From 3365b3f5abb5479d9ce86d905b34cc4dc2333bf2 Mon Sep 17 00:00:00 2001
From: CRob <69357996+SecurityCRob@users.noreply.github.com>
Date: Tue, 5 Nov 2024 12:16:43 -0500
Subject: [PATCH 1/9] Create 2024-Q4-VULN-WG.md
Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
---
.../2024/TI-reports/2024/2024-Q4-VULN-WG.md | 73 +++++++++++++++++++
1 file changed, 73 insertions(+)
create mode 100644 TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
diff --git a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
new file mode 100644
index 00000000..0acc58d9
--- /dev/null
+++ b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
@@ -0,0 +1,73 @@
+# 2024 Q4 Vulnerability Disclosure WG
+
+
+## Overview
+The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by helping develop and advocate well-managed vulnerability reporting and communication. We serve open source maintainers and developers, assist security researchers, and help downstream open source software consumers.
+
+The Vulnerability Disclosure Working group is officially a [Graduated-level](https://github.com/ossf/tac/blob/main/process/working-group-lifecycle.md) working group within the OpenSSF 
>
+
+
+
+
+### Key Resources
+- Coordinatd Vulnerability Disclosure (CVD) Guides [link](https://github.com/ossf/oss-vulnerability-guide)
+- Tabletop Exercise Resources [link](https://github.com/ossf/wg-vulnerability-disclosures/tree/main/docs/TTX)
+- Open Source Vulnerability (OSV) schema) [link](https://github.com/ossf/osv-schema)
+- OpenVEX schema & tools [link](https://github.com/ossf/OpenVEX)
+- Guide for Open Source Projects to become a CNA [link](https://github.com/ossf/wg-vulnerability-disclosures/blob/main/docs/guides/becoming-a-cna-as-an-open-source-org-or-project.md)
+- SIREN Mailing List [link](https://github.com/ossf/wg-vulnerability-disclosures/blob/main/docs/SIREN/siren-FAQ.md)
+
+### Sub-groups
+- OpenVEX SIG - [link](https://github.com/ossf/OpenVEX)
+
+
+
+### Leads
+- WG - Madison Oliver (Github) & CRob (OpenSSF)
+- OpenVEX - Puerco (Stacklock)
+- OSV - Adrew Pollock (Google)
+
+## Activity
+### General Working Group Activities
+- Preparation for abstracts for 2025 VulnCon conference - https://www.first.org/conference/vulncon2025/cfp
+- Discussion on adoption of Advise software - https://github.com/ossf/wg-vulnerability-disclosures/issues/152
+- VEX discussions
+
+
+### CVD Guides
+#### Purpose
+- Best practices guides forcused on assorted OSS personas explaining how to have more effective coorindated vulnerability disclosure processes.
+#### Current Status
+- nothing at this time
+#### Up Next
+- Planning on creating CVD Guide for OSS Consumers document Q4/Q12025
+
+### Tabletop Exercises
+#### Purpose
+- To share best practices on how to plan and run effective cybersecurity tabletop exercises and conducting mock disasters.
+#### Current Status
+- Ran our TTX at OSS-JP SOSS Community Day
+#### Up Next
+-
+
+### OpenVEX
+#### Purpose
+- A group dedicated to the transparent sharing of vulnerability data through open formats, like VEX, so that participatants throughout the open source software supply chain have clear signals and better understanding of the impact of security vulnerabilities to the software and components they produce, depend upon, consumer, and deliver.
+#### Current Status
+-
+#### Up Next
+-
+
+### OSV
+#### Purpose
+- The OSV schema provides a human and machine readable data format to describe vulnerabilities in a way that precisely maps to open source package versions or commit hashes.
+#### Current Status
+-
+#### Up Next
+-
+
+
+
+## Previous Updates
+[June 2024](https://docs.google.com/presentation/d/1hW_Zp46xBoCRsOUtNM8EUwTQpnDU9MssoE0JEqvkkZg/)
+[Mar 2024](https://docs.google.com/presentation/d/1uSVAdO0QN8KItM_0sYcwsoNiKytM1Sa0effEPL_fNaw)
From c5e56ea15c7eb4ba2c3ccdd3fbcdebc8c18dcced Mon Sep 17 00:00:00 2001
From: CRob <69357996+SecurityCRob@users.noreply.github.com>
Date: Mon, 11 Nov 2024 13:28:23 -0500
Subject: [PATCH 2/9] Update TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
Co-authored-by: Andrew Pollock
Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
---
TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
index 0acc58d9..e57e6679 100644
--- a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
+++ b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
@@ -10,7 +10,7 @@ The Vulnerability Disclosure Working group is officially a [Graduated-level](htt
### Key Resources
-- Coordinatd Vulnerability Disclosure (CVD) Guides [link](https://github.com/ossf/oss-vulnerability-guide)
+- Coordinated Vulnerability Disclosure (CVD) Guides [link](https://github.com/ossf/oss-vulnerability-guide)
- Tabletop Exercise Resources [link](https://github.com/ossf/wg-vulnerability-disclosures/tree/main/docs/TTX)
- Open Source Vulnerability (OSV) schema) [link](https://github.com/ossf/osv-schema)
- OpenVEX schema & tools [link](https://github.com/ossf/OpenVEX)
From 1ee073d6bf954da1113f0922ff54e18780ba9d0b Mon Sep 17 00:00:00 2001
From: CRob <69357996+SecurityCRob@users.noreply.github.com>
Date: Mon, 11 Nov 2024 13:28:31 -0500
Subject: [PATCH 3/9] Update TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
Co-authored-by: Andrew Pollock
Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
---
TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
index e57e6679..cdfabf0c 100644
--- a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
+++ b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
@@ -25,7 +25,7 @@ The Vulnerability Disclosure Working group is officially a [Graduated-level](htt
### Leads
- WG - Madison Oliver (Github) & CRob (OpenSSF)
- OpenVEX - Puerco (Stacklock)
-- OSV - Adrew Pollock (Google)
+- OSV - Oliver Chang (Google)
## Activity
### General Working Group Activities
From 3171666b73ebdbeb0d1e6a5ff419a66b665baf4c Mon Sep 17 00:00:00 2001
From: CRob <69357996+SecurityCRob@users.noreply.github.com>
Date: Mon, 11 Nov 2024 13:28:36 -0500
Subject: [PATCH 4/9] Update TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
Co-authored-by: Andrew Pollock
Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
---
TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
index cdfabf0c..7e3d8257 100644
--- a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
+++ b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
@@ -36,7 +36,7 @@ The Vulnerability Disclosure Working group is officially a [Graduated-level](htt
### CVD Guides
#### Purpose
-- Best practices guides forcused on assorted OSS personas explaining how to have more effective coorindated vulnerability disclosure processes.
+- Best practices guides focused on assorted OSS personas explaining how to have more effective coordinated vulnerability disclosure processes.
#### Current Status
- nothing at this time
#### Up Next
From af75b2e50c40d58183e605657f243f472cafb877 Mon Sep 17 00:00:00 2001
From: CRob <69357996+SecurityCRob@users.noreply.github.com>
Date: Mon, 11 Nov 2024 13:28:47 -0500
Subject: [PATCH 5/9] Update TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
Co-authored-by: Madison Oliver
Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
---
TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
index 7e3d8257..2f8d486f 100644
--- a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
+++ b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
@@ -12,7 +12,7 @@ The Vulnerability Disclosure Working group is officially a [Graduated-level](htt
### Key Resources
- Coordinated Vulnerability Disclosure (CVD) Guides [link](https://github.com/ossf/oss-vulnerability-guide)
- Tabletop Exercise Resources [link](https://github.com/ossf/wg-vulnerability-disclosures/tree/main/docs/TTX)
-- Open Source Vulnerability (OSV) schema) [link](https://github.com/ossf/osv-schema)
+- Open Source Vulnerability (OSV) schema [link](https://github.com/ossf/osv-schema)
- OpenVEX schema & tools [link](https://github.com/ossf/OpenVEX)
- Guide for Open Source Projects to become a CNA [link](https://github.com/ossf/wg-vulnerability-disclosures/blob/main/docs/guides/becoming-a-cna-as-an-open-source-org-or-project.md)
- SIREN Mailing List [link](https://github.com/ossf/wg-vulnerability-disclosures/blob/main/docs/SIREN/siren-FAQ.md)
From 9b2a713631ecdccc11058b23f6a4bd332ca9ddbe Mon Sep 17 00:00:00 2001
From: CRob <69357996+SecurityCRob@users.noreply.github.com>
Date: Tue, 26 Nov 2024 16:27:49 -0500
Subject: [PATCH 6/9] Update TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
Co-authored-by: Arnaud J Le Hors
Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
---
TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
index 2f8d486f..0213d64b 100644
--- a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
+++ b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
@@ -10,12 +10,12 @@ The Vulnerability Disclosure Working group is officially a [Graduated-level](htt
### Key Resources
-- Coordinated Vulnerability Disclosure (CVD) Guides [link](https://github.com/ossf/oss-vulnerability-guide)
-- Tabletop Exercise Resources [link](https://github.com/ossf/wg-vulnerability-disclosures/tree/main/docs/TTX)
-- Open Source Vulnerability (OSV) schema [link](https://github.com/ossf/osv-schema)
-- OpenVEX schema & tools [link](https://github.com/ossf/OpenVEX)
-- Guide for Open Source Projects to become a CNA [link](https://github.com/ossf/wg-vulnerability-disclosures/blob/main/docs/guides/becoming-a-cna-as-an-open-source-org-or-project.md)
-- SIREN Mailing List [link](https://github.com/ossf/wg-vulnerability-disclosures/blob/main/docs/SIREN/siren-FAQ.md)
+- [Coordinated Vulnerability Disclosure (CVD) Guides](https://github.com/ossf/oss-vulnerability-guide)
+- [Tabletop Exercise Resources](https://github.com/ossf/wg-vulnerability-disclosures/tree/main/docs/TTX)
+- [Open Source Vulnerability (OSV) schema](https://github.com/ossf/osv-schema)
+- [OpenVEX schema & tools](https://github.com/ossf/OpenVEX)
+- [Guide for Open Source Projects to become a CNA](https://github.com/ossf/wg-vulnerability-disclosures/blob/main/docs/guides/becoming-a-cna-as-an-open-source-org-or-project.md)
+- [SIREN Mailing List](https://github.com/ossf/wg-vulnerability-disclosures/blob/main/docs/SIREN/siren-FAQ.md)
### Sub-groups
- OpenVEX SIG - [link](https://github.com/ossf/OpenVEX)
From bc079e77ca57cc840e4169c40b02c1f5a0b77e55 Mon Sep 17 00:00:00 2001
From: CRob <69357996+SecurityCRob@users.noreply.github.com>
Date: Tue, 26 Nov 2024 16:27:58 -0500
Subject: [PATCH 7/9] Update TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
Co-authored-by: Arnaud J Le Hors
Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
---
TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
index 0213d64b..15760ecd 100644
--- a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
+++ b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
@@ -18,7 +18,7 @@ The Vulnerability Disclosure Working group is officially a [Graduated-level](htt
- [SIREN Mailing List](https://github.com/ossf/wg-vulnerability-disclosures/blob/main/docs/SIREN/siren-FAQ.md)
### Sub-groups
-- OpenVEX SIG - [link](https://github.com/ossf/OpenVEX)
+- [OpenVEX SIG](https://github.com/ossf/OpenVEX)
From daf34b18f25492bd88830f554ef91d24233ec966 Mon Sep 17 00:00:00 2001
From: CRob <69357996+SecurityCRob@users.noreply.github.com>
Date: Mon, 2 Dec 2024 12:52:38 -0500
Subject: [PATCH 8/9] Update 2024-Q4-VULN-WG.md
Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com>
---
TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
index 15760ecd..baca2e09 100644
--- a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
+++ b/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
@@ -54,7 +54,7 @@ The Vulnerability Disclosure Working group is officially a [Graduated-level](htt
#### Purpose
- A group dedicated to the transparent sharing of vulnerability data through open formats, like VEX, so that participatants throughout the open source software supply chain have clear signals and better understanding of the impact of security vulnerabilities to the software and components they produce, depend upon, consumer, and deliver.
#### Current Status
--
+- No updates at this time
#### Up Next
-
@@ -62,7 +62,7 @@ The Vulnerability Disclosure Working group is officially a [Graduated-level](htt
#### Purpose
- The OSV schema provides a human and machine readable data format to describe vulnerabilities in a way that precisely maps to open source package versions or commit hashes.
#### Current Status
--
+- No Updates at this time
#### Up Next
-
From 9b60fdd62c9866b2465eb15ab89fe5cb77733238 Mon Sep 17 00:00:00 2001
From: Zach Steindler
Date: Tue, 21 Jan 2025 10:39:11 -0500
Subject: [PATCH 9/9] Fix file path
Signed-off-by: Zach Steindler
---
TI-reports/2024/{TI-reports/2024 => }/2024-Q4-VULN-WG.md | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename TI-reports/2024/{TI-reports/2024 => }/2024-Q4-VULN-WG.md (100%)
diff --git a/TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md b/TI-reports/2024/2024-Q4-VULN-WG.md
similarity index 100%
rename from TI-reports/2024/TI-reports/2024/2024-Q4-VULN-WG.md
rename to TI-reports/2024/2024-Q4-VULN-WG.md