From ad034b7fb71db698e3dff72d95ca538ed17cad62 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Tue, 28 Nov 2023 09:41:32 -0800 Subject: [PATCH 1/3] creates focused criteria for evaluating memory safety efforts (more to come!) Signed-off-by: Nell Shamrell --- docs/funding-recommendations.md | 11 ----------- docs/project-support-criteria.md | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 11 deletions(-) delete mode 100644 docs/funding-recommendations.md create mode 100644 docs/project-support-criteria.md diff --git a/docs/funding-recommendations.md b/docs/funding-recommendations.md deleted file mode 100644 index fe85036..0000000 --- a/docs/funding-recommendations.md +++ /dev/null @@ -1,11 +0,0 @@ -# Funding recommendations - -This document captures initiatives this working group recommends that the OpenSSF and its members fund. - -## Evaluation Criteria - -TODO - -## Initiatives we have evaluated and recommend - -## Initiatives we are currently evaluating diff --git a/docs/project-support-criteria.md b/docs/project-support-criteria.md new file mode 100644 index 0000000..85973b2 --- /dev/null +++ b/docs/project-support-criteria.md @@ -0,0 +1,17 @@ +# OpenSSF Memory Safety Project Support Program + +NOTE - This is currently a draft and this program has not been launched yet! + +[The OpenSSF TAC/Foundation is currently working on a funding model and process](https://github.com/ossf/Memory-Safety/pull/13#issuecomment-1791255657) for supporting project/efforts related to Open Source Software Security. + +This Working Group is focused specifically on how to technically evaluate a project/effort related to improving memory safety in Open Source Software. + +## Draft Criteria + +Does this project meaningfully improve memory safety within Open Source software [according to our definition of memory safety](https://github.com/ossf/Memory-Safety/blob/main/docs/definitions.md)? + +Meaningful efforts include (but are not limited to): +* Targeted re-write efforts of Open Source software in memory safe by default languages +* Educational efforts on memory safety in software +* Tools/Processes which improve the memory safety of software when a rewrite in a memory safe by default language is not possible/practical +* Efforts which reduce undefined behavior in commonly used Open Source software components From 783799cd5b41e7e9f93b47a34fdde608364af9f6 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Tue, 28 Nov 2023 09:46:17 -0800 Subject: [PATCH 2/3] fixes markdown Signed-off-by: Nell Shamrell --- docs/project-support-criteria.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/project-support-criteria.md b/docs/project-support-criteria.md index 85973b2..e7892fe 100644 --- a/docs/project-support-criteria.md +++ b/docs/project-support-criteria.md @@ -11,6 +11,7 @@ This Working Group is focused specifically on how to technically evaluate a proj Does this project meaningfully improve memory safety within Open Source software [according to our definition of memory safety](https://github.com/ossf/Memory-Safety/blob/main/docs/definitions.md)? Meaningful efforts include (but are not limited to): + * Targeted re-write efforts of Open Source software in memory safe by default languages * Educational efforts on memory safety in software * Tools/Processes which improve the memory safety of software when a rewrite in a memory safe by default language is not possible/practical From 7a0d64516d3a0a3c676d34b3b6652e4641dbcc55 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Wed, 13 Dec 2023 11:10:49 -0800 Subject: [PATCH 3/3] change based on review Signed-off-by: Nell Shamrell --- docs/project-support-criteria.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/project-support-criteria.md b/docs/project-support-criteria.md index e7892fe..f2bf18c 100644 --- a/docs/project-support-criteria.md +++ b/docs/project-support-criteria.md @@ -15,4 +15,4 @@ Meaningful efforts include (but are not limited to): * Targeted re-write efforts of Open Source software in memory safe by default languages * Educational efforts on memory safety in software * Tools/Processes which improve the memory safety of software when a rewrite in a memory safe by default language is not possible/practical -* Efforts which reduce undefined behavior in commonly used Open Source software components +* Efforts which reduce undefined behavior (related to memory safety) in commonly used Open Source software components