►
From YouTube: Education SIG (May 17, 2023)
Description
Agenda – https://docs.google.com/document/d/18GBwvQJNcPnwxKrnp43DhBZC7K1JM0xzGkDoKh5mu8U/edit#
Slack – https://openssf.slack.com/archives/C03FW3YGXH9
Mailing List – https://lists.openssf.org/g/openssf-sig-education
Git Repo - https://github.com/ossf/education
B
A
B
A
Or
what
we
had
a
meeting
about
it
and
there's
there's
a
new
general
manager:
hey
Max,
there's
a
new
general
manager,
amkar
a
really
nice
fella,
and
he
is
kind
of
evaluating
there's
a
couple
things
that
are
in
flight
for
funding
requests,
so
I
think
his
first
order
of
business
is
to
get
his
staff
in
order.
They
have
several
outstanding
open
wrecks,
so
I
think
he's
going
to
try
to
get
through
those.
A
A
A
But
that
you
know
there's
no
nothing
they
will.
They
are
approaching.
There
were
several
groups
after
the
DC
Summit
last
year
that
put
forth
pledges
to
fund
parts
of
the
plan,
so
I
think
he's
just
trying
to
see
the
state
of
where
things
are
and
how
he
wants
to
roll
those
out
to
those
people
and
see
if
they're,
still
interested
in
pledging
since
the
economy's
changed
a
little
bit
in
the
last
year.
B
A
I
I
hope
by
the
end
of
Q2.
I,
don't
know.
Okay
now
that
does
not
hinder
us
from
doing
anything.
There's
still
a
lot
of
great
work.
We
can
do
for
free,
I'm,
sorry
for
our
volunteer
donations,
but
all
like
the
significant
part
of
section
three
was
talking
about
scholarships
and
grants
and
that's
going
to
be
on
hold
for
the
foreseeable
future.
Until
we
get
that
funding
determination.
A
D
C
D
C
D
A
D
A
Well,
one
pathway
that
I
think
you
are
aware
of
Max
is
that
the
de
and
I
seg
is
going
to
be
talking
with
the
White
House.
There
is
like
a
I
I
feel
a
large
component
of
the
new
U.S
cyber
security
strategy.
I
think
it's
section,
four
talks
about
education,
so
we
actually
are
working
on
trying
to
get
an
invite
to
talk
with
those
folks.
So
that
is
another
option.
Is
potential
Government
funding.
A
D
D
A
If
you
can
share
some
details
that
there's
a
new
program
manager
that
assists
us
here
in
the
open,
ssf,
Amanda
and
I
believe
she
does
have
a
background
in
Grant
rating.
So
that
might
be
because
she
helped
me
put
together
the
Sovereign
Tech
fund
proposal.
But
again
that
we
were
like
right
at
the
like
the
last
day
of
consideration
that
we
got
that
in
right.
D
D
I
I
share
some
info
I.
Think
probably
what
the
folks
over
there
would
say
is
get
involved
in
their
working
groups
and
that's
the
best
way
to
hear
about
those
grants.
There's
there's
a
grand
portal
for
US
government
grants.
I
can't
remember
what
it's
called,
but
these
grants
will
be.
You
know
posted
that.
D
A
Just
so,
everyone
is
aware:
I
have
been
elevated
to
an
amazing
new
role
within
the
foundation
I'm
now
the
chairperson
of
the
technical
advisory
committee,
so
I'm
not
exactly
sure
what
that
entails.
But
I
know
it's
going
to
be
a
lot
of
additional
new
work.
So.
To
that
end,
I'm
going
to
ask
I'm
asking
each
of
the
groups
I'm
engaged
with
to
make
sure
we
have
a
strong,
stable
of
contributors
and
participants
so
that
if
I
am
available
or
I
have
con
not
available.
B
A
But
if
there
are
folks
that
are
interested
in
trying,
you
know
dedicating
a
little
more
time
than
the
hour
a
week
or
whatever
you
know.
Please.
Let
me
know
it's
not
a
lot
of
work,
but
you
know
and
I
think
I
still
should
be
able
to
do
a
lot
of
it.
But
I
just
don't
know.
I
know,
I'll
have
a
lot
of
more
a
lot
more
one-on-ones
with
my
friends
on
the
governing
board.
B
A
To
that
end.
Talking
about
for
momentum,
I
mentioned
the
Intel
training
and
I
hope
that
we'll
get
that
soon,
but
today
I
have
two
ideas.
Thank
you.
Jay
I
have
two
ideas
of
things.
We
could
collaborate
on
today.
First
off
is
we
created
a
model
of
kind
of
how
we
wanted
our
content
to
line
up,
so
maybe
we
could
do
kind
of
a
gap,
assessment
or
prioritizing
where
we
think
we
might
want
to
try
to
find
or
make
some
new
training
and
then
I
had
a
request.
A
A
A
It
was
just
a
commentary
from
the
audience,
so
the
open
source,
it's
the
open
source
Summit,
so
it
is
run
by
the
LF,
so
they
had
like
12
little
micro
conferences,
containers
and
supply
chain
and
the
hospital
and
many
people,
especially
young
developers
or
people
changing
their
careers.
Don't
know
they
know
they
would
like
to
to
participate,
but
they
don't
know
how
and
they
don't
understand
kind
of
some
of
the
the
a
lot
of
unspoken
rules.
A
A
I
think
yeah,
no
one
came
to
me
specifically,
it
said
dear
Crow,
please
make
a
class,
it
was
just
more
the
sentiment,
I
heard
from
a
lot
of
the
audience,
and
then
you
know
some
of
the
Keynotes
talking
about
how
we
need
to
you
know.
Part
of
our
de
and
I
say,
is
how
we're
trying
to
pull
more
people
into
the
trade.
C
D
B
C
E
E
D
C
D
Probably
one
of
the
other
really
really
top
things
right,
if
you
think
about
people
who
are
trying
to
get
into
open
source,
but
for
the
first
time,
they're,
probably
not
people
with
a
lot
of
I'm
going
to
say,
Enterprise
software
development
experience,
they
probably
have
more
of
an
academic
background.
They've,
probably
been
sort
of
solo
coding,
you
know,
and
they
do
a.
D
C
D
D
D
C
D
A
D
E
E
D
E
E
E
E
It
was
when
I
joined
asterisk
as
well,
and
then
I
asked
for
the
documentation
and
they
said
it's
in
the
source
code.
Over
a
weekend,
a
read
all
the
source
code
of
asterisk
and
produced
a
Wiki
that
is
still
around
with
with
all
the
dogs,
then
I
said
well,
I
read
all
the
dogs
and
I
have
them
here.
Can
you
please
answer
my
questions
now?
E
E
A
So
another
thing
there's
been
many
requests
to
create
a
open
source
for
newbies
class
from
the
education
Sig.
So
we
think
that
would
be
a
great
companion
to
our
secure
coding,
fundamentals,
class
and
then
some
of
the
other
thing
ideas
we
have
as
part
of
this
project
the
Sig,
so
we're
kind
of
brainstorming
on
the
the
syllabus.
So
to
speak,
we're
kind
of
talking
about
ideas.
That
would
be
good,
good
and
interesting
to
have
in
this
course
and
valuable
to
these
new
learners.
E
A
E
D
C
E
D
F
E
A
F
F
We
do
have
some
trainings
already
that
kind
of
get
into
that.
Most
of
them
are
free,
so
I'm
pretty
sure
that
we
could
talk
to
Tim
about
putting
a
class
together
or
if
you
wanted
to
put
a
class
together
of
what
we
have
I
haven't
checked.
What
we
have
so
I
can't
tell
you
how
good
it
is,
but
that
is
definitely
a
option
is
I
know
we
have
like
an
intro
to
get
class.
We
have
an
intro
to
Linux
class.
We
have
like
a
kernels
fundamentals
class,
which.
C
F
A
F
F
E
Cool
but
I
mean
if
you
look
Beyond
this.
Oh
it
says
for
news
class,
a
class
that
people
would
actually
spend
hours
on
and
maybe
pay
for
is
how
do
I
create
an
open
source
project
if
you're
in
a
business-
and
you
want
to
learn
how
you
start
an
open
source
project
that
would
be
a
class
that
people
would
spend
I
mean
16
hours
in
three
days
on
and
possibly
pay
for,
but
that's
a
whole
different
angle.
C
A
Well,
I
everything
I
do
has
security
from
the
very
beginning,
Randall.
So
of
course,
there'll
be
some
security
things,
but
I
think
the
initial
focus
is
to
cast
a
wide
net,
as
we
are
trying
to
encourage
people
to
take
up
this
career
path
and
get
engaged
with
open
source
in
general.
Give
them
the
basics
and
then
also
from
the
basics,
help
them
and
give
them
instructions
on
how
to
do
it
securely
from
the
beginning.
C
E
But
the
security
for
beginners
is
something
that
I'm
trying
to
spend
time
on
here,
because
I'm
because
of
the
new
Cyber
resilience
act
here
in
Europe,
but
I'm
getting
more
and
more
questions
about
what?
What
do
you
mean
here?
Everything
has
to
be
encrypted.
Everything
has
to
be
authorized.
Everything
has
to
be
confidential.
What
does
it
mean
and
there
will
be
enormous
demand
for
the
for
the
basics
here,
not
discussing
TLS
bits
and
bytes,
but
the
basics
of
TLS
with
mutual
authentication?
What
does
it
do
and
why
is
a
TLS
proxy?
E
A
problem
and
I
mean
go
going
back
to
basic
asymmetric
and
cryptography,
and
then
I
mean
the
TLs
has
been
around,
but
the
software
signing
part
that
comes
now
with
signing
all
the
artifacts
signing
all
the
containers
signing
desk
phone
that
will
be
required
lots
of
training
and
that's
where
openssf
is
really
needed.
I
think.
A
Fine-
and
that
is
a
slightly
different
topic
we
have
not
touched
on
yet
with
this
group-
is
I-
think
that
is
another
worthwhile
effort
for
us
to
help
talk
to
groups
like
salsa
who
might
already
have
training
or
they
might
not.
You
know
how
can
we
help
them
and
get
that
baked
into
a
larger
curriculum?
I
know
that
the
open
source
security
incident
response
team,
if
it
ever
gets
funded,
we'll
be
approaching
this
group
for
some
assistance
in
some
coordinated
disclosure
training.
E
A
C
D
F
A
D
That
I'm
sure
we've
all
got
a
couple
of
you
know
blog
posts,
YouTube
videos,
books
and
things
that
we
we
put
in
newbie
friends
to
anyway,
all
right.
So
we
start
to
map
those
in.
After
the
the
you
know,
the
other
kind
of
formal
curriculum
and
stuff.
Then
it
starts
to
become
a
resource
without
having
to.
A
A
A
F
A
A
C
E
F
It's
the
latter
is
more
likely.
So
yes
and
there's
a
lot
of
things
that
we
could
do
there,
because
the
platform
is
very
open.
So
I
know
that
we
talked
with
avishay
about
different
possibilities
in
the
past
and
whatnot,
and
now
that
we're
actually
slowly
getting
there.
You
know
we
could
do
a
lot
with
the
SKF
platform,
but
obviously
we'd
have
to
Loop
in
other
parties
involved
and
yeah
we'd,
probably
end
up
in
a
similar
boat.
As
the
plan.