►
From YouTube: Education SIG (July 12, 2023)
Description
Agenda – https://docs.google.com/document/d/18GBwvQJNcPnwxKrnp43DhBZC7K1JM0xzGkDoKh5mu8U/edit#
Slack – https://openssf.slack.com/archives/C03FW3YGXH9
Mailing List – https://lists.openssf.org/g/openssf-sig-education
Git Repo - https://github.com/ossf/education
C
B
D
I
actually
had
a
really
bad
stomach
infection
that
used
to
get
me
up
at
like
4
a.m.
No
matter
what
for
like
a
couple
of
years
and
then
since
then,
it
just
became
habit
and
now
I
have
to
because,
like
after
this
call,
I
have
like
a
seven
hour.
Trainer
like
I
have
to
train
a
trainer
for
pie
torch.
So
it
allows
me
to
get
some
stuff
done,
because
I
also
have
to
manage
a
group
of
children
all
day.
A
C
True,
well,
I'm
sure
we'll
be
on
topic,
but
I
have
to
tell
this
story.
First,
I
had
an
essay
that
I
worked
with,
who
had
a
toddler
and
he
was
like
walking
around
in
his
house
with
his
computer
in
one
hand
and
his
kid
in
the
other,
and
we
saw
on
the
zoom
call
this
kid
just
like
roundhouse
like
rev
up
and
punch
him
in
the
face,
and
that's
the
last
thing
before
it
just
drops
to
the
ground
and
he
broke
his
work
laptop.
Oh
man,
it's
a
hazard.
B
C
A
F
E
C
B
I
can
add
some
coins
next
to
that
sorry,
I'm,
coming
from
a
bit
all
over
the
place
right
now,
yeah
I've
missed
these
calls
for
the
last
couple
weeks,
just
great
to
hear
an
update
on
what's
going
on
with,
with
all
things
all
things,
leadership
and
funding
approvals-
and
you
know
the
the
good
old,
shocking
cannon
firing
and
us
being
obviously
shock
doing
some
some
work
Beyond.
You
know
the
the
voluntary
scope
that
we've
got
here.
B
E
E
Approval
right
now
is
on
hold
I
shared
it
with
omkar.
It's
been
shared
with
the
governance
committee
and
the
TAC
everything
around
the
mobilization
plan
is
kind
of
in
flux
at
the
moment
as
we
go
through
and
we're
doing
a
foundation-wide
audit
and
we're
working
through
omcar's
prioritization.
His
dream
is
going
to
be
that
the
mobilization
plan
evolves
into
the
five
of
The
Five-Year
Plan,
so
it'll
be
very
aspirational
things
and
we'll
have
things
like
the
security
tool
belt.
E
That
will
be
more
near-term
things
we
are
doing
and
we
will
do
in
the
next
12
24
months,
but
all
this
is
still
kind
of
in
flight
he's
having
a
meeting
with
his
staff
this
week,
I'm
surprised,
Dr,
Wheeler,
isn't
there,
where
they're
going
to
kind
of
walk
through
some
of
these
things
and
some
of
his
priorities,
but
right
now
there
is
no.
No
one
has
jumped
up
to
hand
us
a
pile
of
money.
A
E
D
Actually
have
some
updates
on
the
free
stuff,
yeah
yeah,
so
first
of
all,
I
found
the
course
that
you
were
looking
for
the
Newbie
course
like
intro
to
open
source.
Apparently
we
have
one.
However,
it
is
an
internal
staff
facing
course,
so
I
have
talked
to
Tim
about
getting
you
that
content,
because
he
thought
it
was
a
public-facing
course
and
we
can
switch
that
around.
But
there
needs
to
be
a
Content
audit,
because
a
lot
of
our
staff
facing
courses
could
use.
Let's
say
a
little
bit
of
help.
C
D
So
yeah
so
I'm,
I
I,
let
Clyde
know
and
I
let
Tim
know
and
they
were
gonna
fix
it
or
they
were
gonna
address
it
and
yeah,
but
Tim
like
I
I
need
to
work
with
Flavia
on
that
and
but
yeah
Crow.
That's
headed
your
way
because
we
do
have
like
an
introduction
like
what
like
what
it
is
to
be
a
maintainer,
how
you
could
get
started
like
yeah.
F
F
So
I
sent
in
I,
don't
know
40
pages
of
comments,
I
think
so
it
was
a
ridiculous
number.
Don't
quote
me
on
the
exact
number?
It
was
a
very
large
number
of
comments,
but
they
were
very,
very
specific
change
this
to
that
change.
This
to
that,
so
my
and
and
I'll
be
honest.
I
thought
that
those
were
public
so
I,
my
my
misunderstanding.
F
D
Basically,
some
of
them
are
like
summarizations
of
our
public
courses,
but,
like
I,
think
the
one
we're
talking
about
is
like
LF
I,
don't
know
it's
it's.
It
isn't
internally
facing
I
found
the
link
and
I
sent
it
to
Tim,
and
it
even
says
like
on
the
front
page
like
it's
a
it's
meant
for
LF
staff,
but
it's
pretty
much
exactly
what
we
wanted
in,
like
an
introduction
to
open
source,
so
they're,
okay,
I
did
talk
to
them.
F
D
D
E
So
that's
something
that
is
near
and
dear
to
his
personal
heart
and
I
know
that
the
chair
of
the
governing
board
Jamie
from
IBM
former
educator,
very
strong
supporter
of
education.
So
we
have
a
lot
of
important,
interesting
people
that
support
the
idea
and
I
think
it's
just
a
matter
of
From
amkar's
perspective
trying
to
get
his
sea
legs
underneath
him
as
we
start
this
journey,
and
then
he
can
start
to
see
where
he
would
like
to
Point
some
additional
Focus
to
and
then
ideally
you
know,
we
have
our
plan.
It's
documented.
E
We
can
re-highlight
that
to
him,
but
as
we
have
other
ideas
like
some
of
the
stuff,
I've
talked
with
of
Eddie
or
Max,
who
had
the
potential
to
potentially
you
know,
submit
those
ideas
and
again
the
the
2024
budgeting
is
coming
up
soon.
So,
if
we
had
specific
smaller
things
are
outside
of
the
plan,
we
can
kind
of
have
those
waiting
in
the
wings,
as
things
start
to
firm
up.
F
Soon,
after
not
too
long
after
omkar
came
on
board,
he
and
I
talked,
and
he
expressed
an
interest
in
me
spending
being
spending
more
time
on
education,
because
my
time
is
something
my
time
is
divided
a
thousand
places,
but
I
can
certainly
focus
on
something
in
education.
I
mean
I've
done
that
before
delighted
to
do
it
again
and
just
Chrome
System
since
you're
here,
you
know
back
when
the
open
ssf
was
first
founded.
I
was
trying
to
show
up
at
every
working
group
everything
trying
to.
F
Man
I
still
do
that
and
but
I
I
think
how's.
This
I
want
to
be
at
everything,
but
perhaps
the
time
for
that
to
hey
having
somebody
else
to
try
to
pull
some
things
has
passed.
I
still
want
to
show
up
at
the
best
practices
work
in
group
meetings,
but
yeah
but
yeah,
but
you
know
perhaps
I
need
to
if
I
pull
back
on
some
meetings,
I
would
have
time
to
actually
do
other
things.
E
And
I'll
say:
Sal
I
value,
everybody's
contributions,
I
think
our
work
is
making
a
difference
like
you
know,
David
and
I
talked
about
the
best
practices
stuff
in
Vancouver,
and
we
got
a
lot
of
great
reaction
on
that.
So
the
what
we're
working
on
is
valuable.
We
just
need
to
find
ways
to
get
it
out
to
the
maintainers
to
get
using
it
and
then
to
get
the
the
backing
to.
C
Yeah
I
everybody,
nobody
I,
love
all
the
work.
Everyone
does
here,
it's
why
I'm
here
for
free,
but
it's
the
like.
The
whole
premise,
is
that
I
utilize
the
foundation
to
be
able
to
mobilize
information
right
some
marketing
and
solutions,
and
that
there's
got
to
be
some
way
to
stop
this
Gap
within
those
next
six
months.
Otherwise,
look
that
we're
doing
genuinely
just
won't
have
the
intent
that
it
has
by
working
with
the
Linux
Foundation.
F
Right
I
I
do
want
to
make
it
clear:
I'm
not
pulling
back
I'm
I'm,
just
saying
that
I
think
so
many
working
groups
are
now
active.
They
don't
need
me
specifically,
and
so
I
want
to
spend
more
I'm,
probably
going
to
be
spending
more
time
on
focused
projects
and
letting
the
other
other
folks
pick
up
that
ball,
which
is
great,
that's
not
a
complaint.
That's
that's
a
good
thing,
but
but
yeah
I
I,
we
don't
want
to
have
bureaucracies,
impede
the
work.
E
B
A
Previous
point
before
we
wrap
the
topic
of
the
LF
training,
I
didn't
give
an
update
to
the
whole
group,
so
I'll
start
from
square
one.
On
this,
so
I
run
the
cncf
secure,
Cloud
native
security
slam.
It's
something
that
Sal
helped
start
a
while
back
and
for
this
upcoming
year
we're
increasing
the
scope
of
it
and
the
reason
that
we're
increasing
the
scope
is
because
I
felt
like
it
would
be
a
good
opportunity
to
increase,
like
overlap
with
the
education
goals
here.
A
So
we're
increasing
the
target
goals
for
the
cncf
projects,
of
what
we're
asking
them
to
accomplish,
and
thereby
creating
stretch
goals
for
the
organizing
organizers
to
create
the
associated
educational
content,
to
equip
those
folks
to
do
the
things
they're
asking
them
to
do
in
the
area
of
supply
chain
security.
Provident.
You
know
all
that
and
as
part
of
that,
we
secured
an
agreement
to
create
four
express
learning
courses
they're
due
at
the
end
of
the
month
and
I,
wonder
if
I
can
I'm
just
going
to
Rattle
it
off
to
you.
A
Help
would
be
immensely
valued
right
now.
I
have
I,
guess,
I
could
I'll
drop
in
the
links
to
the
design
docs,
because
the
design
docs
for
all
four
are
getting
turned
in
today
and
I
only
have
one
other
volunteer
that
is
authoring
helping
to
author
a
course
and
the
the
other
three
are
going
to
be
finished
by
myself.
So
I'm
going
to
be
taking
the
outline
and
actually
turning
it
into
three
different
courses
and
then
Colin
Griffin
is
going
to
be
doing
the
rest.
A
C
A
C
F
Eddie,
that's
awesome.
I
have
some
materials
that
you
might
be
able
to
Big
borrow
steal
from
you
know,
for
the
for
the
score
card,
probe
and
I
have
given
a
presentation
and
will
again
the
slide
deck,
but
you
know
that
might
be
helpful
for
you
and,
of
course,
there's
the
course
on
developing
secure
software.
The
fundamentals
course
which
might
have
yeah
I,
don't
know
how
much
of
these
particular
topics
it's
going
to
cover
for
you,
maybe
for
the
security
self-assessments.
F
D
And
on
that
note,
David
I
did
talk
to
Tim
about
making
a
security
score
cards,
Express
learning,
so
we've
we've
thought
about
that
I
think
right
now
he
wanted
to
do
an
Express
learning
on
what
is
open,
ssf
and
I.
Think
that
was
one
of
his
main
focuses
is
just
getting
like
one
Express
learning
done
and
then
gauging
interest
on
that
and
then
going
from
there
on
different
things.
D
B
E
C
Yeah
I
want
to
make
a
note.
So
the
reason
why
we're
really
particular
and
when
I
say
we
I-
guess
not
me,
but
still
security
slab,
we're
particular
about
the
content
that
we
put
in
it,
because
it's
literally
like
we're
going
out
to
the
interventions
and
then
we
find
where
maintainers
have
gaps,
and
we
only
provide
the
information
they
need
right.
C
So
the
s-bombs
we
figured
out
because
no
one
knew
how
to
do
them
and
it
took
us
like
six
different
maintainer
teams
to
figure
it
out
yeah,
but
I
think
what's
going
to
be
really
valuable
about
that
is
coming
out
of
that
slam.
You're
gonna
have
a
good
amount
of
pragmatic
tools-based
documentation
for
maintainers,
so
make
sure
that
there's
an
additional
wrap
blog
for
that
tooling
chain
right,
because
it's
basically
right.
It's
a
practice.
It's
a
pragmatic
approach
to
getting
to
the
limit
of
that
Sterling
stool
chain
tool
chain
as
it
currently
exists.
E
E
E
F
Crow,
this
is
really
I.
Think
for
you,
although
it's
useful
for
an
FYI.
One
of
the
feedbacks
we
got
on
the
fundamentals
course
is
that
they
wanted
to
have
a
little
more
variety
of
you
know.
Okay,
we
understand
why
you
don't
have
videos
all
over
because
they're
hard
to
edit,
but
at
least
you
know,
occasionally
break
it
up
a
little
bit
further,
so
I'm
going
to
slip
in
a
couple
of
video
introductions
and
krobe
you're
on
the
hook
for
for
one
like
60.
F
Right,
it's
basically
a
section
intros,
and
that
way
we
avoid
the
problem
of
well
certain
other
organization.
I'm
gonna
beat
on
here
because
I
don't
think
that's
fair,
but
certain
other
organizations
created
some
awesome,
video
content
and
then
updating
is
is
it
videos
is
expensive,
so
it
didn't
happen
and
very
quickly,
they
all
being
a
very
helpful.
F
C
D
A
D
F
Well,
right
now
my
thinking
isn't
so
much
breaking
up,
as
in
section
intros,
but
I'm
happy
to
chat
about
all
these
things
we
had
earlier
talked
about
in
inserting
various
little
links
so
that
you
know
it
would
be
easier
to
bring
things
in
and
out
and
all
that
sort
of
stuff
and
as
far
as
I
know,
that's
still
in
the
plan.
I
just
haven't
heard
back
from
you
on
exactly
how
you
want
to
do
that.
D
Yeah
we're
moving
towards
a
like
we're
trying
to
figure.
It's
been
a
long
conversation
because
you
know
there's
a
lot
of
politics
in
the
LF
system
that
you
got
to
deal
with,
but
our
current
system
TI
live
severely
limits
us,
which
is
kind
of
what
we've
been
talking
about,
how
we
can
move
around
those
things
and
yeah,
and
also
we
currently
have
like
the
Easy
Button,
which
is
it
could
take
up
to
like
10
minutes,
sometimes
even
20
minutes
to
load
a
lab.
So
we
need
to
overhaul
that
in
LF
in
general,
but
yeah.
E
And
I
guess
you
know
as
we're
moving
forward,
especially
into
like
this
budget
phase.
That's
coming
up
soon.
If
there
are
very
high
value
items
we
can
think
of
like
if
only
we
could
provide
X
or
Y,
and
we
had
some
viable
estimates
on.
You
know
what
it
would
take
for
volunteers
or
contractors
or
third
parties
or
whatever
it
might
take
to
achieve
that
kind
of
keep
that
in
mind.
E
If
we
had
a
really
great,
if
only
we
could
go
to
developer
conferences
and
do
really
involved
application
security
CFT
and
that
and
that
would
solve
thousands
of
cdes,
you
know
and
make
it
come
up
with
a
reasonable
estimate
on
how
we
could
solve
that.
Let's,
let's
not
throw
that
idea
out,
let's
chat
about
it
and
see
if
we
can
massage
it
and
make
it
look.
Nice.
B
B
A
A
A
E
A
E
And
that's
definitely
another
tactic
we
could
do.
We
talked
about
you
know,
conferences
and
boot
camps
and
nonsense,
but
Workshop
is
another
completely
viable
way
and
I
think
being
that
there's,
probably
more
Hands-On
practicum.
Potentially,
that
is
much
more
valuable,
I
think
for
getting
some
of
the
developers
time.
A
Yeah
yeah,
that's
the
kind
of
stuff
that
I
I
have
a
hard
time
with
I,
also
like
I,
mostly
I'm,
mostly
like
trying
to
find
gaps
that
aren't
being
filled
or
theorized
around
so
like
I
wrote
an
entire
novel
that
explores
social
engineering
attacks,
DDOS
dependency
management,
vulnerability
in
AI
systems
and
all
this
kind
of
stuff.
And
it's
like
my
way
of
addressing
knowledge
gaps
but
I,
don't
know
how
any
of
these
ideas
I
have
actually
fit
into
the
education
plan,
so
I
just
I'm
just
doing
them
off
on
the
side.
D
Eddie
I
would
love
to
talk
to
you
about
Jim's
initiative,
because
that
might
be
a
good
platform
for
you,
because
that's
kind
of
why
it
was
built
or
is
being
built
yeah
and
you
already
know
Tim.
So
you
could
talk
to
Tim
about
this
as
well,
because
I'll
be
honest.
This
is
mostly
Tim's
idea
and
Cassidy
and
I
are
like
that
on.
You.
A
D
E
And
I
think
we
we
have
a
lot
of
great
ideas
and
I
feel
we
need
to
invest
some
time
in
thinking
about
how
to
get
the
ideas
and
content
under
the
hands
of
developers.
More
and
I
know
that,
like
travel,
is
very
expensive
I'm
going
through
the
exercise
of
petitioning
to
have
funding
to
go
to
Spain,
but
we
probably
should
maybe
for
2024
plan.
You
know
pick
three
conferences
and
pick
a
couple
pieces
of
content
and
try
it
very
hard
to
get
out
there
to
get
this
out
into
the
hands
of
the
community.
I.
E
A
E
And
things
like
open
ssf
day
itself
is
okay
and
we
don't
get
a
lot
of
external
maintainers,
so
it,
but
it's
very
nice
to
help
connect
our
community
of
people
that
show
up,
but
I
would
like
to
potentially
maybe
be
more
strategic
like
the
next
next
year's
Summits.
How
do
we
get
our
content
out
into
the
cloud
native
security
conference
into
the
Linux
security
conference
and
go
out
there
and
do
presentations
about
all
of
our
different,
exciting
projects
and
artifacts?
Well,.
F
F
D
D
E
E
I
got
no
like
part
of
the
vulnerability
disclosure
working
group.
The
hyper
Ledger
folks
showed
up
and
they
wanted
help
with
their
security
policy.
So
I
sat
down
for
half
hour
and
just
gave
them
feedback
like
you
should
consider
this.
Have
you
thought
about
that?
What
do
you
do
about
this
and
like
the
dude
was
like
responding
at
two
in
the
morning
last
night,.