryland + + Henri Yandell +
Capital One + + Mike Benjamin + + Nureen D'Souza +
Cisco + + Stephen Augustus + + Ed Warnicke +
Citi + X + Jonathan Meadows + + +
Dell Technologies + + John Roese + X + Sarah Evans +
Ericsson + X + Per Beming + X + Georg Kunz +
GitHub + X + Mike Hanley + + Mike Linksvayer +
Google + X + Eric Brewer + X + Anne Bertucio +
Huawei + X + Jingou Cui + + Liang Xu +
IBM Corporation + X + Jamie Thomas (Chair) + + Jeff Borek +
Intel + X + Arun Gupta + X + Ryan Ware +
JP Morgan Chase + + Rao Lakkakula + + Benjamin Flatgard +
Meta + + Steve Clarke + + Chris Rohlf +
Microsoft + X + Mark Russinovich + + Stephen Walli +
Morgan Stanley + X + Declan O’Donovan + + Gaja Anand +
Oracle + + John Heimann + + Wim Coekaerts +
Red Hat + X + Vincent Danen + + Chris Wright +
Sonatype + + Brian Fox + X + Jeff Wayman +
VMWare + + Chip Childers + + Tim Pepper +
Wipro + + Subha Tatavarti + + +
Socket (General Mem. Rep) + + Bradley Meck Farias + + +
JFrog (General Mem. Rep) + X + Stephen Chin + + +
OWASP (Assoc. Mem. Rep) + X + Andrew van der Stock + + +
Intel (TAC Representative) + X + CRob Robinson + + Arnaud Le Hors +
SCIR + + Luke Hinds + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OpenSSF and Linux Foundation Staff + + +
General Manager, OpenSSF + X + Omkar Arasaratnam +
Chief of Staff, OpenSSF + X + Harry Toor +
Ecosystem Strategist, OpenSSF + X + Bennett Pursell +
Technical Project Manager, OpenSSF + X + Adrianne Marcum +
VP of Open Source Supply Chain Security + X + David A. Wheeler +
Director of Program Management + X + Amanda Martin +
Program Manager + + Khahil White +
Chief Architect + X + Dana Wang +
Community Manager + + Cheuk Ho +
Program Coordinator + X + Reden Martinez +
Sr. Marketing Manager + X + Jennifer Bly +
Inside Sales Representative & Manager + X + Randi Armour +
Executive Director, The Linux Foundation + + Jim Zemlin +
SVP, GM of Projects, The Linux Foundation + + Mike Dolan +
SVP of Program Operations, The Linux Foundation + + Todd Moore +
+ + + +### Introduction + +Omkhar Arasaratnam (OA) called the meeting to order at 11:04 am Eastern Time, Reden Martinez (RM), Dr. Amanda Martin (DM) and Adrianne Marcum (AM) recorded the minutes. A quorum of Governing Board Members was established for the conduct of business, and the meeting, having been duly convened, was ready to proceed with business. + + +### Attendance, Antitrust, Voting + +OA introduced the objectives and agenda for the meeting. There were no additional topics added. + +OA reminded the Governing Board of the Linux Foundation [antitrust policy](http://www.linuxfoundation.org/antitrust-policy) notice to which all meetings must adhere. + + +### Approval of Minutes + +* RESOLVED: That the minutes of the October 23th, 2023 meeting of the Board of Directors, in the form attached hereto as Exhibit A, are hereby confirmed, approved and adopted. Minutes attached as Exhibit A. + * Stephen Chin motioned to approve. + * Eric Brewer seconded the motion. + * All in favor; motion carried. + + +### 2024 Premier Member losses + +* OA reviewed the loss and findings from exit interviews. Members mentioned that economic factors likely played a role as well and that new staff is now getting up to speed so 2024 will be smoother. Suggestion to survey GB members regularly, specifically less-engaged members, to gain better insights on satisfaction with the foundation. +* Noted that the members that left or downgrade are not active members for a while. +* Members understand the loss and there was a time of forming, norming and storming. Looking forward to next year with full staff. + + +### Approval of Budget + +* Eric Brewer reviewed the budget for 2024, highlighting that we are spending into the surplus and reforecasting in May. +* Goal is to revisit the budget every quarter and would like to do this in future years. +* General approval of the budget and agreement that May is a good time to revisit. +* Ops model representation wants to share that the bottom two lines are new and important for the community. +* [WE HEREBY APPROVE/]: That the OpenSSF Budget Overview for 2024 as defined in the attached in [Exhibit B](https://docs.google.com/document/d/1qFXFixlmgBuP122vpGxamnHXXTL_BsIGAgu05FZkaGE/edit#heading=h.9wss66n5p0gl) is approved. +[/RESOLVED] + * Eric Brewer motioned to approve. + * Jamie Thomas seconded the motion. + * All in favor; motion carried. + +### Supplemental Funding Concept + +* OA reviewed the model as discussed with Dolan. +* [WE HEREBY APPROVE/]: The supplemental funding concept and delegate the operational details of the funding model procedures to the Governance Committee. [/RESOLVED] + * Arun Gupta motioned to approve. + * Andrew van der Stock seconded the motion. + * All in favor; motion carried. + + +### Governance Committee + + + +* Jeff Borek (JB) reviewed the GC updates including upcoming voting and attendance requirements to maintain voting seats. + + +### Ops-Model Temporary Committee Update + + + +* Sarah Evans (SE) reviewed Ops Model Committee accomplishments. + +[WE HEREBY APPROVE/]: A resolution to: + + + +* separate the Charter (as edited in Exhibit I) into a cleaned up Charter and distinct Policy and Procedure Resolution(s). +* seek LF Legal review of Charter changes (as edited in Exhibit I) prior to a Governing Board vote on charter amendment. +* publish both all P&Ps in a publicly accessible location. +* adopt a rule in the OpenSSF P&P, that all P&Ps will be reviewed annually by the Governing Board, and routinely amended as policies and procedures are updated, added, and deleted. +* to include the lazy consensus mechanism in the Charter, subject to LF legal review, and directs that the Charter language be cleaned up for readability, consistency, and deduplication or overuse of undefined terms. [/RESOLVED] + * Stephen Chin motioned to approve. + * CRob seconded the motion. + * All in favor; motion carried. + +[WE HEREBY APPROVE/]: A resolution to: + + + +* provide each historical committee of the board a defined scope with common governance aligned to the OpenSSF P&P; including individual scope, expectations and any delegated authority. +* Directs that temporary committees of the board may follow these same processes for establishment. [/RESOLVED] + * Arun Gupta motioned to approve. + * Brain Fox seconded the motion. + * All in favor; motion carried. + + +### TAC Update + +* CRob reviewed the TAC update including Technical Initiative (TI, includes WG/SIG/Projects) changes to consistent life cycles, TI requirements and benefits (Gives and Gets), and TAC Policies and Procedures. + + +### MVSR Temporary Committee Update + + + +* SE reviewed the MVSR update including transitioning the Roadmap (R) under the iterative GB P&P rather than a temporary committee and recommendation to complete the roadmap in 2024 Q1. Member recommended having a roadmap ready asap to get spending underway prior to the May budget reforecasting effort. + + +### Elections + + + +* DM reviewed the elections to be completed through the end of 2023 including Associate Member, General Member, and SCIR Member GB representatives, TAC Community seats (#??), and GC backfill seats (2). +* DM reviewed the elections to be completed by February 2024 including TAC Chair and Vice Chair, and BC/GC/MC/PPC Committee Member seats. + + +### Closing + +OA called for additional topics and gave an expression of gratitude for all the work and accomplishments of this year. OA called the meeting to a close, and the meeting of the Governing Board adjourned at 11:57 PM Eastern Time. + + +### Decisions + + + +1. The 2024 Budget was approved +2. The supplemental funding concept and delegate the operational details of the funding model procedures to the Governance Committee was approved +3. The resolution below was approved: + 1. separate the Charter (as edited in Exhibit I) into a cleaned up Charter and distinct Policy and Procedure Resolution(s). + 2. seek LF Legal review of Charter changes (as edited in Exhibit I) prior to a Governing Board vote on charter amendment. + 3. publish both all P&Ps in a publicly accessible location. + 4. adopt a rule in the OpenSSF P&P, that all P&Ps will be reviewed annually by the Governing Board, and routinely amended as policies and procedures are updated, added, and deleted. + 5. to include the lazy consensus mechanism in the Charter, subject to LF legal review, and directs that the Charter language be cleaned up for readability, consistency, and deduplication or overuse of undefined terms +4. The resolution below was approved: + 6. provide each historical committee of the board a defined scope with common governance aligned to the OpenSSF P&P; including individual scope, expectations and any delegated authority. + 7. Directs that temporary committees of the board may follow these same processes for establishment. + +**Action Items** + + + +* n/a \ No newline at end of file diff --git a/Governing Board Public Minutes/2024-2-15.md b/Governing Board Public Minutes/2024-2-15.md new file mode 100644 index 0000000..651f138 --- /dev/null +++ b/Governing Board Public Minutes/2024-2-15.md @@ -0,0 +1,611 @@ + +![OpenSSFLogo](https://user-images.githubusercontent.com/51727488/232104184-d3c38a36-cf1e-487f-aba2-c2d548e3f7ef.png) + + +**The Open Source Security Foundation** + +MINUTES OF GOVERNING BOARD (FOR PUBLIC RELEASE) + + +15 February 2024 + + + +A meeting of the Governing Board of the Open Source Security Foundation was held on 15 February 2024 at 12:00 am Eastern Time via d teleconference. + +**Governing Board Members In Attendance** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Company + + Governing Board Voting Member + + Governing Board Observer +
Apple + X + Kelly Ann + X + Mike Hepple +
AWS Security + X + Mark Ryland + + Henri Yandell +
Capital One + + Mike Benjamin + + Nureen D'Souza +
Cisco + + Stephen Augustus + + Ed Warnicke +
Citi + X + Jonathan Meadows + + Rhyddian Olds +
Dell Technologies + X + John Roese + X + Sarah Evans +
Ericsson + X + Per Beming + + Georg Kunz +
GitHub + X + Mike Hanley + X + Mike Linksvayer +
Google + X + Eric Brewer + X + Anne Bertucio +
Huawei + + Jingou Cui + + Liang Xu +
IBM Corporation + X + Jamie Thomas + X + Jeff Borek +
Intel + X + Arun Gupta (Chair) + X + Ryan Ware +
JP Morgan Chase + X + Rao Lakkakula + + Benjamin Flatgard +
Microsoft + X + Mark Russinovich + X + Stephen Walli +
Morgan Stanley + X + Declan O’Donovan + + Gaja Anand +
Red Hat + X + Vincent Danen + X + Emily Fox +
Sonatype + X + Brian Fox + + Jeff Wayman +
GitLab (General Mem. Rep) + X + David DeSanto + + +
Kusari (General Mem. Rep) + X + Michael Lieberman + + +
Lockheed Martin(General Mem. Rep) + X + Ian Dunbar-Hall + + +
Rust Foundation (Assoc. Mem. Rep) + X + Rebecca Rumbul + + +
Intel (TAC Representative) + X + CRob Robinson + + Arnaud Le Hors +
SCIR + X + Justin Cappos + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
OpenSSF and Linux Foundation Staff + + +
General Manager, OpenSSF + X + Omkar Arasaratnam +
Chief of Staff, OpenSSF + X + Harry Toor +
Ecosystem Strategist, OpenSSF + X + Bennett Pursell +
Technical Project Manager, OpenSSF + X + Adrianne Marcum +
VP of Open Source Supply Chain Security + X + David A. Wheeler +
Director of Program Management + X + Amanda Martin +
Program Manager + X + Khahil White +
Program Manager + X + Kenny Paul +
Chief Architect + X + Dana Wang +
Community Manager + + Cheuk Ho +
Program Coordinator + X + Reden Martinez +
Sr. Marketing Manager + X + Jennifer Bly +
Inside Sales Representative & Manager + X + Randi Armour +
Executive Director, The Linux Foundation + + Jim Zemlin +
SVP, GM of Projects, The Linux Foundation + + Mike Dolan +
SVP of Program Operations, The Linux Foundation + X + Todd Moore +
+ + +### Introduction + +Omkhar Arasaratnam (OA) called the meeting to order at 11:00 am Eastern Time, Reden Martinez (RM), Dr. Amanda Martin (DM) and Adrianne Marcum (AM) recorded the minutes. A quorum of Governing Board Members was established for the conduct of business, and the meeting, having been duly convened, was ready to proceed with business. + + +### Attendance, Antitrust, Voting + +OA introduced the objectives and agenda for the meeting. There were no additional topics added. + +OA reminded the Governing Board of the Linux Foundation [antitrust policy](http://www.linuxfoundation.org/antitrust-policy) notice to which all meetings must adhere. + + +### Approval of Minutes + + + +* [WE HEREBY APPROVE/]: That the minutes of the December 12th, 2023 meeting of the Board of Directors, in the form attached hereto as Exhibit A, are hereby confirmed, approved and adopted. Minutes attached as Exhibit A. [/RESOLVED] + * Stephen Walli motioned to approve. + * Arun Gupta seconded the motion. + * All in favor; motion carried. + + +### Staffing Update + + + +* OA introduced the new added members of the OpenSSF Staff. + + +### CISA -RFC + +* Brian Fox discussed the US Cybersecurity and Infrastructure Security Agency (CISA) announcement regarding the Request for Comment outlined in this [article](https://www.federalregister.gov/documents/2023/12/20/2023-27948/request-for-information-on-shifting-the-balance-of-cybersecurity-risk-principles-and-approaches-for). The request is to include comments on many related topics beyond the written content. Submissions are expected by February 20, 2024 and the response from the OpenSSF requires approval from the Governing board. +* [WE HEREBY APPROVE/]: This Temporary CISA RFC Committee has delegated authority to send in the OpenSSF response, as being prepared in [Exhibit B](https://docs.google.com/document/d/1FYY7DyLI7ReltlDN0ncdt1h6NwQK61MHlBKHpJ0l60A/edit#heading=h.m6m38593npz0), when they deem ready by their own consensus vote by the February 20th deadline. [/RESOLVED] + * Jamie Thomas motioned to approve. + * CRob seconded the motion. + * All in favor; motion carried. + +Technical Response Committee + +* Brian Fox presented the links, which include the responses from OpenSSF that require approval of the Governing Board. + + Clarification - This is two separate votes, one being there is a new committee and the second being that we are re-scoping the PPC committee. We are combining these into one vote for simplicity with the AND representing her a clause of “IN ADDITION TO” + +* [WE HEREBY APPROVE/]: That the Technical Response Committee (TRC) as defined in _[Exhibit C OpenSSF Committee Resolutions v2 - Google Docs](https://docs.google.com/document/d/1I8RlqYUBHM_Wo70_b90sHwHyr9tIj5DQ_3daniCCK6Y/edit) should be considered by the OpenSSF Governing Board as a Committee of the Board AND the Public Policy Committee (PPC) Resolutions should be rescoped giving both delegated authority. [/RESOLVED] + * Brian Fox motioned to approve. + * Stephen Walli seconded the motion. + * All in favor; motion carried. + +Committees of the Board + +* Dr. Amanda Martin presented the current committees of the board and those requiring additional seats for a vote: +* The Governance Committee has 4 seats currently open +* The Public Policy Committee has 7 seats currently open +* The Technical Response Committee, currently pending, has 7 seats open for nomination + +Marketing Advisory Board + + + +* Harry Toor discussed the proposal to establish Marketing Advisory Board +* Premier Members exclusively serve on this committee or anyone employed from the member company. +* The Marketing Committee received only 2 out of 7 expected nominations and heavily relies on staff support. Its successful Editorial Panel operates independently, while the committee lacks delegated authority. +* Proposal: reimagine marketing committee as a task force to provide advice and take on focused initiatives +* Would like to see a scope - come back to the GC with this scope +* Would like to see regular reporting to the board - such as information +* [WE HEREBY APPROVE/]: The Governing Board establishes a Marketing Advisory Council that allows all OpenSSF members to participate as well as Linux Foundation Members. This Advisory Council reports to the staff. [/RESOLVED] + * CRob motioned to approve. + * John Roese seconded the motion. + * All in favor; motion carried. + +SOSS Task Force + + + +* UPDATE: Adrianne Marcum (AM) provided updates on the SOSS Task Force. They contacted and proposed roadmaps, shared them with other task forces and the TAC. The task forces are setting up work structures, including coordination with existing Working Groups. There's ongoing activity within the OSIS and EDU task forces. AM also highlighted the accomplishments of the Task Force. +* CTA: + * Original DC SOSS Summit participants for OSSIE and TRSI TFs join the discussion + * Folks with experience hiring secure software engineers reach out to EDU-TF to help with Focus Area #2 and #3 +* AM also introduced the proposed roadmap and quarterly focus efforts for the following Task Forces for the remainder of 2024: + * (OSSIE-TF) Open Source Security Integration and Enhancement Task Force + * (TRSI-TF) Trusted Repository Security Initiative + * (OSIS-TF) Open Source Integrity and Standardization Task Force + * (EDU-TF) Open Source Education Task Force +* Eric Brewer suggested that OPENSSF could potentially establish a core class model. This would involve centralized lectures, with individual colleges managing their own TA grading and sessions. He pointed out that similar practices are already in place for large classes at Berkeley, demonstrating effective scalability. +* SOSS EU Task Force + * Harry Toor introduced the launch of the EU Task Force for public policy advocacy, under the leadership of Georg from Ericsson. OpenSSF invites members to join this initiative. For involvement, reach out to [operations@openssf.org](mailto:operations@openssf.org). + + +### Training and Certification Plans + + + +* David Wheeler discussed plans for training and certification. +* Feedback on the Secure Software Development Fundamentals Course was analyzed, suggesting the addition of multimedia (videos), labs, and refined questions. Related courses were analyzed, leading to the development of a proposed plan. A cybersecurity education survey will be conducted with LF Research to identify the top advanced areas. +* Main Thrusts: + * Enhance fundamentals course with videos, optional labs, and refinements, remaining free. + * Draft a course for managers overseeing software developers by June 30, 2023, focusing on expectations for secure software development. + * Develop a relatively short advanced software development course ("201") based on identified areas, potentially funded by OpenSSF with fees. + + +### Governance Committee Status Update + + + +* Jeff Borek (JB) provided updates on the GC status, highlighting its ongoing role as a catalyst between the GB, TAC, and LF staff, facilitating timely progress towards organizational and community goals. JB also shared the list of current voting members for 2024. + +TAC Updates + + + +* CRob presented the TAC of 2024 and the TI updates of each working group +* New TAC with expanded diversity and staggered seat terms. +* "Identifying Security Threats WG" renamed to "Metrics & Metadata WG." +* Adoption of DEI WG and protobom by Tooling WG. +* Ongoing efforts include conducting a TI documentation audit, clarifying TAC election processes, and enhancing the "Maintainer Experience" within the OpenSSF. + + +### Upcoming Events + + + +* Harry Toor shared the upcoming OpenSSF events for the first half of 2024 + + +### Closing + +OA called for additional topics and called the meeting to a close, and the meeting of the Governing Board adjourned at 12:18 PM Eastern Time. + + +### Decisions + + + + + + + + + + + + + + + +
That the minutes of the December 12st, 2023 meeting of the Board of Directors, in the form attached hereto as Exhibit A, are hereby confirmed, approved and adopted. Minutes attached as Exhibit A. +
This Temporary CISA RFC Committee has delegated authority to send in the OpenSSF response, as being prepared in Exhibit B, when they deem ready by their own consensus vote by the February 20th deadline. +
That the Technical Response Committee (TRC) as defined in Exhibit C OpenSSF Committee Resolutions v2 - Google Docs should be considered by the OpenSSF Governing Board as a Committee of the Board AND the Public Policy Committee (PPC) Resolutions should be rescoped giving both delegated authority. +
The Governing Board establish a Marketing Advisory Council that allows all OpenSSF members to participate as well as Linux Foundation Members. This Advisory Council reports to the staff and shares information with the GB. +
+ + +**Action Items** + + + +* Harry Toor will work with the Governance Committee to help develop a scope for the Marketing Advisory Council +* Amanda Martin to send out the Interest form for TRC \ No newline at end of file