From 1021bc4a6782980eda09117ed6840df68ad165b0 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Tue, 3 Feb 2026 09:33:01 -0600 Subject: [PATCH 1/4] Added ORBIT incubating stage docs Signed-off-by: Eddie Knight --- .../ORBIT_WG_incubating_stage.md | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md diff --git a/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md b/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md new file mode 100644 index 00000000..d699bca8 --- /dev/null +++ b/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md @@ -0,0 +1,77 @@ +## Working Group incubation application + +### List WG Chair(s) and or Vice Chair +The WG must have a minimum of 1 Chair + * "name, affiliation, GitHub ID" + +#### Co-Chairs +1. [Eddie Knight](https://github.com/eddie-knight) (Sonatype) +1. [Jenn Power](https://github.com/funnelfiasco) (Kusari) +1. [Ben Cotton](https://github.com/jpower432) (Red Hat) +1. [Travis Truman](https://github.com/trumant) (CVS Health) +1. [John Kjell](https://github.com/jkjell) (ControlPlane) + +### Working Group (WG) has met all Sandbox requirement + * "link to sandbox PR if exists" + * https://github.com/ossf/tac/pull/469 + +#### Mission of the Working Group +The WG must be aligned with the OpenSSF mission and address an unfulfilled need. It is preferred that topics falling with the scope of existing OpenSSF WGs are addressed within the existing wG rather than seek a new WG. + * "description of the WG mission" + * https://github.com/ossf/wg-orbit/blob/main/CHARTER.md#1-mission-and-scope + +#### IP policy and licensing due diligence +When contributing to OpenSSF any existing material for the new WG to work on, the contribution must undergo license and IP due diligence by the Linux Foundation (LF). + * "yes / no / not applicable. If yes, provide a link to the corresponding GitHub issue." + * Not applicable. + +#### TAC Sponsor +TAC sponsor agrees to attend WG meetings regularly, although they are not required to have a formal role in WG. + * "name of TAC sponsor" + * [Michael Lieberman](https://github.com/mlieberman85) (Kusari) + +### List of regular contributors +The WG must have a minimum of 5 contributors from at least 3 different organizations attending regularly. + * "name, affiliation, GitHub ID" + +- CRob, OpenSSF-LF, [SecurityCRob](https://github.com/SecurityCRob) +- Eddie Knight, Sonatype [eddie-knight](https://github.com/eddie-knight) +- John Kjell, ControlPlane, [jkjell](https://github.com/jkjell) +- Sarah Evans, Dell, [sevansdell](https://github.com/sevansdell) +- Jason Meridth, GitHub, [jmeridth](https://github.com/jmeridth) +- Adolfo García Veytia, Carabiner Systems, [puerco](https://github.com/puerco) +- Ben Cotton, Kusari, [funnelfiasco](https://github.com/funnelfiasco) +- Justin Cappos, NYU, [JustinCappos](https://github.com/JustinCappos) +- Jenn Power, Red Hat, [jpower432](https://github.com/jpower432) +- Evan Anderson, Custcodian, [evankanderson](https://github.com/evankanderson) +- Travis Truman, CVS Health, [trumant](https://github.com/trumant) +- and more... + +### Mission of the Working Group +The WG must have a charter or mission statement for review by TAC + * Link to the WG charter or mission statement defining its goals. + * https://github.com/ossf/wg-orbit/blob/main/CHARTER.md + +### Governance +WG must have documented, initial group governance. + * Link to initial group governance doc + * https://github.com/ossf/wg-orbit/blob/main/CHARTER.md + +WG must have met publicly at least 5 times in the last quarter since becoming Sandbox + * Link to public meeting notes (or ideally recordings) + * https://docs.google.com/document/d/1Hf-SsjYaAvY2Nk_jJ2-aHMqgBi1qg7oIj3PJWsCEe0U/edit?tab=t.0#heading=h.omyjy2x7t74i + +WG must have defined Contributor Guide + * "link to contributor guide" + * https://github.com/ossf/wg-orbit/blob/main/CONTRIBUTING.md + + Reference | URL | +|-----------------------|-----| +| Repo | https://github.com/ossf/wg-orbit | +| Meeting Agenda | https://docs.google.com/document/d/1Hf-SsjYaAvY2Nk_jJ2-aHMqgBi1qg7oIj3PJWsCEe0U/edit?tab=t.0#heading=h.omyjy2x7t74i | +| OSSF Calendar Entry | https://zoom-lfx.platform.linuxfoundation.org/meeting/93627442621?password=73db7cce-059e-420b-ab29-eabdcbcedf8b | +| Website | https://openssf.org/groups/orbit/ | +| Contributing guide | https://github.com/ossf/wg-orbit/blob/main/CONTRIBUTING.md | +| Security.md | https://github.com/ossf/wg-orbit/blob/main/SECURITY.md | +| code-of-conduct.md | https://openssf.org/community/code-of-conduct/ | +| Other | | From b08a197df2dbc0c143615f70f3ee34eb6aa0b874 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Thu, 5 Feb 2026 16:59:33 -0600 Subject: [PATCH 2/4] Apply suggestion from @eddie-knight Signed-off-by: Eddie Knight --- process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md b/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md index d699bca8..ea019932 100644 --- a/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md +++ b/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md @@ -6,8 +6,8 @@ The WG must have a minimum of 1 Chair #### Co-Chairs 1. [Eddie Knight](https://github.com/eddie-knight) (Sonatype) -1. [Jenn Power](https://github.com/funnelfiasco) (Kusari) -1. [Ben Cotton](https://github.com/jpower432) (Red Hat) +1. [Ben Cotton](https://github.com/funnelfiasco) (Kusari) +1. [Jenn Power](https://github.com/jpower432) (Red Hat) 1. [Travis Truman](https://github.com/trumant) (CVS Health) 1. [John Kjell](https://github.com/jkjell) (ControlPlane) From e7acb6395ad0762f6adcb9a1d4fd9ffab58975bd Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Tue, 17 Feb 2026 08:31:20 -0600 Subject: [PATCH 3/4] Update process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md Signed-off-by: Eddie Knight --- process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md | 1 - 1 file changed, 1 deletion(-) diff --git a/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md b/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md index ea019932..6d5bd4cd 100644 --- a/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md +++ b/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md @@ -72,6 +72,5 @@ WG must have defined Contributor Guide | OSSF Calendar Entry | https://zoom-lfx.platform.linuxfoundation.org/meeting/93627442621?password=73db7cce-059e-420b-ab29-eabdcbcedf8b | | Website | https://openssf.org/groups/orbit/ | | Contributing guide | https://github.com/ossf/wg-orbit/blob/main/CONTRIBUTING.md | -| Security.md | https://github.com/ossf/wg-orbit/blob/main/SECURITY.md | | code-of-conduct.md | https://openssf.org/community/code-of-conduct/ | | Other | | From b88edf2cbb975daacb6237b05c2f25a8d4f90411 Mon Sep 17 00:00:00 2001 From: Eddie Knight Date: Wed, 15 Apr 2026 00:07:25 -0500 Subject: [PATCH 4/4] Added MVSSR section Signed-off-by: Eddie Knight --- .../ORBIT_WG_incubating_stage.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md b/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md index 6d5bd4cd..9ad65f03 100644 --- a/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md +++ b/process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md @@ -1,15 +1,12 @@ ## Working Group incubation application ### List WG Chair(s) and or Vice Chair -The WG must have a minimum of 1 Chair - * "name, affiliation, GitHub ID" #### Co-Chairs 1. [Eddie Knight](https://github.com/eddie-knight) (Sonatype) 1. [Ben Cotton](https://github.com/funnelfiasco) (Kusari) 1. [Jenn Power](https://github.com/jpower432) (Red Hat) -1. [Travis Truman](https://github.com/trumant) (CVS Health) -1. [John Kjell](https://github.com/jkjell) (ControlPlane) +1. [Nicole Bates](https://github.com/nikbat) (Microsoft) ### Working Group (WG) has met all Sandbox requirement * "link to sandbox PR if exists" @@ -52,6 +49,18 @@ The WG must have a charter or mission statement for review by TAC * Link to the WG charter or mission statement defining its goals. * https://github.com/ossf/wg-orbit/blob/main/CHARTER.md +### Alignment with the OpenSSF MVSSR +The mission of the WG must be aligned with the [Mission, Vision, Values, Strategy, and Roadmap (MVVSR)](https://openssf.org/about/) of the OpenSSF. Please indicate to which of the three strategies and four pillars of the OpenSSF the WG is contributing to. + +Strategies: *i) Catalyst for Change*, *ii) Educate and Empower the Modern Developer*, *iii) Ecosystem Leader* + * **Catalyst for Change**: ORBIT develops interoperable baselines and specifications (e.g., the Open Source Project Security Baseline and the Security Insights Specification) that drive adoption of "secure by design/default" practices by defining clear, actionable security standards for open source projects. + * **Educate and Empower the Modern Developer**: Through initiatives like ORBIT Launchpad, the WG provides resources and guidance that help developers and maintainers understand and implement security baselines in their projects. + * **Ecosystem Leader**: ORBIT focuses on interoperability—standardizing how security-relevant data is identified, formatted, and shared across tools and ecosystems—positions the OpenSSF as a leader in cross-ecosystem security collaboration. + +Pillars: *i) Programs & Projects, ii) Education, iii) Public Policy, iv) Community & Events* + * **Programs & Projects**: ORBIT maintains several active technical initiatives including the Open Source Project Security Baseline, Security Insights Specification, Gemara, and ORBIT Launchpad, all focused on producing practical, reusable security artifacts. + * **Education**: The WG contributes educational resources through its specifications and Launchpad materials to help projects and end users alike. + ### Governance WG must have documented, initial group governance. * Link to initial group governance doc