[soc-dev] IMPORTANT - Call for Ideas on Security Projects!

[Eclipse Management Office EMO <emo@xxxxxxxxxxxxxxxxxxxxxx>]

Dear committers, 

we are looking for a few projects that would like to submit a small (90h) project idea on security. 

Some ideas on this subject could be:

* Adding/integrating sigstore

* Adding support for Fuzzing via OSS-Fuzz, or expanding fuzzing coverage where it already exists
* Remediating known vulnerabilities

* Improving build/release security by automating builds, releases, adding build provenance, signing and improving reproducibility

* Improving OpenSSF Scorecard scores of projects (remediating various risk assessments)

You'll be working in collaboration with a mentor from GOSST (Google Open Source Security team).

Please contact the EMO ASAP if your project is interested!

Kind regards,

Maria Teresa Delgado

--

The Eclipse Management Organization | Eclipse Foundation