Dubbed OpenSSF Siren, the threat intelligence sharing group aims to 'aggregate and disseminate threat intelligence' to provide real-time security warning bulletins and deliver a community-driven knowledge base.
The goal of SIREN is to complement and augment existing channels of information, such as project blogs and advisories and critical mailing lists such as the oss-security for broader audiences.
Among the items OpenSSF hopes will be shared on Siren are tactics, techniques, and procedures being used by those who attack open source software, plus indicators of compromise associated with recent incidents.
The Foundation doesn't intend Siren to be a place to disclose new flaws, instead intending it to serve as a 'post-disclosure means of keeping the community informed of threats and activities after the initial sharing and coordination.'
[
add
]
[
|
|
...
]