►
From YouTube: Education SIG (May 17, 2023)
Description
Agenda – https://docs.google.com/document/d/18GBwvQJNcPnwxKrnp43DhBZC7K1JM0xzGkDoKh5mu8U/edit#
Slack – https://openssf.slack.com/archives/C03FW3YGXH9
Mailing List – https://lists.openssf.org/g/openssf-sig-education
Git Repo - https://github.com/ossf/education
B
I
think
that
was
the
the
training
montage
from
Karate
Kid
his
best
around
right.
But
it's
it's
like
it's
like
playing
back
here.
Someplace,
oh
man,.
A
A
Nice
fella
he's
been
helping
out
a
lot
with
the
Dei
Sig.
Okay.
B
Did
do
you
get
any
so
now
that
you're
an
Insider?
What's
what's
the
situation
on
our
plan,
you're
gonna
get
approved.
A
Or
what
we
had
a
meeting
about
it
and
there's
there's
a
new
general
manager:
hey
Max,
there's
a
new
general
manager,
amkar
a
really
nice
fella,
and
he
is
kind
of
evaluating
there's
a
couple
things
that
are
in
flight
for
funding
requests,
so
I
think
his
first
order
of
business
is
to
get
his
staff
in
order.
They
have
several
outstanding
open
wrecks,
so
I
think
he's
going
to
try
to
get
through
those.
A
So
he
has
people
to
help
out
and
then
he's
trying
to
formulate
how
he
would
like
to
position.
The
mobilization
plan
requests.
A
A
But
that
you
know
there's
no
nothing
they
will.
They
are
approaching.
There
were
several
groups
after
the
DC
Summit
last
year
that
put
forth
pledges
to
fund
parts
of
the
plan,
so
I
think
he's
just
trying
to
see
the
state
of
where
things
are
and
how
he
wants
to
roll
those
out
to
those
people
and
see
if
they're,
still
interested
in
pledging
since
the
economy's
changed
a
little
bit
in
the
last
year.
B
A
I
I
hope
by
the
end
of
Q2.
I,
don't
know.
Okay
now
that
does
not
hinder
us
from
doing
anything.
There's
still
a
lot
of
great
work.
We
can
do
for
free,
I'm,
sorry
for
our
volunteer
donations,
but
all
like
the
significant
part
of
section
three
was
talking
about
scholarships
and
grants
and
that's
going
to
be
on
hold
for
the
foreseeable
future.
Until
we
get
that
funding
determination.
A
And
I'm
I'm
getting
my
I,
have
a
meeting
with
the
Intel
team
I
think
next
week
to
remind
them
that
we're
still
waiting
on
the
manager
training
but
like
many
organizations
in
high
tech
we've
gone
through
a
series
of
changes
over
the
last
several
months
and
people
that
may
have
originally
been
around
to
help
start
that
effort
are
no
longer
with
the
organization.
A
A
My
dream
would
be
in
June
and
then
we
can
actually
start
to
see
how
we
want
to
adjust
the
material
for
the
open,
ssf,
cool.
D
C
D
Isn't
going
to
pay
for
the
entire?
You
know
cyber
Workforce
to
be
brought
out.
The
consumers
of
that
Workforce
are
going
to
have
to
pay
for
it.
I
wonder
if,
within
our
crowd,
there's
you
know
a
some
Intel
about
companies
that
might.
C
D
A
D
Don't
know
any
such
people,
I
I,
would
have
I'd
be
holding
them
by
their
ankles
and
shaking
them
into
all
of
their
funding
dropped
out,
but
I
I
do
think
it's
worth
thinking
about.
You
know
if
there
is
like
an
alternative
pathway
like
that.
A
Well,
one
pathway
that
I
think
you
are
aware
of
Max
is
that
the
de
and
I
seg
is
going
to
be
talking
with
the
White
House.
There
is
like
a
I
I
feel
a
large
component
of
the
new
U.S
cyber
security
strategy.
I
think
it's
section,
four
talks
about
education,
so
we
actually
are
working
on
trying
to
get
an
invite
to
talk
with
those
folks.
So
that
is
another
option.
Is
potential
Government
funding.
A
D
Got
I
mean
generally
like
grunt
funding
is,
is
not
going
to
come
through
before
the
end
of
I
won't
come
through
this
yeah.
You
know,
let's,
let's
be
honest,
I've
spoken
and
and
have
some
contacts
over
in
nist,
which
is
probably
ultimately
where
and
nice.
Specifically.
D
D
Know
all
these
U.S
acronyms
I
know
a
couple
of
people
there
they're
actually
opening
some
grunts
towards
the
end
of
Q2
or
broad
broadly,
like
Workforce
Development,
but
getting
those
grants
as
a
as
a
as
an
organizational
group
that
hasn't
got
a
track
record
of
getting
grants
from
the
government
super
difficult.
D
A
If
you
can
share
some
details
that
there's
a
new
program
manager
that
assists
us
here
in
the
open,
ssf,
Amanda
and
I
believe
she
does
have
a
background
in
Grant
rating.
So
that
might
be
because
she
helped
me
put
together
the
Sovereign
Tech
fund
proposal.
But
again
that
we
were
like
right
at
the
like
the
last
day
of
consideration
that
we
got
that
in
right.
D
I
I
share
some
info
I.
Think
probably
what
the
folks
over
there
would
say
is
get
involved
in
their
working
groups
and
that's
the
best
way
to
hear
about
those
grants.
There's
there's
a
grand
portal
for
US
government
grants.
I
can't
remember
what
it's
called,
but
these
grants
will
be.
You
know
posted
that.
D
Let
me
look
into
it
and
see
if
there's
even
like
a
a
name
for
them
and
it
will
be
coming
out.
Nice
I'll
drop
a
link
to
it
great.
A
Just
so,
everyone
is
aware:
I
have
been
elevated
to
an
amazing
new
role
within
the
foundation
I'm
now
the
chairperson
of
the
technical
advisory
committee,
so
I'm
not
exactly
sure
what
that
entails.
But
I
know
it's
going
to
be
a
lot
of
additional
new
work.
So.
To
that
end,
I'm
going
to
ask
I'm
asking
each
of
the
groups
I'm
engaged
with
to
make
sure
we
have
a
strong,
stable
of
contributors
and
participants
so
that
if
I
am
available
or
I
have
con
not
available.
A
Just
keep.
B
A
But
if
there
are
folks
that
are
interested
in
trying,
you
know
dedicating
a
little
more
time
than
the
hour
a
week
or
whatever
you
know.
Please.
Let
me
know
it's
not
a
lot
of
work,
but
you
know
and
I
think
I
still
should
be
able
to
do
a
lot
of
it.
But
I
just
don't
know.
I
know,
I'll
have
a
lot
of
more
a
lot
more
one-on-ones
with
my
friends
on
the
governing
board.
B
Let's
talk
offline,
a
little
bit
more
about
what's
involved,
so
I
think
I
may
be
able
to
help
with
the
Sig
I.
Don't
think
I'll
be
able
to
help
as
much
support
in
group
as
whole,
because
time
constraints,
but
I
would
be
willing
to
try
and
help
coordinate
things
for
for
the
education
sake.
Awesome.
A
To
that
end.
Talking
about
for
momentum,
I
mentioned
the
Intel
training
and
I
hope
that
we'll
get
that
soon,
but
today
I
have
two
ideas.
Thank
you.
Jay
I
have
two
ideas
of
things.
We
could
collaborate
on
today.
First
off
is
we
created
a
model
of
kind
of
how
we
wanted
our
content
to
line
up,
so
maybe
we
could
do
kind
of
a
gap,
assessment
or
prioritizing
where
we
think
we
might
want
to
try
to
find
or
make
some
new
training
and
then
I
had
a
request.
A
A
So
I
think
that
might
be
potentially
a
very
useful
effort
for
us
to
focus
a
little
bit
of
time
on
so
do
either
of
those
ideas,
Inspire
and
motivate
people
to
want
to
collaborate.
A
little
more
today
on.
D
I'm
always
up
for
a
good
collaboration
with
the
open
source
contribution
idea.
A
It
was
just
a
commentary
from
the
audience,
so
the
open
source,
it's
the
open
source
Summit,
so
it
is
run
by
the
LF,
so
they
had
like
12
little
micro
conferences,
containers
and
supply
chain
and
the
hospital
and
many
people,
especially
young
developers
or
people
changing
their
careers.
Don't
know
they
know
they
would
like
to
to
participate,
but
they
don't
know
how
and
they
don't
understand
kind
of
some
of
the
the
a
lot
of
unspoken
rules.
A
So
it
would
be
great
if
we
could
potentially
help
try
to
clarify
that
like
what
is
a
PR,
for
example,
you
know
kind
of
start
off
on
some
basic
stuff,
give
them
a
couple
pointers
if
there's
other
art
that
exists
of
good
examples.
That
would
be
a
useful
activity.
A
I
think
yeah,
no
one
came
to
me
specifically,
it
said
dear
Crow,
please
make
a
class,
it
was
just
more
the
sentiment,
I
heard
from
a
lot
of
the
audience,
and
then
you
know
some
of
the
Keynotes
talking
about
how
we
need
to
you
know.
Part
of
our
de
and
I
say,
is
how
we're
trying
to
pull
more
people
into
the
trade.
C
D
Time
again,
we
hit
the
same
kind
of
issues
which
is
actually
kind
of
based
around
yeah.
How
do
I
write
a
good
PR?
D
Actually,
that's
kind
of
the
grounding
that
everything
else
sits
around
right
from
writing:
a
code
through
to
yeah
engaging
with
a
with
a
community
Through
To
understanding
the
the
standards
and
practices
within
a
project
or
pretty
much
everything
else.
A
Wow
my
my
Google
is
very
slow.
Today,
you're
you're,
hacking.
A
I
guess
I
need
to
reboot.
Yes,
so
what
other
topics
can
we
put
into
such
a
piece
of
work?.
B
There's
a
lot
of
lexicon
I
think
that
people
are
not
familiar
with
I.
Think,
like
you,
said,
the
unspoken
rules
that
are
out
there
bring
them
into
the
light
and
then
like
people
are
seeing
what
they
are,
and
why
is
is
a
good
thing.
C
E
E
D
D
C
D
Probably
one
of
the
other
really
really
top
things
right,
if
you
think
about
people
who
are
trying
to
get
into
open
source,
but
for
the
first
time,
they're,
probably
not
people
with
a
lot
of
I'm
going
to
say,
Enterprise
software
development
experience,
they
probably
have
more
of
an
academic
background.
They've,
probably
been
sort
of
solo
coding,
you
know,
and
they
do
a.
D
C
D
Know
get
GitHub
yeah
put
some
other
open
source
Tools
in
there.
Why
not?
And
then
you
know
the
and
that's.
D
Definitely
I
would
probably
need
to
be
careful
to
say
that
other
overdo.
D
D
They
call
it
Mr,
because
it's
a
merge
request,
you're,
not
really
putting
anything.
Are
you
yeah,
yeah
yeah,
so
I
guess
I
mean
the
other,
the
other
one
after
the
the
tools
for
me
is
that
the
process
right?
You
know
you
what.
C
D
A
D
E
E
D
E
E
E
E
It
was
when
I
joined
asterisk
as
well,
and
then
I
asked
for
the
documentation
and
they
said
it's
in
the
source
code.
Over
a
weekend,
a
read
all
the
source
code
of
asterisk
and
produced
a
Wiki
that
is
still
around
with
with
all
the
dogs,
then
I
said
well,
I
read
all
the
dogs
and
I
have
them
here.
Can
you
please
answer
my
questions
now?
E
E
A
So
another
thing
there's
been
many
requests
to
create
a
open
source
for
newbies
class
from
the
education
Sig.
So
we
think
that
would
be
a
great
companion
to
our
secure
coding,
fundamentals,
class
and
then
some
of
the
other
thing
ideas
we
have
as
part
of
this
project
the
Sig,
so
we're
kind
of
brainstorming
on
the
the
syllabus.
So
to
speak,
we're
kind
of
talking
about
ideas.
That
would
be
good,
good
and
interesting
to
have
in
this
course
and
valuable
to
these
new
learners.
E
How
do
you
get
these
people
to
do
the
stuff?
You
need
to
get
done
or
help
yourself
to
get
the
stuff
done.
A
E
Think
these
people
don't
get
the
funding
to
go
pay
for
this
class
I
think
a
series
of
very
easy
to
digest.
Youtube
videos
would
be
perfect
with
the
right
sender
and.
D
C
E
A
So
Max,
you
want
to
finish
your
thought
and
then
Randall.
D
I
think
my
thought
was
very
similar:
I
think
blog
post
granular
content,
so
people
can
dip
in
and
out
of
the
topics
they
want
and
yeah.
Perhaps
some
story
like
YouTube
type
videos,
is
always
good
as
well.
F
E
A
F
Anyway,
anyway,
what
I
was
gonna
say
is
LF
has
something
called
Express
trainings
that
are
circulated
throughout
the
community?
That
might
be.
That
is
an
official
class
format
that
we
have.
It
is
kind
of
a
newer
class
format
that
we
have,
so
that
might
be
something
that
you
could
consider.
F
F
We
do
have
some
trainings
already
that
kind
of
get
into
that.
Most
of
them
are
free,
so
I'm
pretty
sure
that
we
could
talk
to
Tim
about
putting
a
class
together
or
if
you
wanted
to
put
a
class
together
of
what
we
have
I
haven't
checked.
What
we
have
so
I
can't
tell
you
how
good
it
is,
but
that
is
definitely
a
option
is
I
know
we
have
like
an
intro
to
get
class.
We
have
an
intro
to
Linux
class.
We
have
like
a
kernels
fundamentals
class,
which.
C
F
Starting
to
get
really
not
beginner
but
I,
don't
know
that
depends
if
you
do
Gen,
2
or
not
I
guess,
but
you
know
it
just
yeah
like
we
and
I
just
we
do
have
material
on
this
that
we
could
get
that's
already
in
LF,
just
throwing
that
out
there.
Well,
that's.
A
Another
interesting
idea
is:
we
could
potentially
synthesize
all
those
ideas
and
do
like
a
cohesive
kind
of
Learner
Journey.
If
you're
new,
you
should
take
these
classes,
read
our
awesome
new
blogs.
We
just
wrote,
watch
our
you
know
our
videos.
We.
F
F
But
we
have
like
intro
to
gets
in
there
intro
to
Linux
I,
think
we
have
some
internal
networking,
but
I'd
have
to
check,
but
but
yeah.
You
know
how
some
of
that
stuff
has
been
there
for
a
very
long
time
and
needs
finagling.
So
I'm
all
I'm
saying
is
that
there's
definitely
stuff
to
work
with.
E
Cool
but
I
mean
if
you
look
Beyond
this.
Oh
it
says
for
news
class,
a
class
that
people
would
actually
spend
hours
on
and
maybe
pay
for
is
how
do
I
create
an
open
source
project
if
you're
in
a
business-
and
you
want
to
learn
how
you
start
an
open
source
project
that
would
be
a
class
that
people
would
spend
I
mean
16
hours
in
three
days
on
and
possibly
pay
for,
but
that's
a
whole
different
angle.
C
F
A
Well,
I
everything
I
do
has
security
from
the
very
beginning,
Randall.
So
of
course,
there'll
be
some
security
things,
but
I
think
the
initial
focus
is
to
cast
a
wide
net,
as
we
are
trying
to
encourage
people
to
take
up
this
career
path
and
get
engaged
with
open
source
in
general.
Give
them
the
basics
and
then
also
from
the
basics,
help
them
and
give
them
instructions
on
how
to
do
it
securely
from
the
beginning.
C
E
But
the
security
for
beginners
is
something
that
I'm
trying
to
spend
time
on
here,
because
I'm
because
of
the
new
Cyber
resilience
act
here
in
Europe,
but
I'm
getting
more
and
more
questions
about
what?
What
do
you
mean
here?
Everything
has
to
be
encrypted.
Everything
has
to
be
authorized.
Everything
has
to
be
confidential.
What
does
it
mean
and
there
will
be
enormous
demand
for
the
for
the
basics
here,
not
discussing
TLS
bits
and
bytes,
but
the
basics
of
TLS
with
mutual
authentication?
What
does
it
do
and
why
is
a
TLS
proxy?
E
A
problem
and
I
mean
go
going
back
to
basic
asymmetric
and
cryptography,
and
then
I
mean
the
TLs
has
been
around,
but
the
software
signing
part
that
comes
now
with
signing
all
the
artifacts
signing
all
the
containers
signing
desk
phone
that
will
be
required
lots
of
training
and
that's
where
openssf
is
really
needed.
I
think.
A
Fine-
and
that
is
a
slightly
different
topic
we
have
not
touched
on
yet
with
this
group-
is
I-
think
that
is
another
worthwhile
effort
for
us
to
help
talk
to
groups
like
salsa
who
might
already
have
training
or
they
might
not.
You
know
how
can
we
help
them
and
get
that
baked
into
a
larger
curriculum?
I
know
that
the
open
source
security
incident
response
team,
if
it
ever
gets
funded,
we'll
be
approaching
this
group
for
some
assistance
in
some
coordinated
disclosure
training.
E
It
doesn't
mean
that
I
mean
this
group
shouldn't
have
Monopoly,
but
at
least
keep
an
eye
on
terminology
juice
and
the
way
you
introduce
some
shared
Concepts.
So
we
introduce
them
the
same
way.
So
we
don't
have
10
definitions
of
our
x509
certificate.
A
So
back
to
my
question:
is
anyone
interested
in
trying
to
maybe
a
lot
more
logically
organize
this,
rather
than
a
stream
of
thought,
a
series
of
notes
to
see
if
we
might
have
a
little
bit
more
order
and
structure
and
then
maybe
think
about
different
ways?
We
could
deliver
this.
C
D
Love
if
we
could
Point
somebody
on
the
on
the
RF
training
team
towards
it
as
well,
to
start
like
mapping
in
where
there
is
already
content,
and
then
you
know
we
already
start
to
get
to.
Where
are
the
gaps
kind
of
view,
I.
F
A
D
That
I'm
sure
we've
all
got
a
couple
of
you
know
blog
posts,
YouTube
videos,
books
and
things
that
we
we
put
in
newbie
friends
to
anyway,
all
right.
So
we
start
to
map
those
in.
After
the
the
you
know,
the
other
kind
of
formal
curriculum
and
stuff.
Then
it
starts
to
become
a
resource
without
having
to.
A
A
The
new
managing
director
omkar
is
kind
of
considering
how
he
wants
to
move
forward
with
the.
A
There
are
four
of
the
ten
streams
that
have
active
work,
so
he's
trying
to
figure
out
how
to
connect
those
plans
with
the
pledgers
and
just
overall
kind
of
what
his
strategy
is
going
to
be
for
requesting
and
trying
to
get
these
things
funded.
So
TBD
still.
A
F
Well,
that's
coming
along
great
the
the
thing
about.
It
is
there's
a
lot
of
talks
right
now
as
to
how
the
delivery
is
going
to
happen
so
through.
A
A
C
E
F
For
that,
but
yeah
no,
but
as
I
said,
there's
there's
there's
talks
about
whether
or
not
it's
gonna
turn
it
all
into
LF
or
the
SKF
platform
is
going
to
stay
independent.
F
It's
the
latter
is
more
likely.
So
yes
and
there's
a
lot
of
things
that
we
could
do
there,
because
the
platform
is
very
open.
So
I
know
that
we
talked
with
avishay
about
different
possibilities
in
the
past
and
whatnot,
and
now
that
we're
actually
slowly
getting
there.
You
know
we
could
do
a
lot
with
the
SKF
platform,
but
obviously
we'd
have
to
Loop
in
other
parties
involved
and
yeah
we'd,
probably
end
up
in
a
similar
boat.
As
the
plan.
F
F
A
D
A
Right
any
additional
thoughts
or
items
we
want
to
discuss
today.
A
A
All
right
folks,
I
appreciate
your
time
and
attention
today.
Thank
you
for
the
very
engaged
conversation
excited
to
see
how
well
this
is
filling
out
and
looking
forward
to
seeing
you
in
a
few
weeks
enjoy
the
rest
of
your
day.