Re: [open-regulatory-compliance] Vulnerability Handling Task Force Meeti

[Tobie Langel <tobie@xxxxxxxxxxxxxx>]

And of course I forgot to mention the dedicated slack channel for the TF: https://app.slack.com/client/T083EEQCLCC/C0926JH5Y8M

Please remember that Slack isn't archived. If you end-up making substantial progress through Slack discussions, please summarize their outcomes in the mailing list or on GitHub. In general, please prioritize the mailing list or GitHub issues to discuss topics.

Thank you!

--tobie

On Thu, Jun 19, 2025 at 7:06 PM Tobie Langel <tobie@xxxxxxxxxxxxxx> wrote:

Hi all,

Please find the minutes for today's call here: https://github.com/orcwg/orcwg/blob/main/cyber-resilience-sig/minutes/vulnerability-handling-task-force/2025-06-19-mom-vulnerability-handling-tf.md

Please find the agenda for the next meeting (July 3) here: https://github.com/orcwg/orcwg/blob/main/cyber-resilience-sig/minutes/vulnerability-handling-task-force/2025-07-03-mom-vulnerability-handling-tf.md

As agreed during today's call, please use this email thread to discuss topics for potential TF deliverables.

Here are some possible topics that were raised:

• A document describing the role and obligations of stewards
• Best current practise for SBOM in open source projects
• Describing the relation between open source projects and manufacturers in regards to vuln management
  

Additionally, it might be worth getting acquainted with the deliverables plan as it contains a number of deliverables that might be interesting for this TF to get involved with or to drive.

Best,

--tobie

---
Tobie Langel
Tech Lead ORC WG, Eclipse Foundation
Principal, UnlockOpen