►
From YouTube: Education SIG (July 12, 2023)
Description
Agenda – https://docs.google.com/document/d/18GBwvQJNcPnwxKrnp43DhBZC7K1JM0xzGkDoKh5mu8U/edit#
Slack – https://openssf.slack.com/archives/C03FW3YGXH9
Mailing List – https://lists.openssf.org/g/openssf-sig-education
Git Repo - https://github.com/ossf/education
C
B
Excuse
my
excuse
to
drink
it,
so
you
know
it
makes
greetings
easier.
B
Ouch,
that
is
morning,
it's
2
p.m.
Here
in
London,
so.
B
B
D
I
actually
had
a
really
bad
stomach
infection
that
used
to
get
me
up
at
like
4
a.m.
No
matter
what
for
like
a
couple
of
years
and
then
since
then,
it
just
became
habit
and
now
I
have
to
because,
like
after
this
call,
I
have
like
a
seven
hour.
Trainer
like
I
have
to
train
a
trainer
for
pie
torch.
So
it
allows
me
to
get
some
stuff
done,
because
I
also
have
to
manage
a
group
of
children
all
day.
A
C
Yeah
I
find
that
small
children
are
a
lot
easier
to
deal
with
than
software
Engineers
yep.
B
Yeah
I
deal
with
both
quite
a
lot,
and
the
only
thing
is
that
you
know
you
can
tell
a
software
engineer
to
just
go:
leave
you
alone
for
a
bit
and
they
like
that
children
like
that,
a
lot
less
so
true.
C
True,
well,
I'm
sure
we'll
be
on
topic,
but
I
have
to
tell
this
story.
First,
I
had
an
essay
that
I
worked
with,
who
had
a
toddler
and
he
was
like
walking
around
in
his
house
with
his
computer
in
one
hand
and
his
kid
in
the
other,
and
we
saw
on
the
zoom
call
this
kid
just
like
roundhouse
like
rev
up
and
punch
him
in
the
face,
and
that's
the
last
thing
before
it
just
drops
to
the
ground
and
he
broke
his
work
laptop.
Oh
man,
it's
a
hazard.
B
A
Cell,
you
might
want
to
correct
your
I,
mean
I'm
I'm
down
with
all
the
sonotype
name
dropping,
but
you
might
want
to
adjust
that
for
your
own
sake.
A
The
the
dock
for
this
particular
call.
C
A
B
When
they,
when
the
teacher
comes
into
the
room,
everyone
goes
quiet
right.
F
E
Oh
all
right,
one
second.
E
C
B
I
can
add
some
coins
next
to
that
sorry,
I'm,
coming
from
a
bit
all
over
the
place
right
now,
yeah
I've
missed
these
calls
for
the
last
couple
weeks,
just
great
to
hear
an
update
on
what's
going
on
with,
with
all
things
all
things,
leadership
and
funding
approvals-
and
you
know
the
the
good
old,
shocking
cannon
firing
and
us
being
obviously
shock
doing
some
some
work
Beyond.
You
know
the
the
voluntary
scope
that
we've
got
here.
B
E
B
You
just
killed
the
question:
what's
the
latest
on
on
the
funding
approval
and
the
sign
off
of
the
plan
and
and
all
of
those
good
things.
E
Approval
right
now
is
on
hold
I
shared
it
with
omkar.
It's
been
shared
with
the
governance
committee
and
the
TAC
everything
around
the
mobilization
plan
is
kind
of
in
flux
at
the
moment
as
we
go
through
and
we're
doing
a
foundation-wide
audit
and
we're
working
through
omcar's
prioritization.
His
dream
is
going
to
be
that
the
mobilization
plan
evolves
into
the
five
of
The
Five-Year
Plan,
so
it'll
be
very
aspirational
things
and
we'll
have
things
like
the
security
tool
belt.
E
That
will
be
more
near-term
things
we
are
doing
and
we
will
do
in
the
next
12
24
months,
but
all
this
is
still
kind
of
in
flight
he's
having
a
meeting
with
his
staff
this
week,
I'm
surprised,
Dr,
Wheeler,
isn't
there,
where
they're
going
to
kind
of
walk
through
some
of
these
things
and
some
of
his
priorities,
but
right
now
there
is
no.
No
one
has
jumped
up
to
hand
us
a
pile
of
money.
E
Just
kind
of
on
hold
I
know
talking
with
omkar
he's
going
to
start
putting
his
2024
budget
together
and
in
september-ish
August
September
for
a
presentation
to
the
GB
I
believe
the
member
Summits
in
November.
A
E
That's
probably
our
best
chance
of
success.
If
we
need
some
money,
if
we
want
to
do
some
free
stuff,
we
can
start
right
now
and
again.
I
don't
have
to
be
on
the
call
to
do
the
free
stuff,
I.
D
Actually
have
some
updates
on
the
free
stuff,
yeah
yeah,
so
first
of
all,
I
found
the
course
that
you
were
looking
for
the
Newbie
course
like
intro
to
open
source.
Apparently
we
have
one.
However,
it
is
an
internal
staff
facing
course,
so
I
have
talked
to
Tim
about
getting
you
that
content,
because
he
thought
it
was
a
public-facing
course
and
we
can
switch
that
around.
But
there
needs
to
be
a
Content
audit,
because
a
lot
of
our
staff
facing
courses
could
use.
Let's
say
a
little
bit
of
help.
C
D
So
yeah
so
I'm,
I
I,
let
Clyde
know
and
I
let
Tim
know
and
they
were
gonna
fix
it
or
they
were
gonna
address
it
and
yeah,
but
Tim
like
I
I
need
to
work
with
Flavia
on
that
and
but
yeah
Crow.
That's
headed
your
way
because
we
do
have
like
an
introduction
like
what
like
what
it
is
to
be
a
maintainer,
how
you
could
get
started
like
yeah.
F
But
Randall
I
took
those
courses
about
a
year
and
a
half
two
years
ago.
They
definitely
needed
some
help.
A
lot
of
updates.
D
And
that's
not
that's,
being
very
liberalous
was
needed.
Some
help
by
the
way
yeah.
F
So
I
sent
in
I,
don't
know
40
pages
of
comments,
I
think
so
it
was
a
ridiculous
number.
Don't
quote
me
on
the
exact
number?
It
was
a
very
large
number
of
comments,
but
they
were
very,
very
specific
change
this
to
that
change.
This
to
that,
so
my
and
and
I'll
be
honest.
I
thought
that
those
were
public
so
I,
my
my
misunderstanding.
F
D
Basically,
some
of
them
are
like
summarizations
of
our
public
courses,
but,
like
I,
think
the
one
we're
talking
about
is
like
LF
I,
don't
know
it's
it's.
It
isn't
internally
facing
I
found
the
link
and
I
sent
it
to
Tim,
and
it
even
says
like
on
the
front
page
like
it's
a
it's
meant
for
LF
staff,
but
it's
pretty
much
exactly
what
we
wanted
in,
like
an
introduction
to
open
source,
so
they're,
okay,
I
did
talk
to
them.
F
Okay,
I
would
so
you
you
can't
have
an
ETA
I.
Imagine
but
I
mean
if
we
could,
if,
if
we
could
make
some
updates
and
make
them
public
I
mean
that
sounds
like
a
good
thing.
Yep.
D
Yep
and
then
the
other
update
I
have-
and
this
is
a
very
cool
update-
is
Tim
and
I
are
piloting
a
program
where
projects.
This
is
kind
of
somewhat
an
extension
of
Cassidy's
idea
that
she
brought
to
the
best.
D
Well,
we're
piloting
an
idea
of
a
platform
where
projects
are
cable
to
essentially
author,
their
own
courses
and
have
those
courses
like
pushed
to
a
certain
degree
by
LF
eight.
So
that
should
be
incoming
in
the
next
three
months.
E
Yeah
so
she's
actually
pinging
me
about
the
express
learning
classes,
right,
meow
and
I'm,
ignoring
her
because
I'm
here
with
all
you
and
I,
will
say
back
to
the
funding
idea
and
I
meet
with
omkar
once
a
week
and
in
our
conversations
he
is
a
little
perplexed
about
the
lack
of
drive
around
things
like
incident
response
and
education.
E
So
that's
something
that
is
near
and
dear
to
his
personal
heart
and
I
know
that
the
chair
of
the
governing
board
Jamie
from
IBM
former
educator,
very
strong
supporter
of
education.
So
we
have
a
lot
of
important,
interesting
people
that
support
the
idea
and
I
think
it's
just
a
matter
of
From
amkar's
perspective
trying
to
get
his
sea
legs
underneath
him
as
we
start
this
journey,
and
then
he
can
start
to
see
where
he
would
like
to
Point
some
additional
Focus
to
and
then
ideally
you
know,
we
have
our
plan.
It's
documented.
E
We
can
re-highlight
that
to
him,
but
as
we
have
other
ideas
like
some
of
the
stuff,
I've
talked
with
of
Eddie
or
Max,
who
had
the
potential
to
potentially
you
know,
submit
those
ideas
and
again
the
the
2024
budgeting
is
coming
up
soon.
So,
if
we
had
specific
smaller
things
are
outside
of
the
plan,
we
can
kind
of
have
those
waiting
in
the
wings,
as
things
start
to
firm
up.
F
Soon,
after
not
too
long
after
omkar
came
on
board,
he
and
I
talked,
and
he
expressed
an
interest
in
me
spending
being
spending
more
time
on
education,
because
my
time
is
something
my
time
is
divided
a
thousand
places,
but
I
can
certainly
focus
on
something
in
education.
I
mean
I've
done
that
before
delighted
to
do
it
again
and
just
Chrome
System
since
you're
here,
you
know
back
when
the
open
ssf
was
first
founded.
I
was
trying
to
show
up
at
every
working
group
everything
trying
to.
F
Man
I
still
do
that
and
but
I
I
think
how's.
This
I
want
to
be
at
everything,
but
perhaps
the
time
for
that
to
hey
having
somebody
else
to
try
to
pull
some
things
has
passed.
I
still
want
to
show
up
at
the
best
practices
work
in
group
meetings,
but
yeah
but
yeah,
but
you
know
perhaps
I
need
to
if
I
pull
back
on
some
meetings,
I
would
have
time
to
actually
do
other
things.
E
I
too,
will
be
reducing
scope
very
soon.
Trimming
out.
A
I
was
just
like
literally
just
complaining
about
this
to
somebody,
but
inside
of
finnos
the
project
that
I'm
a
maintainer
of
got
really
slogged
by
like
bureaucracy
and
trying
to
just
move
obstacles
to
work
to
the
point
where
we
went
from
having
20
person
calls
of
people
joining
and
saying
what
can
I
do
this
week
to
three
people
active
still
trying
to
clear
obstacles
two
years
later
right
and
that
kind
of
seems
like
the
trajectory
that
that
you
guys
are
discussing
right
now.
E
And
I'll
say:
Sal
I
value,
everybody's
contributions,
I
think
our
work
is
making
a
difference
like
you
know,
David
and
I
talked
about
the
best
practices
stuff
in
Vancouver,
and
we
got
a
lot
of
great
reaction
on
that.
So
the
what
we're
working
on
is
valuable.
We
just
need
to
find
ways
to
get
it
out
to
the
maintainers
to
get
using
it
and
then
to
get
the
the
backing
to.
C
Yeah
I
everybody,
nobody
I,
love
all
the
work.
Everyone
does
here,
it's
why
I'm
here
for
free,
but
it's
the
like.
The
whole
premise,
is
that
I
utilize
the
foundation
to
be
able
to
mobilize
information
right
some
marketing
and
solutions,
and
that
there's
got
to
be
some
way
to
stop
this
Gap
within
those
next
six
months.
Otherwise,
look
that
we're
doing
genuinely
just
won't
have
the
intent
that
it
has
by
working
with
the
Linux
Foundation.
F
Right
I
I
do
want
to
make
it
clear:
I'm
not
pulling
back
I'm
I'm,
just
saying
that
I
think
so
many
working
groups
are
now
active.
They
don't
need
me
specifically,
and
so
I
want
to
spend
more
I'm,
probably
going
to
be
spending
more
time
on
focused
projects
and
letting
the
other
other
folks
pick
up
that
ball,
which
is
great,
that's
not
a
complaint.
That's
that's
a
good
thing,
but
but
yeah
I
I,
we
don't
want
to
have
bureaucracies,
impede
the
work.
E
A
Okay,
okay,
so.
B
A
Previous
point
before
we
wrap
the
topic
of
the
LF
training,
I
didn't
give
an
update
to
the
whole
group,
so
I'll
start
from
square
one.
On
this,
so
I
run
the
cncf
secure,
Cloud
native
security
slam.
It's
something
that
Sal
helped
start
a
while
back
and
for
this
upcoming
year
we're
increasing
the
scope
of
it
and
the
reason
that
we're
increasing
the
scope
is
because
I
felt
like
it
would
be
a
good
opportunity
to
increase,
like
overlap
with
the
education
goals
here.
A
So
we're
increasing
the
target
goals
for
the
cncf
projects,
of
what
we're
asking
them
to
accomplish,
and
thereby
creating
stretch
goals
for
the
organizing
organizers
to
create
the
associated
educational
content,
to
equip
those
folks
to
do
the
things
they're
asking
them
to
do
in
the
area
of
supply
chain
security.
Provident.
You
know
all
that
and
as
part
of
that,
we
secured
an
agreement
to
create
four
express
learning
courses
they're
due
at
the
end
of
the
month
and
I,
wonder
if
I
can
I'm
just
going
to
Rattle
it
off
to
you.
A
The
four
courses
are
going
to
be
s-bombs
in
provenance,
automation,
so
kind
of
salsa,
related
stuff,
open,
SS,
open,
ssf
scorecard
just
outright,
and
then
security,
self-assessments
and
documentation
of
supply
chain
security
that
one's
a
little
bit
vague
for
me
to
explain
right
off
the
bat
right
here,
but
that's
the
fourth
one,
and
so
all
four
of
those
we're
going
to
be
creating
by
the
end
of
July,
and
they
are
intended
to
accomplish
education
goals,
while
also
a
complicate
accomplishing
the
other
stuff
that
I
mentioned
for
the
cncf.
A
Help
would
be
immensely
valued
right
now.
I
have
I,
guess,
I
could
I'll
drop
in
the
links
to
the
design
docs,
because
the
design
docs
for
all
four
are
getting
turned
in
today
and
I
only
have
one
other
volunteer
that
is
authoring
helping
to
author
a
course
and
the
the
other
three
are
going
to
be
finished
by
myself.
So
I'm
going
to
be
taking
the
outline
and
actually
turning
it
into
three
different
courses
and
then
Colin
Griffin
is
going
to
be
doing
the
rest.
A
If
anybody
wants,
if
anybody
sees
something
on
here
and
says
like
hey,
I
would
like
to
do
that.
Then
today
is
the
day
to
volunteer
because
I'm
turning
in
the
course
design
documents
and
those
need
to
have
the
author
attribution.
C
I
volunteer
as
tribute
on
the
documentation.
I
really
really
want
to
touch.
I
want
to
got
some
stuff
to
cover
there.
Okay,.
A
Yeah
that
one,
so
we
need
to
have
a
conversation
about
that
one,
because
that
one's
a
weird.
So
so,
yes,
absolutely.
C
F
Eddie,
that's
awesome.
I
have
some
materials
that
you
might
be
able
to
Big
borrow
steal
from
you
know,
for
the
for
the
score
card,
probe
and
I
have
given
a
presentation
and
will
again
the
slide
deck,
but
you
know
that
might
be
helpful
for
you
and,
of
course,
there's
the
course
on
developing
secure
software.
The
fundamentals
course
which
might
have
yeah
I,
don't
know
how
much
of
these
particular
topics
it's
going
to
cover
for
you,
maybe
for
the
security
self-assessments.
F
D
And
on
that
note,
David
I
did
talk
to
Tim
about
making
a
security
score
cards,
Express
learning,
so
we've
we've
thought
about
that
I
think
right
now
he
wanted
to
do
an
Express
learning
on
what
is
open,
ssf
and
I.
Think
that
was
one
of
his
main
focuses
is
just
getting
like
one
Express
learning
done
and
then
gauging
interest
on
that
and
then
going
from
there
on
different
things.
D
But
I
will
also
have
this
update.
That
Spyros
has
been
writing
an
Express
learning
about
opencre,
which
is
technically
an
open
ssf
project.
B
E
C
Yeah
I
want
to
make
a
note.
So
the
reason
why
we're
really
particular
and
when
I
say
we
I-
guess
not
me,
but
still
security
slab,
we're
particular
about
the
content
that
we
put
in
it,
because
it's
literally
like
we're
going
out
to
the
interventions
and
then
we
find
where
maintainers
have
gaps,
and
we
only
provide
the
information
they
need
right.
C
So
the
s-bombs
we
figured
out
because
no
one
knew
how
to
do
them
and
it
took
us
like
six
different
maintainer
teams
to
figure
it
out
yeah,
but
I
think
what's
going
to
be
really
valuable
about
that
is
coming
out
of
that
slam.
You're
gonna
have
a
good
amount
of
pragmatic
tools-based
documentation
for
maintainers,
so
make
sure
that
there's
an
additional
wrap
blog
for
that
tooling
chain
right,
because
it's
basically
right.
It's
a
practice.
It's
a
pragmatic
approach
to
getting
to
the
limit
of
that
Sterling
stool
chain
tool
chain
as
it
currently
exists.
E
I
will
I
got
an
update
from
our
intellers.
The
management
training
is
still
moving
forward.
We're
going
through
have
been
going
through
some
austerity
measures
based
off
the
global
economy,
and
that
has
reduced
some
head
count
internally,
which
has
impacted
people's
work.
E
So
when
they
gave
me
original
optimistic
estimates
now,
because
people
are
doing
additional
work,
they
have
less
time
to
devote
to
it,
but
it
is
still
moving
forward
and
there
is
a
back
catalog
of
other
items
that
I'll
be
donating,
so
it
some
point
in
the
near
future:
we'll
have
a
whole
new
instructor-led
class
to
look
at
and
start
to
shape
and
adjust
and
like
this
maintainer
class
from
the
LF
I
would
love
to
get
Christine
and
Jay's
Deni
group
taking
a
look
at
it
with
the
lens
of
trying
to
cultivate
new
contributors.
E
So
if
there's
additional
things,
we
need
to
add,
for
you
know,
technology,
newbies
or
career
Changers.
I
would
like
to
maybe
look
at
it
with
that
lens
as
well.
E
F
Crow,
this
is
really
I.
Think
for
you,
although
it's
useful
for
an
FYI.
One
of
the
feedbacks
we
got
on
the
fundamentals
course
is
that
they
wanted
to
have
a
little
more
variety
of
you
know.
Okay,
we
understand
why
you
don't
have
videos
all
over
because
they're
hard
to
edit,
but
at
least
you
know,
occasionally
break
it
up
a
little
bit
further,
so
I'm
going
to
slip
in
a
couple
of
video
introductions
and
krobe
you're
on
the
hook
for
for
one
like
60.
F
Right,
it's
basically
a
section
intros,
and
that
way
we
avoid
the
problem
of
well
certain
other
organization.
I'm
gonna
beat
on
here
because
I
don't
think
that's
fair,
but
certain
other
organizations
created
some
awesome,
video
content
and
then
updating
is
is
it
videos
is
expensive,
so
it
didn't
happen
and
very
quickly,
they
all
being
a
very
helpful.
F
F
I
I
I've
made
videos
for
for
my
own,
but
it
takes
time
is
the
problem.
It's
that
time.
C
But
yeah
I
think
composability
right.
It's
something
that
Randall's
been
thinking
a
lot
about
the
way
that
at
least
they're
building
their
content
and
I
do
appreciate
it.
D
We're
actually
overhauling
a
lot
of
things.
I
can't
talk
too
much
about
it,
but
all
all
contact
David,
because.
A
D
F
Well,
right
now
my
thinking
isn't
so
much
breaking
up,
as
in
section
intros,
but
I'm
happy
to
chat
about
all
these
things
we
had
earlier
talked
about
in
inserting
various
little
links
so
that
you
know
it
would
be
easier
to
bring
things
in
and
out
and
all
that
sort
of
stuff
and
as
far
as
I
know,
that's
still
in
the
plan.
I
just
haven't
heard
back
from
you
on
exactly
how
you
want
to
do
that.
D
Yeah
we're
moving
towards
a
like
we're
trying
to
figure.
It's
been
a
long
conversation
because
you
know
there's
a
lot
of
politics
in
the
LF
system
that
you
got
to
deal
with,
but
our
current
system
TI
live
severely
limits
us,
which
is
kind
of
what
we've
been
talking
about,
how
we
can
move
around
those
things
and
yeah,
and
also
we
currently
have
like
the
Easy
Button,
which
is
it
could
take
up
to
like
10
minutes,
sometimes
even
20
minutes
to
load
a
lab.
So
we
need
to
overhaul
that
in
LF
in
general,
but
yeah.
F
Wow
I
was
just
gonna,
go
downstairs
and
have
the
the
the
goose
puppet
in
the
background,
so
I.
E
And
I
guess
you
know
as
we're
moving
forward,
especially
into
like
this
budget
phase.
That's
coming
up
soon.
If
there
are
very
high
value
items
we
can
think
of
like
if
only
we
could
provide
X
or
Y,
and
we
had
some
viable
estimates
on.
You
know
what
it
would
take
for
volunteers
or
contractors
or
third
parties
or
whatever
it
might
take
to
achieve
that
kind
of
keep
that
in
mind.
E
Nothing's
off
the
table,
but
just
remember
in
this
strange
economic
environment
we're
in
there
isn't
going
to
be
a
lot
of
additional
money,
because,
right
now
our
budget
is
zero
dollars
and
David
Wheeler's
time,
probably
the
most
expensive
cost
foreign.
E
If
we
had
a
really
great,
if
only
we
could
go
to
developer
conferences
and
do
really
involved
application
security
CFT
and
that
and
that
would
solve
thousands
of
cdes,
you
know
and
make
it
come
up
with
a
reasonable
estimate
on
how
we
could
solve
that.
Let's,
let's
not
throw
that
idea
out,
let's
chat
about
it
and
see
if
we
can
massage
it
and
make
it
look.
Nice.
B
B
A
A
I
sonotype
we
created
a
workshop,
I
mean
it's.
We
created
the
outline
for
it.
We
ran
it
in
kcbc.
It
was
hard
to
stretch
out
to
four
hours
because
that's
how
long
the
kcdc
workshops
are.
A
But
we
ran
this
workshop
and
it's
it's
basically
like.
We
call
it
the
code
to
Cloud
security
Workshop.
So
it's
looking
at
software
security,
dependency
management
threat,
triaging,
secure,
CI,
you.
E
A
E
And
that's
definitely
another
tactic
we
could
do.
We
talked
about
you
know,
conferences
and
boot
camps
and
nonsense,
but
Workshop
is
another
completely
viable
way
and
I
think
being
that
there's,
probably
more
Hands-On
practicum.
Potentially,
that
is
much
more
valuable,
I
think
for
getting
some
of
the
developers
time.
A
Yeah
yeah,
that's
the
kind
of
stuff
that
I
I
have
a
hard
time
with
I,
also
like
I,
mostly
I'm,
mostly
like
trying
to
find
gaps
that
aren't
being
filled
or
theorized
around
so
like
I
wrote
an
entire
novel
that
explores
social
engineering
attacks,
DDOS
dependency
management,
vulnerability
in
AI
systems
and
all
this
kind
of
stuff.
And
it's
like
my
way
of
addressing
knowledge
gaps
but
I,
don't
know
how
any
of
these
ideas
I
have
actually
fit
into
the
education
plan,
so
I
just
I'm
just
doing
them
off
on
the
side.
D
Eddie
I
would
love
to
talk
to
you
about
Jim's
initiative,
because
that
might
be
a
good
platform
for
you,
because
that's
kind
of
why
it
was
built
or
is
being
built
yeah
and
you
already
know
Tim.
So
you
could
talk
to
Tim
about
this
as
well,
because
I'll
be
honest.
This
is
mostly
Tim's
idea
and
Cassidy
and
I
are
like
that
on.
You.
A
D
E
And
I
think
we
we
have
a
lot
of
great
ideas
and
I
feel
we
need
to
invest
some
time
in
thinking
about
how
to
get
the
ideas
and
content
under
the
hands
of
developers.
More
and
I
know
that,
like
travel,
is
very
expensive
I'm
going
through
the
exercise
of
petitioning
to
have
funding
to
go
to
Spain,
but
we
probably
should
maybe
for
2024
plan.
You
know
pick
three
conferences
and
pick
a
couple
pieces
of
content
and
try
it
very
hard
to
get
out
there
to
get
this
out
into
the
hands
of
the
community.
I.
E
I'm
going
to
Bilbao
no
matter
what
I
I'm
going
on
vacation
the
week
after
so
I
have
just
bought
my
hotel
for
the
conference
this
week
and
I
have
the
whole
next
week.
Plan
now
I
just
need
to
get
there.
That's.
A
E
And
things
like
open
ssf
day
itself
is
okay
and
we
don't
get
a
lot
of
external
maintainers,
so
it,
but
it's
very
nice
to
help
connect
our
community
of
people
that
show
up,
but
I
would
like
to
potentially
maybe
be
more
strategic
like
the
next
next
year's
Summits.
How
do
we
get
our
content
out
into
the
cloud
native
security
conference
into
the
Linux
security
conference
and
go
out
there
and
do
presentations
about
all
of
our
different,
exciting
projects
and
artifacts?
Well,.
F
F
D
D
E
E
I
got
no
like
part
of
the
vulnerability
disclosure
working
group.
The
hyper
Ledger
folks
showed
up
and
they
wanted
help
with
their
security
policy.
So
I
sat
down
for
half
hour
and
just
gave
them
feedback
like
you
should
consider
this.
Have
you
thought
about
that?
What
do
you
do
about
this
and
like
the
dude
was
like
responding
at
two
in
the
morning
last
night,.