At a high level, the roadmap for TACOS will include
- Staying current with NIST SSDF guidelines (current version 1.1)
- Working with maintainers to develop standards, measurements, and incentives for attesting to those standards
- Defining an SBOM + TACOS + VEX + VDR attestation paperwork bundle for software vendors or other organizations building with open source
- Compatibility and documentation for SDLC workflows with SLSA and GUAC
- Migrating to in-toto formatted attestations