Why Am I Running for OpenSSF TAC?

I’m running for OpenSSF TAC, as an independent, in an election that any OpenSSF participants are eligible to vote in. If you’ve been active in OpenSSF, I’d appreciate your vote. The election is open until 30 December. If you’d like to know more background, read on.

In Summer 2022, I joined Snyk and became involved with the Open Source Security Foundation – the OpenSSF. The OpenSSF is a Linux Foundation off-shoot which focuses on … well … Open Source Security – and specifically on “software supply chain” security. My philosophy when it comes to open source foundations and governance bodies like this is that if you want to be involved then it’s best to do so proactively – to jump in with both feet. That is one reason why, in late 2022, I put myself forward as a candidate for OpenSSF’s Technical Advisory Council. 

Given the fact that I’ve been impacted in a recent round of lay-offs at Snyk, you might wonder why am I still involved in this organization and why have I once again put myself forward for OpenSSF TAC election this year?

Since becoming involved with this community, with this part of the open source ecosystem, I’ve become convinced of the importance of this way of thinking about open source software. I still believe what I wrote in 2022: “This web of software that we all rely on so much is under constant attack.” The more developers are empowered and supported to mitigate against software security issues during the development process, the stronger the defence against this attack will be, and the better off actual end users will be. And “end users” does not just mean the most wealthy or privileged doing wealthy, privileged activities. We are talking about people across the socio-economic spectrum who need to use these systems in order to conduct their every day lives. That’s a pretty broad attack surface! I’m convinced that software security has a role to play in ensuring that the web, and other software that billions use every day remains trustworthy.

The types of tooling that OpenSSF provides, such as Scorecard, and the best practices that it produces, such as the source code management configuration guide that I helped work on, play an important role in empowering developers to produce more secure software. We need more of this, and we need more developer awareness of the open source tool chain that’s available to them. That’s why I poured some of my energy into putting together the Secure the Web Forward virtual workshop earlier this year. And that’s why I’m running for OpenSSF TAC again, this time as an independent, to help the organization further its mission of securing the “public good” that is open source software.

Liked this post? Follow this blog to get more. 

1 Comment on “Why Am I Running for OpenSSF TAC?

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.