Skip to main content

Week at a Glance – Mar 4

By March 4, 2024Newsletter

Community Updates

Metrics & Metadata WG

The Working Group “Metrics & Metadata” (formerly “Identifying Security Threats”) started three years ago by releasing the first version of the paper “Threats, Risks, and Mitigations in the Open Source Ecosystem” to help open source maintainers and contributors identify threats in the development cycles of a project and evaluate risks in the open source ecosystem. 

Keeping in mind this purpose, the Working Group has continued to work on projects that could help open source consumers to better evaluate the health of open source projects. 

We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part. 

Working Group Calendar: Metrics & Metadata WG meeting on Tuesday @ 6 PM (UTC) every 2 weeks.

Slack Channel: #wg_metrics_and_metadata

GitHub Repositories:


  • SECURITY INSIGHTS Specification
  • Risk Assessment Dashboard SIG

Luigi Gubello (Co-Lead of Metrics & Metadata Working Group)

Micheal Scovetta (Co-Lead of Metrics & Metadata Working Group)

Last Updates:

  • We have improved the Docker container to run the SECURITY INSIGHTS Validator (ossf/si-tooling) by making it easier to use.
  • We have published a GitHub Action (luigigubello/security-insights-validator-ga) to run the SECURITY INSIGHTS Validator directly in the GitHub Workflows.
  • We are actively working on the release v1.1 of the SECURITY INSIGHTS specification.

Everyone is welcome, and we appreciate contributions, questions, feedback, and help because they assist us in improving our work. 🌸 Don’t be afraid if you don’t work in the info security field; we genuinely value contributions from individuals with diverse backgrounds 🦄.

OpenSSF Supports White House’s Efforts to Build More Secure and Measurable Software

Efforts to Build More Secure and Measurable SoftwareThe US Office of the National Cyber Director (ONCD) report Back to the Building Blocks: A Path Toward Secure and Measurable Software, was released today. The report provides valuable insights into strategies to improve software security. This paper emphasizes the importance of proactive measures in mitigating vulnerabilities by examining pivotal principles such as memory safety, measurements, and metrics to help enhance software security. The OpenSSF supports efforts like this from the public sector, which improve the security of open source software.  Read more.

SOSS Community Day North America (NA) Agenda Live

SOSS Community Day register now

We’re excited to announce that the agenda for Secure Open Source Software (SOSS) Community Day NA on April 15, 2024 is now available! Join us for a day of technical talks, panels, and a Table Top Exercise (TTX). SOSS Community Day is co-located with Open Source Summit North America in Seattle, WA.  Read more.

Golden Egg Award: Celebrating Exceptional Contributions in the OpenSSF Community

Golden Egg AwardIn Open Source Security Foundation (OpenSSF), we shine a light on those who go above and beyond in enriching our community. The Golden Egg Awards recognize individuals as the driving force behind innovation. Read more.

In the Headlines

Don’t Forget…




This post represents the views of the authors & does not necessarily reflect those of all OpenSSF members.