This is fantastic to see. I've tweeted it out and will press others to RT. We (OpenSSF) are starting to help other orgs with this kind of thing and I'll look for ways for us to be helpful here.
Brian On Thu, 5 May 2022, Mark J Cox wrote:
ASF security handling is currently all done by volunteers, and while our respective employers graciously provide our time to work on this, the volume increases every year. We also believe we need to give more help and guidance to projects, more reviews of our advisories and CVE entries, and other related things mentioned in the brainstorm documents we've been working on. So I'm pleased to announce we are looking for a part-time Program Manager to work in the Apache Software Foundation security response team. The main focus will be on the handling and organisation of the incoming security reports across our 300+ open source projects. https://blogs.apache.org/security/entry/position-available-security-response-program Regards, Mark J Cox ASF Security
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
