The ORBIT Working group is officially a Sandbox-level working group within the OpenSSF 
The ORBIT WG exists to develop and maintain interoperable resources related to the identification and presentation of security-relevant data.
Motivation
[Background / use cases of the problem to be solved]
Objective
Following formation and initial stabilization, the WG will additionally seek to facilitate contribution to OpenSSF of additional resources which have streamlined development and/or adoption of the aforementioned resources. This includes logical models, schemas, libraries, and control validation/enforcement tooling.
Scope
[What is in and out of scope]
Prior Work
Recognizing the generous support provided to-date by their respecive homes, but moving forward to centralize these tightly-coupled activities, the WG at launch will take responsibility for the following OpenSSF projects and repositories:
- Open Source Project Security Baseline
- Open Source Project Security Assessments
- Security Insights
- SI Tooling
Active Projects
- Open Source Project Security Baseline
- Open Source Project Security Assessments
- Security Insights
- SI Tooling
Inactive Projects
[Optional]
Get Involved
- Official communications occur on the [ADD LINK TO YOUR WG MAILING LIST] (ex: https://lists.openssf.org/g/openssf-tac/topics).
Manage your subscriptions to Open SSF mailing lists. - Slack
Quick Start
- Areas that need contributions
- Build information if applicable
- Where to file issues
- Etc.
Meeting times
[TODO: Update with your WG meeting details]
- Every other Tuesday @ 10:00am PST (Link to calendar invite)
- Meeting Minutes
Governance
[TODO: Update this link to your specific CHARTER.md file] The CHARTER.md outlines the scope and governance of our group activities.
[OPTIONAL]
- Lead name
- Co-Lead name
Intellectual Property
In accordance with the OpenSSF Charter (PDF), work produced by this group is licensed as follows:
[TODO: Select below the applicable license(s), delete those that don't apply, and update the LICENSE file accordingly. For specification development refer to the specific instructions on the Community Specification Getting Started page.
Note that for source code, instead of Apache, you may choose to use the MIT License available at https://opensource.org/licenses/MIT. Otherwise, no other license than those listed here may be used without approval from the Governing Board.]
- Software source code
- Apache License, Version 2.0, available at https://www.apache.org/licenses/LICENSE-2.0;
- Data
- Any of the Community Data License Agreements, available at https://www.cdla.io;
- Specifications
- Community Specification License, Version 1.0, available at https://github.com/CommunitySpecification/1.0
- All other Documentation
- Creative Commons Attribution 4.0 International License, available at https://creativecommons.org/licenses/by/4.0/
Antitrust Policy Notice
Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.
Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.
