2022: January/February Update
Published on February 25, 2022 by Duane O'Brien
Our progress was slow through the holidays, but we did make some. As we've come into 2022, there has been some behind-the-scenes activity that I'd like to capture here as part of our progress update.
We created a public repository to contain project artifacts, including a more thorough description of the project for public consumption. Our intent is to produce the OSPO Classification methodology here as well.
We've also had some internal discussion on the project team to clarify roles and responsibilities, which has highlighted the need to engage external project management support to help us produce and deliver artifacts.
There have been a couple changes in the broader ecosystem that should be taken into consideration as they relate to FOCUSED. Specifically worth noting are:
We created a public repository to contain project artifacts, including a more thorough description of the project for public consumption. Our intent is to produce the OSPO Classification methodology here as well.
We've also had some internal discussion on the project team to clarify roles and responsibilities, which has highlighted the need to engage external project management support to help us produce and deliver artifacts.
There have been a couple changes in the broader ecosystem that should be taken into consideration as they relate to FOCUSED. Specifically worth noting are:
- The Executive Order on Improving the Nation’s Cybersecurity and the reference to Software Bill Of Materials, which has energized discussion in this space;
- The Open Source Security Foundation's Alpha and Omega project, which is also focused on dependency analysis in ways that might inform our work;
- Deps.cloud is in maintenance mode, at least at the time of this writing. We need to engage with the project maintainer to discuss;
- The release of this report by the Linux Foundation which discusses an Open Source Program Office Maturity Model.
We want to recast some of our work against this new information so that we can better inform the work yet to be done for FOCUSED. At this time, we don't think any of this information replaces any of our planned work, but there do appear to be opportunities to incorporate new research as we move forward.
-Duane
-Duane