Re: [ospo.zone] Ospo OnRamp: see you tomorrow

[Boris Baldassari <boris.baldassari@xxxxxxxxxxxxxxxxxxxxxx>]

Hi Michael, all,

It was a *very* good meeting, thanks for organizing it! 

The presentation by Hendrik was highly interesting (thanks Hendrick!), and the free speech part under the chatham house rule worked remarkably well.

I wanted to share a couple of notes jotted during the call, if anybody is interested.

## Agenda

   * Review OnRamp
   * Log4Shell
   * Free discussion under the chatham house rule.

## Content

Log4Shell

* Strong interest for common, shared resources about security to strengthen the open-source community. The knowledge base from the presentation (using Steady) is an example of that, the discussion held about how to fix the various security consequences around Log4Shell are another great example. **OSPOs can (and should) play a role in this community building.**
* The search string used to look up specific libraries/classes:
[https://search.maven.org/search?q=fc:org.apache.logging.log4j.core.lookup.JndiLookup](https://search.maven.org/search?q=fc:org.apache.logging.log4j.core.lookup.JndiLookup)

Interesting links shared in the chat:

* https://www.openchainproject.org/security-guide
* https://github.com/ossf/wg-securing-critical-projects
* https://deps.dev/
* https://github.com/ossf/scorecard
* https://openinfralabs.org/operate-first-manifesto/
* https://www.sigstore.dev/

Cheers!

--

boris

On Thu, Jan 13, 2022 at 2:03 PM Michael Plagge <michael.plagge@xxxxxxxxxxxxxxxxxxxxxx> wrote:

Dear all,

just in case you just returned from Christmas vacation and missed the first reminder last week for our next meeting

Please join us tomorrow 

January 14th at 10:30-12:00 CET

and don't miss interesting insights by Hendrik Plate from SAP about

“Manage Log4Shell and other open-source vulnerabilities with Eclipse Steady”

Eventlink: https://meet.jit.si/ospo.onramp

So we have the chance to learn about an up-to-date topic, which generated and still generates a high awareness not only in the community but also in the general public.

And we can leverage this for our discussion in the 2nd part of the meeting, to discuss how an OSPO could prepare an organization to mitigate such challenges.

As usual, please spread the word and share the info via your social media channels by e.g. sharing our post

https://www.linkedin.com/posts/eclipse-foundation_opensource-ospos-ospo-activity-6887001724607856640-QWWU 

Looking forward to welcome you in our meeting tomorrow

--Michael

P.S: Meeting link and meeting details as usual at the OPSO OnRamp website at https://ospo.zone/onramp/ 

P.P.S You can find an ICS calendar file with all upcoming meeting dates and more details about the meeting here: https://ospo.zone/onramp/OSPO-OnRamp.ics

Michael Plagge

Director Ecosystem Development | Eclipse Foundation Europe GmbH

M: +49 (0) 172 8688 326 | LinkedIn

Register for our virtual event: EclipseCon 2021 - October 25-28, 2021

Berliner Allee 47, 64295 Darmstadt - Germany

Handelsregister: Darmstadt HRB 92821

Managing Directors: Gaël Blondelle, Mike Milinkovich

_______________________________________________
ospo.zone mailing list
ospo.zone@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org