Skip to content

Commit

Permalink
new candidates
Browse files Browse the repository at this point in the history
  • Loading branch information
@hythloda
hythloda authored Dec 15, 2023
1 parent 9307f2e commit 1efca60
Show file tree
Hide file tree
Showing 3 changed files with 167 additions and 1 deletion.
36 changes: 35 additions & 1 deletion elections/OpenSSF-SCIR-Nomiations-2024.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,5 +57,39 @@ Company: Dell Technologies
<td>As the OpenSSF SCIR I will bring to the board a strong technical security community perspective. My 15+ year security career has been primarily developer- and community-focused. I will channel this energy and focus on developing the security capabilities of the OpenSSF and the broader open-source community. I am a product security engineer, architect, and leader with experience in all phases of the development process “from concept to end of life”, with an emphasis on security by design of software, hardware, and organizational systems. I co-authored “Threat Modeling: A Practical Guide for Development Teams”, co-creator of the Threat Modeling Manifesto, and a founding member and maintainer of the pytm project (an OWASP Incubator project for "threat modeling as code"). I have been actively involved in open community initiatives with participation in the Hardware CWE and CWE/CAPEC User Experience working groups (led by MITRE), OWASP, and the OpenSSF End User WG and Security Toolbelt SIG. I am also involved in efforts at SAFECode and FIRST. I work at Dell Technologies in the Product and Application Security team helping Dell product teams design and implement secure systems with responsible consumption and use of open-source components. I believe my experience lends itself well to the SCIR role of the OpenSSF GB, where I will utilize my experiences in developer focused security to ensure strategic efforts are consumable and actionable for the developer community at large.
</td>
</tr>

<tr>
<td>Michael Lieberman
</td>
<td>Pronouns: He/Him
<p>
<br>
Company: Kusari
<p>
<p>
<a href="https://github.com/mlieberman85">GitHub</a> <p>
<p>
<a href="https://www.linkedin.com/in/michael-lieberman-65786ba/">LinkedIn</a>
</td>
<td>I have been heavily involved in OpenSSF for the past few years. I started off contributing on behalf of an end user and now have co-founded a startup that is also heavily involved in the OpenSSF. I am a SLSA steering committee member and maintainer. I am co-creator and maintainer of GUAC, an incubating project. I am currently a TAC member and sponsor of GitTUF and SBOMit. I am heavily involved in the Security Toolbelt initiative. I am a regular attendee of multiple other working groups. I have also done a lot of work to push OpenSSF supply chain security initiatives through the work of the Supply Chain Integrity Working Group and regularly speaking at conferences like Open Source Summit, Kubecon, and OpenSSF day. I am also a CNCF TAG Security lead and help out with collaborative efforts between CNCF and OpenSSF.
<p>
I believe my broad understanding of OpenSSF TIs, and their goals along with the perspective I have as a hands on keyboard engineer I think make me a good fit as the SCIR.
</td>
</tr>
<tr>
<td>Justin Cappos
</td>
<td>Pronouns: He/Him
<p>
<br>
Company: New York University
<p>
<p>
<a href="https://github.com/JustinCappos">GitHub</a> <p>

</td>
<td>I'm an active participant in the LF and in software supply chain security. I am a creator of the CNCF graduated project TUF and the incubating project in-toto. I am also a creator of the JDF and IEEE/ISTO standardized project Uptane, which deals with securing updates for automobiles. I am a creator of two OpenSSF sandbox projects, gittuf and SBOMit as well. My dissertation work was in designing the first package manager for the cloud and led to improvements in YaST, YUM, Apt, and PACMAN. I am also a Tech Lead in CNCF's TAG Security, where I facilitate security assessments for CNCF projects.
<p>
Right now, all but 2 board members are from industry (and one is the SCIR seat which I am applying for). I am motivated to be a vendor neutral voice and to also try to increase academic ties with the OpenSSF. I feel like this will add an more diverse perspectives and increase impact.
</td>
</tr>
</table>
93 changes: 93 additions & 0 deletions elections/OpenSSF-TAC-GB-Nomiations-2024.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
<table>
<tr>
<td>Full Name
</td>
<td>Socials/Company
</td>
<td>Why do you want to serve on the OpenSSF TAC?
</td>
</tr>
<tr>
<td>Christopher "CRob" Robinson
</td>
<td>Pronouns: He/Him
<p>
<br>
Company: Intel
<p>
<p>
<a href="https://github.com/SecurityCRob">GitHub</a> <p>
<p>
<a href="https://www.linkedin.com/in/darthcrob/">LinkedIn</a>
</td>
<td>Intel nominates Christopher "CRob" Robinson as a GB-appointed TAC member. CRob has been involved with the foundation since just after its inception and has been a strong community member and participant ever since. CRob leads multiple Technical Initiatives (BEST WG, Vuln Disclosure WG, Security Toolbelt, EDU.SIG) and participates in the End User WG, Governance Committee, DevRel Committee, and Public Policy Committee. For the last two years CRob has served on the TAC, and in 2023 voted by his peers to serve as the TAC's Chairperson and liaison with the Governing Board. We feel CRob sets an excellent role-model for community engagement and participation that we would like to see continued in 2024 and beyond.
</td>
</tr>
<tr>
<td>Sarah Evans
</td>
<td>Pronouns: She/Her
<p>
<p>
Company: Dell
<p>
<p>
<a href="https://github.com/sevansdell">GitHub</a> <p>
<p>
<a href="www.linkedin.com/in/sarah-evans-9456173">LinkedIn</a>
</td>
<td>I would like to serve as the GB appointed TAC member to contribute technical leadership to OSS security objectives. My current engagement with OpenSSF has primarily leveraged my business experience. I have participated as a Governing Board observer seeking to accelerate Technical Initiatives through strategic governance and operations. Accomplishing this goal required partnership with the TAC and gave me a deep appreciation for the technical leadership they provide. Appointing me to a TAC leadership role more specifically allows the OpenSSF to leverage my technical expertise.
<p>
I bring diverse technical and security experience to the TAC. In my current role at Dell, I perform cybersecurity innovation research for the global CTO R&D organization. I have also been an enterprise security architect for Dell’s internal security team and have held roles in Identity and Access Management and IT at Wells Fargo and the US Air Force. Balancing these experiences in large enterprises, I have also worked in regional companies with small IT teams to create security partnerships with individual software developers.
<p>
As a GB appointed TAC member, I will collaboratively apply both my technical security and business strategy leadership with other TAC members to accelerate technical OSS security outcomes.
</td>
</tr>
<tr>
<td>Zach Steindler
</td>
<td>Pronouns: He/Him
<p>
<p>
Company: GitHub
<p>
<p>
<a href="https://github.com/steiza">GitHub</a> <p>
<p>
<a href="https://www.linkedin.com/in/steiza/">LinkedIn</a>
</td>
<td>Zach has been an extremely engaged member of the TAC since being nominated to serve there several months ago. He's deeply committed to this problem space and wants to continue to serve. He's also demonstrated a broad ability to interact with peers across the ecosystem to drive change in a way that brings others along. I've included his statement from his application to be on the ballot for another term on the TAC.

"The OpenSSF continues to drive forward the security of the open source ecosystem, but there’s plenty of work left to do. The TAC needs to continue to make the Technical Initiative (TI) process more clear and straightforward, something I experienced first-hand in helping the AI/ML Working Group (WG) get accepted at the Sandbox stage. Over the past months, I revised the Special Interest Group lifecycle process to make it more clear and straightforward, as well participated in the Operating Model Committee to standardize the lifecycle process across all TIs. In terms of concrete security capabilities, as a co-chair of the Securing Software Repositories WG I authored “Build Provenance for All Package Registries” describing how we integrated build provenance with npm and how other registries could do the same. Soon after, the WG published a proposal “Build Provenance and Code-signing for Homebrew”, which was subsequently funded by Alpha Omega and is in the process of being implemented. The WG also adopted the Repository Service for TUF project which is helping RubyGems protect its package index from malicious tampering. I’m also an active contributor to the Sigstore project.
In short, I want to serve another term on the OpenSSF TAC to continue making our organization easier to understand and work with, to ensure our proposed security capabilities are easy to use with minimal burden on maintainers and consumers, and to ensure these capabilities deliver meaningful security impact in the next year."
</td>
</tr>
<tr>
<td>Bob Callaway
</td>
<td>Pronouns: He/Him
<p>
<p>
Company: Google
<p>
<p>
<a href="https://github.com/bobcallaway">GitHub</a> <p>
<p>
<a href="https://www.linkedin.com/in/bobcallaway/">LinkedIn</a>
</td>
<td>I have served on the OpenSSF TAC for the past two years (one as chair) and have worked with my colleagues on the TAC & governing board to adopt a project governance process and refined the technical vision of the foundation. We have made significant progress in 2022-2023 in evolving the identity of the OpenSSF and helped to guide the community to address the wide landscape of problems present in this space. I am nominating myself in this election as I hope to continue to support the critical work of the OpenSSF in addressing current and future threats to the broader OSS ecosystem.
<p>
For over a decade, I have been involved in various open source communities in professional
<p>
roles focused on upstream development, partner strategy and ecosystem engagement. I
<p>
currently lead part of Google’s Open Source Security Team, where we directly contribute to
<p>
critical projects and drive communication & adoption of secure software supply chain best
<p>
practices. I also am a founding member of the Sigstore TSC where we have built an exploding community of vendors, individuals and users focused on improving transparency of the supply chain and dramatically improving the UX for consumers and producers of OSS software.
<p>
As part of the OpenSSF TAC, I would continue to bring a breadth of experience and industry & academic connections to bear to help accelerate the impact of the various working groups. I am eager to support the OpenSSF's continued growth as both a forum for evangelizing best practices and as an sponsoring organization for projects that are laser-focused on helping OSS communities and users improve their security posture.
</td>
</tr>
</table>
39 changes: 39 additions & 0 deletions elections/OpenSSF-TAC-Nomiations-2024.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -249,4 +249,43 @@ Company: solo.io
With extensive experience in open-source software development and management, particularly in containers, service mesh, security and distributed systems, Lin is enthusiastic about facilitating collaboration between OpenSSF and CNCF projects. She aims to promote the adoption of best open-source security practices within some of the leading CNCF projects. Lin's background as an Istio maintainer and leader, CNCF ambassador, and TAG co-chair uniquely positions her to bring valuable insights from CNCF to OpenSSF. She is a member of the GUAC community and has already started to contribute to it from the lens of an Istio maintainer.
</td>
</tr>
<tr>
<td>Justin Cappos
</td>
<td>Pronouns: He/Him
<p>
<br>
Company: New York University
<p>
<p>
<a href="https://github.com/JustinCappos">GitHub</a> <p>
<p>
</td>
<td>I'm an active participant in the LF and in software supply chain security. I am a creator of the CNCF graduated project TUF and the incubating project in-toto. I am also a creator of the JDF and IEEE/ISTO standardized project Uptane, which deals with securing updates for automobiles. I am a creator of two OpenSSF sandbox projects, gittuf and SBOMit as well. My dissertation work was in designing the first package manager for the cloud and led to improvements in YaST, YUM, Apt, and PACMAN. I am also a Tech Lead in CNCF's TAG Security, where I facilitate security assessments for CNCF projects.
<p>
I'm a big believer in open source and in the free exchange of ideas. I don't think any organization or group has a monopoly on good ideas and I think that all should be treated fairly and equally. I believe that a greater representation for vendor-neutral, security-focused voices in the OpenSSF will strengthen the TAC and the OpenSSF overall.
</td>
</tr>
<tr>
<td>John Kjell
</td>
<td>Pronouns: He/Him
<p>
<br>
Company: TestifySec
<p>
<p>
<a href="https://github.com/jkjell">GitHub</a> <p>
<p>
<a href="https://www.linkedin.com/in/john-kjell/">LinkedIn</a>
</td>
<td>"John's candidacy for the Technical Advisory Council (TAC) at OpenSSF is driven by two core objectives: firstly, to contribute to the education of the community on security best practices, maximizing current technological capabilities, and secondly, to facilitate and contribute to the development of innovative solutions for emerging security challenges.
<p>
John's engagement with OpenSSF began with his contributions to Project Sigstore. He has since actively contributed to the SBOMit project, Supply Chain Integrity (SCI) Working Group, SCI Positioning SIG, the SLSA Specification, and the Security Toolbelt. Beyond OpenSSF, he maintains Witness and Archivista, sub-projects of in-toto, under the CNCF. His role in the CNCF TAG Security Supply Chain Security Working Group further showcases his commitment to this domain.
<p>
With extensive experience in software engineering and management, John has built open-source and commercial products from scratch. This experience equips him with vital skills for the TAC role, including community building, mentorship, feedback integration, problem analysis, and effective communication with stakeholders. John led the initial development of supply chain security features for VMware's Tanzu Application Platform and currently serves as the Director of Open Source at TestifySec, focusing on enabling supply chain security for all.
<p>
John’s blend of practical experience, active contributions to projects, and experience in supply chain security make him an ideal candidate for the TAC, ready to contribute to OpenSSF’s mission."
</td>
</tr>
</table>

0 comments on commit 1efca60

Please sign in to comment.