►
From YouTube: Education SIG (June 28, 2023)
Description
Agenda – https://docs.google.com/document/d/18GBwvQJNcPnwxKrnp43DhBZC7K1JM0xzGkDoKh5mu8U/edit#
Slack – https://openssf.slack.com/archives/C03FW3YGXH9
Mailing List – https://lists.openssf.org/g/openssf-sig-education
Git Repo - https://github.com/ossf/education
A
A
A
A
C
A
All
right,
if
anyone
has
any
additional
items,
they'd
like
to
talk
about,
please
add
that
to
the
open
section
of
the
agenda.
I
see
that
our
friend
Randall
has
arrived
from
sunny
California
Randall,
put
an
item
in
the
best
practices
working
group.
We
had
a
young
lady
from
LF
education,
Cassidy
she's,
an
instructional
designer
she
came
and
talked
to
us
about
an
effort
she's
going
through
about
making
accelerated
classes
and
she's
going
to
be
making
classes
focused
around
the
open
ssf
and
some
of
the
working
groups
and
Randall
has
some
things.
D
And
I
also
have
something
else
as
well:
I
I
added
the
stuff
for
the
best
practices
and
best
practices
when
I
was
what
I
was
gonna
say
about
best
practices.
C
D
That
we're
currently
looking
for
an
open,
ssf,
Express
learning
course
and
also
an
alpha
omega
expert,
not
learning
course
Express.
Learning,
sorry
I,
just
literally
like
rolled
out
of
bed,
so.
D
So
Express
learning
open,
ssf
and
Alpha
Omega
they're,
also
looking
for
a
Sig
store,
one
I
think
as
far
as
that.
That's
as
far
as
we
want
to
go
right
now
and
see
how
that
goes
and
go
from
there.
D
A
And
you're,
looking
for
like
an
intro
to
the
best
practices
working
group.
D
Intro
to
open
ssf
in
general,
it
would
be
more
of
a
generalized
thing.
I
know
that
we
talked
about
potentially
having
one
for
each
working
group
Tim's
not
crazy
about
that
idea,
because
he
thinks
that
it'll
be
too
difficult
to
maintain,
and
he
was
the
one
that
told
me
he
would
prefer
to
keep
it
to
like
right
now.
Unexpressed
learning,
which
is
supposed
to
be
like
a
90-minute
course
tops
like
something
you
could
do
in
like
lunchtime
and
give
you
kind
of
like
what
you
need
to
know.
D
I
I
just
had
that
update
I,
don't
I
mean
I
think
that
we
should
probably
talk
with
the
best
practices
working
group
about
that
I
do
have
something
else
that
was
discussed
yesterday,
which
is
the
LF
is
going
to
be
starting
a
new
effort
into
working
with,
like
Defcon
and
black
hat,
and
people
like
that
in
the
terms
of
offering
kind
of
different
content
than
what
we
have
right
now
on
our
blog,
because
what
we
have
right
now
on
our
blog
is
very
corporate
and
pretty
much
all
of
our
Outreach
efforts
are
very
corporate
based.
D
So
a
few
things
have
happened
where
now
we
can
explore
a
different
avenue
of
cyber
security,
which
is
kind
of
more
the
bug,
Bounty
Hunter
researcher
aspect,
and
what
we're
planning
to
do?
How
we're
planning
to
engage
this
is
kind
of
create
a
separate
blog
that'll
still
be
under
LF.
D
So
I
also
wanted
to
talk
about
that
because
I
don't
know,
if
that's
the
interest
of
this
group,
but
if
it
is,
we
were
looking
for
people
that
would
like
to
contribute
content
and
things
of
that
nature.
A
D
Basically,
right
now
we're
just
looking
to
like
base
get
a
foothold
in
that
space.
A
lot
of
people
in
that
space
are
not
exactly
clear
on
what
the
LF
is
or
does,
or
even
what
openssf
does
and
how
it
all
affects
cyber
security.
So
that's
one
of
the
main
reasons
that
we're
doing
it
is
to
kind
of
be
able
to
engage
with
that
party
of
people.
D
That
group
of
folks
I
know
that
we've
had
Max
in
the
past
from
a
major
league.
Hacking
I
thought
he
might
be
somebody
we
could
talk
to
I
think
they
also
were
talking
to
somebody
else,
but
yeah,
but,
as
I
said,
the
whole
ideology
is
that
trying
to
get
more
of
a
foot
space
in
well
there.
We
call
it
the
other
side
of
cyber
security
and
in
the
meeting
we
just
felt
that
currently
The
Branding
and
the
Outreach
that
we
have
is
just
not
really
oriented
towards
those
group
of
people.
D
E
Yeah
no
I
think
that's
a
good
point,
so
I
want
to
clear
I,
hear
two
kind
of
clear
personas
and
what
you're
stating
so
the
one
like
that
other
group
of
people-
that's
infosec,
right
and
I-
do
think
that
we
should
have
more
of
an
engagement
around
those
resources
in
that
education
and
let
corporate
developers
understand
infosec
is
on
their
computer
or
they're
already
facing
it.
If
they
don't
realize
it
right.
E
E
Second
I
have
been
having
conversations
that
I
think
are
going
to
continue
that
align
really
well
around,
like
major
league
hacking
and
to
some
degree
like
open
UK,
all
these
other
non-lf
groups
in
open
source
that
might
be
able
to
contribute
to
a
sort
of
like
shared
project
like
chaos
project
as
well.
E
All
of
these
good
good
groups
coordinating
around
what
it
looks
like
have
the
student
profile
or
the
entering
profile
of
like
how
do
you
engage
on
your
open
source
projects
and
where
is
there
a
maintainer
pathway
that
we
can
statistically
see
so
that
we
can
take
those
lessons
and
bring
them
back
specifically
to
ossf
my
argument
being
there
that
we
don't
want
to
be
doing
any
extra
work
and
collecting
extra
data?
If
someone
already
has
like
made
a
wheel
right,
just
put
them
together
and
make
a
bike.
E
So
in
this
case
we
might
get
the
data
and
if
we
do
I
think
what
that
allows
us
to
do
is
really
really
Target.
That
student
profile
really
really
able
to
show
and
I'm
getting
a
little
off
here.
But
I
want
to
be
able
to
show
not
just
like
here's,
the
sigs,
but
like
here's,
the
sigs
and
the
style
of
open
source
project
that
you
engage
with
in
order
to
have
a
maintainer
career
so
that
we
can
have
them.
E
We
want
to
I
guess
my
final
point
and
I
will
stop
taking
up
the
time.
My
final
Point
here
is
what
I
was
trying
to
say.
My
LF
is
getting
on
board.
Is
that
as
we
do
the
cyber
security
immobilization,
we
should
be
seeing
an
Infuse
of
hireable
developers
and
cyber
security.
Unlike
what
we've
seen
ever
before
in
cyber
security,
it
should
inherently
be
more
diverse
than
anything
else.
We've
ever
seen
in
cyber
security
and
I'm
excited
for
those
stats.
That's
why
I'll
stop.
A
Speaking
so,
what
I
heard
Sal
is
three
personas
that
might
benefit
from
this
additional
LF
attention,
so
classic
infosec
your
student
and
your
new
developer
Persona
and
then
the
original
Persona
that
I
think
Randall
was
originally
targeting,
like
Bug
Hunter
security
researcher.
D
Let
me
also
point
this
out
Pro
that
this
is
also
important,
so
the
LF
has
been
doing
a
little
bit
of
research
on
our
Outreach
and
our
blogs
and
how
effective
they
are
and
there's
a
common
point
about
how
the
information
that
we
put
out
is
very
informative,
but
we're
never
Hands-On.
So
that's
also
one
of
the
things
that
this
blog
tries
is
going
to
try
to
handle
and
try
to
be
a
little
bit
more
Community
focused
is
we're
going
to
actually
try
to
be
Hands-On.
D
D
A
lot
of
content
is
going
to
come
from
that,
so
that
people
can
see
that
we
are
actually
Hands-On
that
we
just
don't
speak,
and
a
lot
of
people
also
think
that
we're
a
huge
bureaucracy-
and
that's
also
another
thing
that
we're
trying
to
address
here,
because
you
know
the
infosec
community
has
a
lot
of
opinions
about
LF,
so
yeah.
F
D
So
yeah,
but
but
yeah
so
I
just
wanted
to
say
that,
because
that
that's
another
thing
that
we're
going
to
be
starting
up
taking
ideas
as
far
as
how
we
can
do
this,
what
content
would
be
useful
and
yeah
I'm,
currently
working
with
Mary
and
Scott
over
at
LF
Outreach,
which
is
I,
guess
our
the
main
Outreach
group,
but
yeah
and
yeah.
D
A
To
open
source,
so
two
things
first
off
I
would
ask
the
group
you
know:
do.
Are
you
personally
or
are
you
aware
of
people
within
your
organizations
that
might
be
interested
in
contributing
some
of
these
more
detailed,
focused,
targeted
blogs
to
help
Randall
with
his
effort,
if
so
reach
out
to
Randall
in.
C
A
Emails
and
whatnot
and
then
secondarily
Randall
I,
know
all
the
people
that
run
a
another
industry
group
called
The
Bug
Bounty
community
of
Interest,
so
all
of
the
vendor
bug
Bounty
programs.
So
if
you're
interested
to
hear
how
commercial
vendors
work
with
an
approach,
security,
researchers
I'd
be
glad
to
make
a
connection
and
then
secondarily
to
that
part,
the
the
woman
that
runs
that
community
of
Interest
also
runs
our
Intel
bug
Bounty
program
and
she
has
done
they've
done
a
significant
amount
of
work
courting
and
engaging
with
security
researchers
in
our
silicon
space.
A
So
if
you
are
looking
for
ways
to
specifically
engage
security,
researchers,
I
could
arrange
a
call
with
her
if
you
wanted
to
just
kind
of
talk
about
tips
and
tricks
and
kind
of
what
they've
learned
and
kind
of
engaging
with
the
assorted
researchers
in
our
space
and
I'll
give
you
a
link.
They
have
a
new
piece
of
nonsense:
a
project
circuit
breaker,
which
has
gotten
a
lot
of
accolades
from
the
research
Community.
A
D
Absolutely
I
mean
right
now:
I'll
say
that
our
main
focus
is
Outreach
just
because
we're
trying
to
maximize
what
we
sources
we
currently
have
in
play
at
LF.
Obviously,
the
economy
has
affected
everyone,
so
it's
affected
us
as
well.
So
that's.
Why,
like
right,
now
we're
really
looking
at
like
what
is
effective.
What
isn't
and
the
reality
is,
is
that
our
Outreach
efforts
are
great
at
a
corporate
level,
not
so
great
at
a
community
level
or
like
hacker
Hands-On
level,
so
yeah,
but
yeah,
absolutely
Pro
any
any
help.
Yeah
much
appreciated.
A
I
mean
I'm
glad
to
brokered
introduction,
not
about
setting
up
a
bug
Bounty
but
like
specifically
engaging
with
security
researchers.
They
have
a
very
unique
perspective
and
there's
some
lessons
learned:
I
think
that
can
be
shared
yeah.
G
Yeah,
so
I
actually
got
a
lead
a
little
while
back
the
mediac
miter,
where
my
understanding
is
that
the
US
government
has
some
of
these
courses
like
this,
that
they
might
actually
be
willing
to
share
as
well.
So
don't
don't
count
all
those
chickens
before
they
hatch,
but
I
am
at
least
trying
to
see
what
I
can
shake
out
from
some
of
these
things.
G
So
anyway,
so
keep
going
going.
Don't
assume
if
anything
will
happen
there,
but
I
am
trying
to
shake
some
trees
when
I
find
out
there's
a
tree.
G
E
Yeah,
first
off,
it's
not
chickens.
In
this
case
it
would
specifically
be
eagle
eggs
second
I'm
trying
to
find
and
when
I
find
it
it'll
come
off
the
I'm.
So
bad
with
like
because
all
these
Chris
like
kranowski,
does
a
lot
of
security.
F
A
A
All
right:
well,
if
you
are
interested
in
these
topics,
please
reach
out
via
the
slack
Channel
or
reach
out
to
Randall
direct.
We
would
love
to
continue
that
conversation.
Does
anyone
have
any
other
open
issues
they'd
like
to
discuss
today
about
the
education
Sig.
E
I
just
have
one
sort
of
like
question
comment
and
it's
it's
really
just
a
feel
because
I
don't
know
how
this
would
work
through
Linux
Foundation,
but
for
my
own
topics
and
when
I
try
to
delve
around
stuff
and
I'm
thinking
of
this,
particularly
for
like
getting
information
about
cigs,
I
love,
doing
like
500
bucks
of
rewards
on
like
hacker
noon
or
a
profile
like
that
and
having
people
write
blogs
and
then
you
just
rate
the
best
blogs.
E
I
think
that's
a
really
nice
view
to
generate
Community
content
in
a
way
that
values
people's
time.
In
a
way
that's
cost
to
pitch.
You
know
up
front
waiting,
I,
don't
know,
I,
think
that
might
be
something
because
I'm
still
we're
all
looking
at
the
problem
that,
like
those
working
groups,
are
mostly
rental
maintainers
and
they
don't
want
to
be
doing
documentation
on
documentation
right.
So
just
a
thought.
F
So
a
thought,
a
thought
is
leveraging.
Universities
and
the
communication
and
English
departments
are
folks
that
are
interested
in
becoming
technical
writers,
maybe
providing
a
way
for
them
to,
because
that's
a
common
one
that
I
get
a
lot
is
like
I
just
want
to
be
a
writer
but
I
want
to
write.
You
know
sex
space
where
do
I
get
started.
I'm
like
come
to
open
ssf.
F
We
have
tons
of
documentation,
nobody
wants
to
write
but
I
think
finding
a
way
to
hit
those
different
groups,
and
maybe
universities
or
folks
that
are
outside
as
writers
could
be
a
way
to
overcome
those
lovely
documentation
about
this.
A
A
Okie
dokie:
well,
if
you
have
anything
you
want
to
engage
with
the
group,
we
have
our
mailing
list.
We
have
the
slack
channel.
We
will
be
meeting
again
in
two
weeks,
so
I.
Thank
you
all
for
your
time
and
attention
and
enjoy
the
rest
of
your.
C
E
Last
thing
before
we
jump
off
the
call
Randall,
where
is
the
next
best
place
for
us
to
specifically
follow
up
on
a
thread
on
like
generating
or
bringing
in
content?
Is
it
gonna
be
honest.
D
I'll
post
one
on
slack
as
soon
as
I'm
back
on
the
computer
and
and
you
can
or
you
could
DM
me
or
yeah.
One
of
the
two
sounds.