Contributors play an important role in the OpenSSF and the Linux Foundation, so we want to give you a chance to meet some of the amazing individuals in the open source software (OSS) security community. Over the next few weeks we’ll be featuring maintainers and contributors and hearing how they came to the community, what their experiences have been like, and what advice they have for others.
Meet Christopher “CRob” Robinson, Director of Security Communications, Intel Corporation
Christopher ‘CRob’ Robinson is Director of Security Communications, Product Assurance & Security at Intel Corporation. CRob is a 41st level Dungeon Master and a 24th level Securityologist. He enjoys hats, herding cats, and moonlit walks on the beach.
How are you involved in the OpenSSF?
Working Group (WG) & Special Interest Group (SIG) facilitator- Technical Advisory Council (TAC) member,
- Committee member (Governance, Public Policy)
- Project(s) individual contributor,
- Goose-hat wearer
I’m very fortunate to have found communities of like-minded people that align with my background and personal interests within the OpenSSF. In each group I get to contribute to and work alongside this amazing collection of other passionate people all focused on similar goals. Each of these groups plays into skills I’ve been able to cultivate over the years: application security, security architecture, vulnerability management and coordination, supporting customers and end-users, education, leadership, mentoring. I really feel like I have a home here and that my contributions have a meaningful impact to the community.
We get to work on complex, real-world problems in each group I participate in, which is great! The BEST Practices Working Group and the Education SIG are trying to address the secure open source developer and cybersecurity skills shortage that is so pervasive in the industry today. In the Vulnerability Disclosures Working Group and OSS-SIRT SIG it is a different set of issues. There we’re trying to find ways to help maintainers, researchers, and consumers all have less frictionless paths to the finding, sharing, and fixing of security vulnerabilities in open source software. Then you think about the new End Users Working Group; this team is laser-focused on trying to empower consumers of open source. These folks are really trying to make open source “user friendly” and decipher some of what goes on upstream in simpler terms for downstream. Who doesn’t want that? I also get to stretch my artist side with the crew from the Diagrammers Society. We’re trying to simply articulate what the Foundation is about, what we are all working on, and how all of that connects. If we’re successful there, hopefully that leads to an easier path to onboard new members and contributors if we can convey that vision and strategy. That work plays into my collaboration on the Technical Advisory Council (TAC). That group helps steer the technical vision of the foundation. We’re a liaison between the Governing Board that sets that vision and the Working Groups where the technical work gets done. One of the other areas I am involved in is in the Public Policy Committee. I’ve been involved with the legal and regulatory space for a very long time. I get to help share my experiences and look at developing laws, regulation, and security frameworks from around the globe. We seek to understand what they might mean to the open source ecosystem and if the foundation or our members need to react or get involved in them.
Each of these problems is HUGE and requires a diverse pool of smart people to pitch in and share their ideas to help solve for the ecosystem. I truly think the OpenSSF has *something* going on for people of almost every interest in the OSS universe.
Why did you choose to become involved?
I worked with one of the founding companies for the OpenSSF and volunteered in two areas I was really excited about. That obviously snowballed into much, much more. It’s been a great ride!
Tell us about your experience being a contributor.
Collaborating in the assorted groups in the OpenSSF has been an amazing experience. I’ve gotten to meet people from around the world, from companies large and small, and we’ve worked together to solve really big problems. I’ve met some of my bestest open source friends through contributing and working alongside these amazing people.
Why is being a contributor important?
The impact of our work in the foundation doesn’t just make things better for me, or my company; the work we do makes things better for the whole open source ecosystem from maintainers to consumers, making the world a safer place.
How has your educational and/or professional career led you here?
I’ve been a decade’s long user/consumer of open source, first through Linux, and then into other areas. It was a life-changing opportunity when I was able to work for a company that contributed and maintained many of those programs, libraries, and projects I used to use everyday. Then I was able to take my training and experiences securing large enterprises and offer that expertise to the global open source community. My specialization in security and risk management helps me provide useful and vital feedback as we’re collaborating to solve these huge problems – supply chain security, developer education, coordinating vulnerabilities, protecting developers and their code.
What makes being a contributor rewarding for you?
That my efforts have a global impact far beyond the reaches of one normal individual.
What advice do you have for others?
Find something you’re passionate about or interested in and get involved. Not everyone in open source needs to sling code to have that amplified impact. We need people contributing ideas, helping document or explain things, testing, and security. Every skill has some utility to help the ecosystem better. Find something that appeals to you and show up. Listen and learn. Share your opinions.
Tell us something interesting about yourself. The sky is the limit.
The sky is literally NOT the limit. Open source has an interstellar impact. I once was helping save the Mars Rover program through our work.
To meet other individuals featured in this series, check out our Meet a Maintainer and Contributor Q&A feed as we continue to shine the spotlight on our awesome maintainers and contributors.