Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
OpenSSF / Education SIG / 28 Jun 2023
OpenSSF / Education SIG / 28 Jun 2023
Previous Meeting
Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Education SIG (June 28, 2023)

Description

Agenda – https://docs.google.com/document/d/18GBwvQJNcPnwxKrnp43DhBZC7K1JM0xzGkDoKh5mu8U/edit#

Slack – https://openssf.slack.com/archives/C03FW3YGXH9

Mailing List – https://lists.openssf.org/g/openssf-sig-education

Git Repo - https://github.com/ossf/education

A

We'll get started in a few minutes, let's see if the books start to log in.

A

Hello, everybody we'll get started in just one minute, waiting to see if Randall shows up he's the one that put our current uh agenda item on the list. If anyone has any opens, please add them in the open section and we'll talk about that shortly.

A

And you should click the button. Dave click click.

B

It click it. Thank you for your support.

A

It never hurts to help.

B

So you keep telling me.

A

Someday you'll listen.

B

Oh I've listened many many times.

A

Oh Randall.

A

I think the only thing more frustrating is not having items on the agenda. Is somebody putting an item on the agenda and that's not they're not showing up to talk about it.

B

So he put the Outreach stuff on there.

B

Randall he put the Outreach stuff on the agenda. Yeah.

A

All right folks we'll get started. It is three after the hour. Welcome to the June 28th edition of the open, ssf's education. Sig I would like to ask: do we have anyone interested in helping us scribe today.

A

Thank you David sure foreign. Next up do we have anyone new to the group? Is this your first time showing up, and would you like to introduce yourselves to the group Alexander.

C

Hello, my name is Alexandra Beaver I'm, a kidding security student at RIT last year, I was responsible for developing our education strategy and so I want to get more involved in the open source. Community I felt that this was a good way to get involved.

A

Excellent.

C

Well, welcome we're.

A

Very glad to have you do we have any other first-timers here that wanted to say hello.

A

All right, if anyone has any additional items, they'd like to talk about, please add that to the open section of the agenda. I see that our friend Randall has arrived from sunny California uh Randall, put an item uh in the best practices working group. We had a young lady from LF education, Cassidy she's, an instructional designer she came and talked to us about an effort she's going through about making accelerated classes and she's going to be making classes focused around the open ssf and some of the working groups and Randall has some uh things.

A

He wants to talk about a little bit. So I'll turn the floor over to Randall.

D

And I also have something else as well: I I added the stuff for the best practices and best practices um when I was what I was gonna say about best practices.

C

Is.

D

That we're currently looking for an open, ssf, Express learning course and also an alpha omega uh expert, uh not learning course Express. Learning, sorry uh I, just literally like rolled out of bed, so.

A

It's early yeah.

D

So Express learning open, ssf uh and Alpha Omega they're, also looking for a Sig store, one I think as far as that. That's as far as we want to go right now um and see how that goes and go from there.

D

So as far as the micro courses slash Express learnings, that's what I have as far as updates.

A

Do you need any assistance from this nice body of folks here on this Zoom call.

D

Eyes, I, don't know if you want to do like a contributor committee or whatever, because one of the big things is about making the courses and also keeping the courses maintained.

C

um

D

So.

A

And you're, looking for um like an intro to the best practices working group.

D

Intro to open ssf in general, it would be more of a generalized thing. I know that we talked about potentially having one for each working group um Tim's not crazy about that idea, because he thinks that it'll be too difficult to maintain, um and he was the one that told me he would prefer to keep it to like right now. Unexpressed learning, which is supposed to be like a 90-minute course tops like something you could do in like lunchtime um and give you kind of like what you need to know.

A

So specifically, what's your request of this group today? Would you like us to well.

D

I I just had that update I, don't I mean I think that uh we should probably talk with uh the best practices working group about that um I do have something else that was discussed uh yesterday, which is the LF is going to be starting a new effort into uh working with, like Defcon and black hat, and people like that uh in the terms of offering kind of different content than what we have right now on our blog, um because what we have right now on our blog is very corporate and pretty much all of our Outreach efforts are very corporate based.

D

So um a few things have happened where now we can explore a different avenue of cyber security, which is kind of more the bug, Bounty Hunter researcher aspect, um and what we're planning to do? How we're planning to engage this is kind of create a separate blog that'll still be under LF.

D

So I also wanted to talk about that because um I don't know, if that's the interest of this group, but if it is, um we were looking for people that would like to contribute content and things of that nature.

A

And is this uh just blogs? Are you guys looking at making like an education track and present at either of those conferences.

D

um Basically, right now we're just looking to like base get a foothold in that space. um A lot of people in that space are not exactly clear on what the LF is or does, or even what openssf does and how it all affects cyber security. So that's one of the main reasons that we're doing it is to kind of be able to engage with that party of people.

D

That group of folks I know that we've had Max in the past from a major league. uh Hacking uh I thought he might be somebody we could talk to I think they also were talking to somebody else, um but yeah, but, as I said, the whole ideology is that trying to get more of a foot space in well there. We call it the other side of cyber security um and in the meeting we just felt that currently The Branding and the Outreach that we have is just not really oriented towards those group of people.

D

It's all very corporate like so that's kind of what God decided that it wouldn't be a. It would be best to create a separate brand to basically Engage The Other Side of cyber security. So.

A

Yeah I see Sal wants to make a question. Has a question or comment.

E

Yeah no I think that's a good point, um so I want to clear I, hear two kind of clear personas and what you're stating um so the one like that other group of people- that's infosec, right um and I- do think that we should have more of an engagement around those resources in that education and let corporate developers understand infosec is on their computer or they're already facing it. If they don't realize it right.

E

um So I think that that's good and important I think the Partnerships that you're bringing up already have great resources like just like Syndicate the solution-based blogs that they're putting out there that's a great idea.

E

um Second um I have been having conversations that I think are going to continue that align really well around, like major league hacking and to some degree like open UK, all these other non-lf groups in open source um that might be able to contribute to a sort of like shared project like chaos uh project as well.

E

All of these good good groups coordinating around what it looks like have the student profile or the entering profile uh of like how do you engage on your open source projects and where is there a maintainer pathway that we can statistically see so that we can take those lessons and bring them back specifically to ossf my argument being there that um we don't want to be doing any extra work and collecting extra data? If someone already has like made a wheel right, just put them together and make a bike.

E

um So in this case we might get the data and if we do um I think what that allows us to do is really really Target. That student profile really really able to show and I'm getting a little off here. But I want to be able to show not just like here's, the sigs, but like here's, the sigs and the style of open source project that you engage with in order to have a maintainer career so that we can have them.

E

We want to I guess my final point and I will stop taking up the time. My final Point here is what I was trying to say. My LF is getting on board. Is that as we do the cyber security immobilization, we should be seeing an Infuse of hireable developers and cyber security. Unlike what we've seen ever before in cyber security, it should inherently be more diverse than anything else. We've ever seen in cyber security and I'm excited for those stats. That's why I'll stop.

A

Speaking so, what I heard Sal is uh three personas that might benefit from this additional LF attention, so classic infosec um your student and your new developer Persona and then the original Persona that I think Randall was originally targeting, like Bug Hunter security researcher.

D

Also, don't forget, Matrix reject, that's also in the what Matrix reject you know the whole generation of hackers that the Matrix made so yeah also put.

A

That in there I I will pick the steak dinner every time.

D

Let me also point this out Pro that this is also important, so the LF has been doing a little bit of research on our Outreach and our blogs and how effective they are and there's a common point about how the information that we put out is very informative, but we're never Hands-On. So that's also one of the things that this blog tries is going to try to uh handle and try to be a little bit more Community focused is we're going to actually try to be Hands-On.

D

um A lot of it is going to come out of like the SKF group and a lot of the tools that we use, that we don't act that don't fit into courses.

D

um A lot of content is going to come from that, so that people can see that we are actually Hands-On that we just don't speak, and a lot of people also think that we're a huge bureaucracy- and that's also another thing that we're trying to address here, because you know the infosec community has a lot of opinions about LF, so yeah.

A

Much like the open source Community, the infosec community has a lot of opinions. Yes, yeah many.

D

Of which are very crazy, which kind of the same.

A

Time I think the Venn diagram is close to an overlapping Perfect Circle yeah.

F

Totally.

D

So yeah, but but yeah so I just wanted to say that, because that that's another thing that we're going to be starting up taking ideas as far as how we can do this, what content would be useful um and yeah I'm, currently working with Mary and Scott over at LF Outreach, which is I, guess our the main Outreach group, but yeah um and yeah.

D

Basically, that was what I had to say, and yes, so I do agree with everything you said and I basically brought it to this group, because that way we can all collaborate, because this kind of got dropped on my desk. It was like you're in charge of this now so yeah welcome.

A

To open source, so uh two things first off I would ask the group you know: do. Are you personally or are you aware of people within your organizations that might be interested in contributing some of these more detailed, uh focused, targeted blogs to help Randall with his effort, if so reach out to Randall in.

C

Slack.

A

Emails and whatnot and then secondarily Randall I, know all the people that run a another industry group called The Bug Bounty community of Interest, so all of the vendor bug Bounty programs. So if you're interested to hear how commercial vendors work with an approach, security, researchers I'd be glad to make a connection and then um secondarily to that part, the the woman that runs that community of Interest also runs our Intel bug Bounty program and she has done they've done a significant amount of work courting and engaging with security researchers in our silicon space.

A

So if you are looking for ways to specifically engage security, researchers, I could arrange a call with her if you wanted to just kind of talk about tips and tricks and kind of what they've learned and kind of engaging with the assorted researchers in our space and I'll give you a link. They have a new piece of nonsense: a project circuit breaker, which has gotten a lot of accolades from the research Community.

A

The researchers have really enjoyed their approach and again, if you're looking for supporting that specific Persona I can help make some connections for you. Yeah.

D

Absolutely I mean right now: I'll say that our main focus is Outreach just because we're trying to maximize what we sources we currently have in play at LF. Obviously, the economy has affected everyone, so it's affected us as well. So that's. Why, like right, now we're really looking at like what is effective. What isn't and the reality is, is that our Outreach efforts are great at a corporate level, not so great at a community level or like hacker Hands-On level, so um yeah, but yeah, absolutely Pro any any help. Yeah much appreciated.

A

I mean I'm glad to brokered introduction, um not about setting up a bug Bounty but like specifically engaging with security researchers. They have a very unique perspective and there's some lessons learned: I think that can be shared yeah.

G

Yeah, so I actually got a lead a little while back uh the mediac uh miter, where my understanding is that the US government has some of these courses like this, that uh they might actually be willing to share as well. So don't don't count all those chickens before they hatch, but I am at least trying to see what I can shake out from some of these things.

G

um So anyway, so keep going going. Don't assume if anything will happen there, but uh I am trying to shake some trees when I find out there's a tree.

D

Awesome. Thank you. David.

G

Ciao.

E

Yeah, first off, it's not chickens. In this case it would specifically be eagle eggs uh second um I'm trying to find and when I find it it'll come off uh the I'm. So bad with like because all these Chris like kranowski, does a lot of security.

E

Stuff like scrap, modeling, stuff and I know that they had something.dev and literally it was around at least six months ago, and it has a like red back end, and it literally is like the reward structure for doing preventative work for developers and also like helping bug bashes for Linux projects and I know it was Linux based and it's something.

F

Dev.

E

We found it cool. That's I just wanted to highlight that we found.

A

Okay, cool.

A

Or any additional thoughts about either the micro course or Randall's conversation around the blogs, these kind of expert blogs. Anyone inspired to go write a blog in your spare time.

A

All right: well, if you are interested in these topics, please reach out via the slack Channel or reach out to Randall direct. We would love to continue that conversation. Does anyone have any uh other open issues they'd like to discuss today about the education Sig.

E

I just have one uh sort of like question comment and it's it's really just a feel because I don't know how this would work through Linux Foundation, um but for my own topics and when I try to delve around stuff and I'm thinking of this, particularly for like getting information about cigs, I love, doing like 500 bucks of rewards on like hacker noon or a profile like that and having people write blogs and then you just rate the best blogs.

E

I think that's a really nice view to generate Community content in a way that values people's time. In a way that's cost to pitch. You know up front waiting, um I, don't know, I, think that might be something because I'm still we're all looking at the problem that, like those working groups, are mostly rental maintainers and they don't want to be doing documentation on documentation right. So just a thought.

A

That is a common across all of engineering, Engineers hate, documentation.

F

So a thought, a thought is leveraging. Universities and the communication and English departments are folks that are interested in becoming technical writers, maybe providing a way for them to, because that's a common one that I get a lot is like I just want to be a writer but I want to write. You know sex space where do I get started. I'm like come to open ssf.

F

We have tons of documentation, nobody wants to write but I think um finding a way to hit those different groups, and maybe universities or folks that are outside as writers could be a way to overcome those lovely documentation about this.

A

Oh, and that does marry in with some of the six goals of kind of getting better engagement with Academia. That's an interesting point. Thank you. Yes, India.

A

Any other thoughts or comments or topics we'd like to discuss today.

A

Okie dokie: well, um if you have anything you want to engage with the group, we have our mailing list. We have the slack channel. uh We will be meeting again in two weeks, so I. Thank you all for your time and attention and enjoy the rest of your.

C

Day.

A

I will see many of you later today again.

E

Last thing before we jump off the call Randall, uh where is the next best place for us to specifically follow up on a thread on like generating or bringing in content? Is it gonna be honest.

D

I'll post one on slack as soon as I'm back on the computer and um and you can or you could DM me or yeah. One of the two sounds.

E

Good all right all.

A

Right, everyone have a great day.

D

Thanks everyone.