One of the big challenges in software security is identifying and communicating security-relevant information. Where is a project’s support lifecycle documented? Who are the security contacts? Does the development follow good security practices? OpenSSF’s new ORBIT Working Group provides a home for projects that develop and maintain interoperable resources for the identification and presentation of this type of security-relevant data.

ORBIT currently houses three projects: the Open Source Project Security Baseline, Security Insights, and Open Source Project Security Assessments. Together, this working group helps open source maintainers easily define security metadata and share it downstream in meaningful ways.