From 29991611deae181cb5d3760b10947e4d297e76a8 Mon Sep 17 00:00:00 2001 From: CyberJiuJiteira <107970777+Cyber-JiuJiteria@users.noreply.github.com> Date: Mon, 2 Mar 2026 11:25:26 -0500 Subject: [PATCH 1/6] Add 2026 Q1 BEAR WG report This document outlines the activities, progress, and plans of the BEAR Working Group for Q1 2026, including community engagement, mentorship programs, and strategic initiatives. Signed-off-by: CyberJiuJiteira <107970777+Cyber-JiuJiteria@users.noreply.github.com> --- TI-reports/2026/2026-Q1-BEAR-WG.md | 111 +++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 TI-reports/2026/2026-Q1-BEAR-WG.md diff --git a/TI-reports/2026/2026-Q1-BEAR-WG.md b/TI-reports/2026/2026-Q1-BEAR-WG.md new file mode 100644 index 00000000..455b2288 --- /dev/null +++ b/TI-reports/2026/2026-Q1-BEAR-WG.md @@ -0,0 +1,111 @@ +Q4 Link: https://github.com/ossf/tac/blob/main/TI-reports/2025/2025-Q4-BEST-WG.md +# 2026 Q1 BEAR WG + +*Chairs* : [Marcela Melara](https://github.com/marcelamelara), [Yesenia Yser](https://github.com/Cyber-JiuJiteria) and [Jay White](https://github.com/camaleon2016) + +## Overview +The BEAR WG continues our mission to increase representation and strengthen the overall effectiveness of the cybersecurity workforce. The WG continues to see relatively low regular attendance in meetings (5 attendees on avg), we are seeing increased engagement on Slack. + +Over the past quarter, we've made progress in these areas: +* We hosted two Welcome calls - OpenSSF & its ecosystem in January and AI/ML working group on Feb 26. The January welcome call has been used for new members that have introduced themselves in the general channel as a starting point for their journey. +* Part [three](https://openssf.org/blog/2025/12/12/from-beginner-to-builder-free-openssf-and-linux-foundation-education-courses/) of the 3-pt series blog has been released. Written by Sal Kimmich and Ejiro Oghenekome called “From Beginner to Builder:Your First Code Contribution“ +* Based on the efforts of our welcome call (shown above) and the Beginner to Contributor blogs, we began noticing more folks are referring to these resources when someone mentions on the general channel that they are new. +* OSSAfrica is officially a SIG under the BEAR working group! +* Wrote an OpenSSF guest blog post highlighting OSSAfrica’s formation, vision and mission ([link](https://openssf.org/blog/2026/01/22/strengthening-open-source-security-through-community-introducing-ossafrica/)) +* CTI ([Computing Talent Initiative](https://computingtalentinitiative.org/)) is working with the BEAR group to start content tutorials on how to onboard OSS projects starting with OpenBao. +* Started Summer 2026 Mentorship Program with 4+ projects, doubling the number of projects since last year! +* Due to lack of attendance and volunteers, we will shelve the [Tip of the Months](https://docs.google.com/document/d/1b_lhG_M0N9ExltfGOQebldnVCbGTzwx5aR-8itqfEAs/edit?tab=t.0#heading=h.639rwkkwm4ka) effort on collaborating with the working groups for quotes and links to their projects. +* Our next Welcome Call on March 26 will introduce the Global Cyber Policy WG, bringing awareness to the efforts from the working group. + +## Community Office Hours +### Purpose +Our Community Welcome Calls are a monthly event in which we highlight maintainers and/or contributors from open source projects working groups to talk about their project. The goal is to allow for information sharing for new members to understand the project, current efforts, where the project needs help, and how to connect. Each month, we aim to host diverse projects to help spread the awareness of our OSS projects. +### Current Status +We have changed direction from Office Hours to Welcome calls from Nov 2025 to this year. We had a dwindling attendance to the Office Hours and wanted to provide useful resources to the OpenSSF project for their onboarding projects, while also sharing the voices and journey of our community: +* November 13 2025: Open Source & Security Africa Overview & Updates ([YouTube](https://youtu.be/Foggp8Gm5mc?si=AlZkrYHS6u1uuqWm)) +* January 29 2026: Welcome Call: OpenSSF & it’s ecosystem ([YouTube](https://youtu.be/IG5mS-XSSfA?si=zVLi_GqhA4isRwie)) +* February 26 2026: Welcome Call: AI/ML working group ([YouTube](https://youtu.be/eVdB4EqRVf4?si=Eq3oBv10TzEgPlIM)) + +### Up Next + +In the remainder of Q1 2026, we are planning the following Community Welcome Calls: +* March 26: Global Cyber Policy Working Group +* April: BEAR Working Group +* May: ORBIT Working Group + +## Panel Discussions at Major Conferences +### Purpose +Members of the OpenSSF BEAR WG community host panel discussions at major industry conferences to raise awareness about the WG and to engage with folks beyond the OpenSSF. A primary goal of the discussions is for panelists to share their experiences and advice for newcomers to the OSS and cybersecurity space. +### Current Status +BEAR working group’s panel called “BEAR-ing Fruit: A Year of Learning, Mentorship, and Community Building in Open Source Security” was accepted at OpenSSF Community Day. We are waiting to hear back from OSSNA. + +## Open Source & Security Africa (OSSAfrica) SIG +### Purpose +The mission of BEAR is to foster a more diverse and inclusive cybersecurity workforce by implementing strategies to increase representation and enhance effectiveness through advocacy, collaboration, and tailored initiatives. Our biggest contributors for this working group have come from communities in Africa seeking to expand OpenSSF and OSS into their communities, making this more accessible and aware to their colleagues. +### Overview +Following its approval as a Special Interest Group under the OpenSSF BEAR Working Group, OSSAfrica has focused on establishing a strong operational community foundation. Our efforts this quarter prioritized initial setup, community alignment, and positioning OSSAfrica for sustainable execution and growth. + +### Key Accomplishments + +#### 1. SIG Formation and Alignment + +* Successfully approved and onboarded as an official OpenSSF SIG under the BEAR Working Group +* Established a working relationship with BEAR WG leads, OpenSSF Operations, and OpenSSF Marketing +* Initiated recurring public OSSAfrica SIG meetings (weekly cadence) + +#### 2. Community Infrastructure + +* Launched OSSAfrica’s community platforms: +* Created a public Discord server for collaboration and onboarding +* We created the OSSAfrica SIG slack channel with aid of OpenSSF Operations team +* Designed initial set of brand assets and +* We are actively developing the OSSAfrica website +* GitHub organization for documentation, governance, and project work +* Created linkedIn and other social media pages for outreach and visibility + +#### 3. Ecosystem Engagement and Visibility + +* Wrote an OpenSSF guest blog post highlighting OSSAfrica’s formation, vision and mission +* Community members, Prince and Ejiro, spoke on OpenSSF Whats In The Source podcast mentioning OSSAfrica as an emerging community +* Initiated collaboration and relationship-building with existing tech communities across Africa +* Coordinated with OpenSSF Operations and Marketing for guidance on branding, calendar integration, and SIG setup best practices + +#### 4. Planning and Strategic Alignment + +* Conducted initial roadmap discussions and prioritization exercises +* Began aligning SIG activities around realistic capacity, impact, and traction +* Initiated review and prioritization of conferences, events, and speaking opportunities for the year to ensure focused external engagement + +### Current Focus Areas +* We have a core team of 10+ active community members who have come together to coordinate their efforts in OSSAfrica expansion. +* Hosting both virtual and In-person events to bring awareness to OpenSSF and OSSAfrica initiatives +* The members have been meeting weekly and are working on establishing a partnership with the following communities: Codetopia Community, CyberStorm Mauritius, CodeRoots Africa, and Afro Tech Adventurers to foster open source awareness and external collaboration. +* Strengthening contributor onboarding and participation pathways. +* Expanding partnerships with African and global open source communities +* Increasing OSSAfrica’s visibility and representation within OpenSSF initiatives + +### OSSAfrica Up Next +We have also started discussions about OpenSSF sponsorship and participation in [OSCAFEST](https://festival.oscafrica.org/) or [AfricaCyberFest](https://africacyberfest.com/) in 2026. The WG plans to prepare CFP submission at one or both of these conferences as well. + +## 2026 WG Roadmap Planning +While we've gotten positive feedback about the current meetings the BEAR WG hosts, we hope to continue hosting OpenSSF Welcome Calls to highlight OpenSSF projects and establish more community-specific Slack channels in 2026. The team has also kicked off funding request to the TAC to fund 8 mentees for the Summer LF mentorship project to work with 4 confirmed OSS projects. + +### Summer ‘26 Mentorship +Hands-on experience and contributions to OSS projects are a major advantage for obtaining a job in SWE and/or cybersecurity. At the same time, mentoring and coaching experiences are increasingly viewed as important leadership skills in tech jobs. Programs like the LFX Mentorship are one way to offer these experiences and opportunities. We will like to fund 8 mentees (double the number of mentees from last year). We have two repeat projects – RSTUF and gittuf – with returning mentees as mentors. + +Current Participating Projects: RSTUF, gittuf, SBOMit, Minder + +### CTI Tutorials +CTI ([Computing Talent Initiative](https://computingtalentinitiative.org/)) is working with the BEAR group to start content tutorials on how to onboard OSS projects starting with OpenBao. The initiative includes onboarding documents from presentation, video tutorials, and additional getting involved links that can become a playbook for OSS projects and provided to OSS projects as a way to help newcomers understand the projects. + +### Funding requests +We are not planning to submit any funding requests to the TAC in Q2. We thank the TAC for supporting the second iteration of the Summer Mentorship program! + +## Questions/Issues for the TAC + +For our BEAR office hours, we welcome suggestions on topics and speakers for next year, guidance and advice for the Open Source & Security Africa group, as well as your continuous support and event sharing of the BEAR working group activities. + +## Additional Information + +As our final remark, the BEAR co-leads, Marcela and Yesenia, are growing their families and having their very own cubs this summer. We welcome assistance in finding interim co-leads as we get the newest additions to the OpenSSF community onboarded as their own project maintainers. + From 213de51d6ca25d573180f497c5cda32be1603331 Mon Sep 17 00:00:00 2001 From: Marcela Melara Date: Mon, 16 Mar 2026 18:36:16 -0700 Subject: [PATCH 2/6] Apply suggestions from code review Co-authored-by: Marcela Melara Signed-off-by: Marcela Melara --- TI-reports/2026/2026-Q1-BEAR-WG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/TI-reports/2026/2026-Q1-BEAR-WG.md b/TI-reports/2026/2026-Q1-BEAR-WG.md index 455b2288..d5e65204 100644 --- a/TI-reports/2026/2026-Q1-BEAR-WG.md +++ b/TI-reports/2026/2026-Q1-BEAR-WG.md @@ -8,7 +8,7 @@ The BEAR WG continues our mission to increase representation and strengthen the Over the past quarter, we've made progress in these areas: * We hosted two Welcome calls - OpenSSF & its ecosystem in January and AI/ML working group on Feb 26. The January welcome call has been used for new members that have introduced themselves in the general channel as a starting point for their journey. -* Part [three](https://openssf.org/blog/2025/12/12/from-beginner-to-builder-free-openssf-and-linux-foundation-education-courses/) of the 3-pt series blog has been released. Written by Sal Kimmich and Ejiro Oghenekome called “From Beginner to Builder:Your First Code Contribution“ +* Part [three](https://openssf.org/blog/2025/12/12/from-beginner-to-builder-free-openssf-and-linux-foundation-education-courses/) of the 3-pt series blog has been released. Written by Sal Kimmich and Ejiro Oghenekome called "From Beginner to Builder: Your First Code Contribution" * Based on the efforts of our welcome call (shown above) and the Beginner to Contributor blogs, we began noticing more folks are referring to these resources when someone mentions on the general channel that they are new. * OSSAfrica is officially a SIG under the BEAR working group! * Wrote an OpenSSF guest blog post highlighting OSSAfrica’s formation, vision and mission ([link](https://openssf.org/blog/2026/01/22/strengthening-open-source-security-through-community-introducing-ossafrica/)) @@ -103,7 +103,7 @@ We are not planning to submit any funding requests to the TAC in Q2. We thank th ## Questions/Issues for the TAC -For our BEAR office hours, we welcome suggestions on topics and speakers for next year, guidance and advice for the Open Source & Security Africa group, as well as your continuous support and event sharing of the BEAR working group activities. +For our BEAR Welcome Calls, we welcome suggestions on topics and speakers for next year, guidance and advice for the Open Source & Security Africa group, as well as your continuous support and event sharing of the BEAR working group activities. ## Additional Information From 5621df3e3cc52c4939cba462aaff61c07014bb2f Mon Sep 17 00:00:00 2001 From: CyberJiuJiteira <107970777+Cyber-JiuJiteria@users.noreply.github.com> Date: Mon, 6 Jul 2026 18:08:26 -0400 Subject: [PATCH 3/6] 2026 Q3 BEAR WG report Updated the 2026 Q3 BEAR WG report with current status, upcoming events, and changes in leadership roles. Signed-off-by: CyberJiuJiteira <107970777+Cyber-JiuJiteria@users.noreply.github.com> --- TI-reports/2026/2026-Q3-BEAR-WG.md | 100 +++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 TI-reports/2026/2026-Q3-BEAR-WG.md diff --git a/TI-reports/2026/2026-Q3-BEAR-WG.md b/TI-reports/2026/2026-Q3-BEAR-WG.md new file mode 100644 index 00000000..52b828fd --- /dev/null +++ b/TI-reports/2026/2026-Q3-BEAR-WG.md @@ -0,0 +1,100 @@ +# 2026 Q3 BEAR WG +[Q2 2026 TAC report - not yet merged](https://github.com/ossf/tac/pull/611) + +## Overview + +The BEAR WG continues our mission to increase representation and strengthen the overall effectiveness of the cybersecurity workforce. The WG continues to see relatively low regular attendance in meetings (3 attendees on avg) since moving to the new time of Wednesday at 11am ET to support the new interim co-leads. Slack engagement has also been reduced since the OpenSSF Africa left and now we are running the OpenSSF Africa SIG. +Over the past quarter, we've made progress in these areas: +* No Welcome calls have been hosted since March 26. We have July-Sept planned out with confirmed groups. +* Summer 2026 mentorship program is in full swing with mentee evaluations due on July 10. +* OSSAfrica SIG has been rebranded to OpenSSF Africa SIG with 3 co-leads, Ejiro, Ijeoma, and Harmony marching forward to support. +* Interim co-leads, Sal and Ejiro, have started to assist and collaborate towards OpenSSF Africa SIG. +* Major strides have been accomplished by the OpenSSF Africa SIG with various proposal, blog series and workshops ideas, and a blog post from their experience in AfricaCyberFest, pending Marketing review +* OpenSSF Africa working towards a sponsored spot at the KCDNigeria conference. + +## Welcome Calls +### Purpose +Our Welcome Calls are a monthly event in which we highlight maintainers and/or contributors from OpenSSF Projects or working groups to talk about their initiative. The goal is to allow for information sharing for new members to understand the initiative, current efforts, where the TI needs help, and how to connect. Each month, we aim to host diverse TIs to help spread the awareness of OpenSSF WGs and Projects. +### Current Status +We have unfortunately been unable to engage with other working groups interested in participating in the Welcome Calls from April-June. As the calls have been conflicting with conference dates and other priorities. +### Up Next +Below is our current schedule for the upcoming Welcome Calls with agreed OpenSSF WGs and Projects. + +* July 23 - OpenSSF Africa +* August 27 - Summer Mentorship Showcase +* Sept 24 - DevRel + +We will continue to look for groups to participate in October and November. +## OpenSSF Mentorship Program +### Purpose +Hands-on experience and contributions to OSS projects are a major advantage for obtaining a job in SWE and/or cybersecurity. At the same time, mentoring and coaching experiences are increasingly viewed as important leadership skills in tech jobs. The OpenSSF Mentorship Program (via LFX) offers these experiences and opportunities to students and individuals from underrepresented groups to boost the skills they need to enter the cybersecurity workforce, and to OpenSSF project maintainers wishing to grow their community by mentoring rising developers. +### Current Status +* We are aiming towards the half-way mark with the Mentorship and still hosting 8 mentees. +* Mentee evaluations are underway with mentors having a deadline of July 10 to complete the evaluation. +* Sal and Ejiro have been granted access to the mentorship channel to support and coordinate the August Welcome Call. +### Up Next +* Mentorship to run June 1-August 21 (12 weeks) +* Mentees will showcase their projects during the August Welcome Call (coordinated by Sal and Ejiro) +* Kate and Yesenia will follow up while Marcela is out June-August. +* Kate will support once Yesenia is out in August. +## Conference Participation +### Purpose +Members of the OpenSSF BEAR WG community present talks and panel discussions at major industry conferences to raise awareness about the WG and to engage with folks beyond the OpenSSF. A primary goal of the talks and panels is to share their experiences and advice for newcomers to the OSS and cybersecurity space. +### Current Status +We had two talks accepted at OSS NA + OpenSSF Community Day, presented by Marcela: +* OSSNA: BEAR-ing Fruit: How OpenSSF’s Working Group Is Diversifying Open Source Security +* OpenSSF Keynote: BEAR-ing Fruit: A Year of Learning, Mentorship, and Community Building in Open Source Security +* As well as hosted a BEAR Lunch Meetup on Wednesday during OSS NA. + +OpenSSF Africa +* held a booth at AfricaCyberFest and presented their talk during the conference about OSS in Africa. +* Working towards a sponsorship package with the Kubernetes Community Day (KCD) in Nigeria in Oct 2026 - goal is to get a booth, speaker slot, and community shout out. +* Sal and Ejiro are working on a CFP for OpenSSF Community Day Europe (Prague) + +DevRel +* Spoke at and attended the OSSNA and UN Open Source Week + + +### Up Next +Most conference participation for the remainder of the year will flow through the OpenSSF Africa and DelRev SIGs. We will revisit conferences in the later part of 2026 and early 2027. +## OpenSSF Africa SIG +### Purpose +The SIG is dedicated to fostering collaboration, education, and innovation in open source software and cybersecurity throughout Africa. Our goal is to empower African developers, security professionals, and enthusiasts to contribute to and benefit from the global open source ecosystem. +### Current Status +Throughout Q3, the SIG: +* SIG was rebranded as OpenSSF Africa SIG, after initial SIG leads left. +* New co-leads are all from Nigeria region: Ejiro, Ijeoma, and Harmony. +* Team has worked together to generate the following proposals and strategy for the next steps of OpenSSF Africa + * MSVR Strategy proposal for OpenSSF Africa structure + * Research proposal to uncover missing gaps and information about OSS in Africa + * This has been shared with David Wheeler and we are looking at reaching out to other organizations to help fund the research +* Blog post in draft and to be reviewed by Marketing for their involvement with Africa CyberFest +* KCD Nigeria - Harmony is working with the conference committee to negotiate a sponsorship award that will grant OpenSSF Africa a booth, speaker slot, social media shoutout, breakout session, and potentially a hackathon. Working with Stacey on budgets and negotiation ask. +### Up Next +* Generate a blog series of the various OpenSSF projects - targeting exposure to several Africa regions including Nigeria and Gambia +* Sal and Ejiro are working on a CFP for OpenSSF Community Day Europe (Prague) + +## DevRel SIG +### Purpose +Demonstrate the value proposition of making developer's lives easier and reduce perceived workload of OpenSSF +* Increase community engagement with OpenSSF Technical Initiatives and Events. +* Increase awareness and visibility of OpenSSF, its projects, tools, initiatives. +* Increase non-member contributions / participation +* Increase adoption + +### Current Status + +* Two sessions from DevRel community members (Katherine Druckman (JetBrains), Stacey Potter (OpenSSF), Tabatha DiDomenico (G-Research), Kadi McKean (ReversingLabs)) at cdCon (May 18–20, Minneapolis), both Room 200C, Tuesday May 19: +* Bring Your Lunch, We'll Bring Our Notebooks: Securing Software Workflows — 12:45pm CDT — Open-floor feedback session with project maintainers in the room — no slides, no pitches. +Security Things: How OpenSSF's Technical Initiatives Keep You Safe From the Upside Down! — 2:10pm CDT — Real supply chain problems mapped to OpenSSF solutions, with lightning-round demos from Working Group Leads and Project Maintainers.. +### Up Next +* DevRel community meeting July 9 11:30am ET +* They continue to work on their list of CFPs to submit for conferences +## Questions/Issues for the TAC +* Welcome Calls: We have been struggling to get responses from other WGs willing to host a Welcome Call. Would love the TAC’s help in promoting these as part of our more general community onboarding resources. +## Additional Information +* Reminder: + * Marcela has stepped away for parental leave + * Yesenia is planning to go on parental leave targeting August 14 + * With the 3 meeting gap between Yesenia leaving and Marcela returning, our goal is to keep the BEAR WGs with Ejiro and Sal serving as interim co-chairs to support the August mentorship showcase and have a channel for OpenSSF Africa to communicate through. + From 5f83dd99ddfcd6071c29e56df7bf495c86040449 Mon Sep 17 00:00:00 2001 From: CyberJiuJiteira <107970777+Cyber-JiuJiteria@users.noreply.github.com> Date: Mon, 6 Jul 2026 18:14:12 -0400 Subject: [PATCH 4/6] Delete TI-reports/2026/2026-Q3-BEAR-WG.md Signed-off-by: CyberJiuJiteira <107970777+Cyber-JiuJiteria@users.noreply.github.com> --- TI-reports/2026/2026-Q3-BEAR-WG.md | 100 ----------------------------- 1 file changed, 100 deletions(-) delete mode 100644 TI-reports/2026/2026-Q3-BEAR-WG.md diff --git a/TI-reports/2026/2026-Q3-BEAR-WG.md b/TI-reports/2026/2026-Q3-BEAR-WG.md deleted file mode 100644 index 52b828fd..00000000 --- a/TI-reports/2026/2026-Q3-BEAR-WG.md +++ /dev/null @@ -1,100 +0,0 @@ -# 2026 Q3 BEAR WG -[Q2 2026 TAC report - not yet merged](https://github.com/ossf/tac/pull/611) - -## Overview - -The BEAR WG continues our mission to increase representation and strengthen the overall effectiveness of the cybersecurity workforce. The WG continues to see relatively low regular attendance in meetings (3 attendees on avg) since moving to the new time of Wednesday at 11am ET to support the new interim co-leads. Slack engagement has also been reduced since the OpenSSF Africa left and now we are running the OpenSSF Africa SIG. -Over the past quarter, we've made progress in these areas: -* No Welcome calls have been hosted since March 26. We have July-Sept planned out with confirmed groups. -* Summer 2026 mentorship program is in full swing with mentee evaluations due on July 10. -* OSSAfrica SIG has been rebranded to OpenSSF Africa SIG with 3 co-leads, Ejiro, Ijeoma, and Harmony marching forward to support. -* Interim co-leads, Sal and Ejiro, have started to assist and collaborate towards OpenSSF Africa SIG. -* Major strides have been accomplished by the OpenSSF Africa SIG with various proposal, blog series and workshops ideas, and a blog post from their experience in AfricaCyberFest, pending Marketing review -* OpenSSF Africa working towards a sponsored spot at the KCDNigeria conference. - -## Welcome Calls -### Purpose -Our Welcome Calls are a monthly event in which we highlight maintainers and/or contributors from OpenSSF Projects or working groups to talk about their initiative. The goal is to allow for information sharing for new members to understand the initiative, current efforts, where the TI needs help, and how to connect. Each month, we aim to host diverse TIs to help spread the awareness of OpenSSF WGs and Projects. -### Current Status -We have unfortunately been unable to engage with other working groups interested in participating in the Welcome Calls from April-June. As the calls have been conflicting with conference dates and other priorities. -### Up Next -Below is our current schedule for the upcoming Welcome Calls with agreed OpenSSF WGs and Projects. - -* July 23 - OpenSSF Africa -* August 27 - Summer Mentorship Showcase -* Sept 24 - DevRel - -We will continue to look for groups to participate in October and November. -## OpenSSF Mentorship Program -### Purpose -Hands-on experience and contributions to OSS projects are a major advantage for obtaining a job in SWE and/or cybersecurity. At the same time, mentoring and coaching experiences are increasingly viewed as important leadership skills in tech jobs. The OpenSSF Mentorship Program (via LFX) offers these experiences and opportunities to students and individuals from underrepresented groups to boost the skills they need to enter the cybersecurity workforce, and to OpenSSF project maintainers wishing to grow their community by mentoring rising developers. -### Current Status -* We are aiming towards the half-way mark with the Mentorship and still hosting 8 mentees. -* Mentee evaluations are underway with mentors having a deadline of July 10 to complete the evaluation. -* Sal and Ejiro have been granted access to the mentorship channel to support and coordinate the August Welcome Call. -### Up Next -* Mentorship to run June 1-August 21 (12 weeks) -* Mentees will showcase their projects during the August Welcome Call (coordinated by Sal and Ejiro) -* Kate and Yesenia will follow up while Marcela is out June-August. -* Kate will support once Yesenia is out in August. -## Conference Participation -### Purpose -Members of the OpenSSF BEAR WG community present talks and panel discussions at major industry conferences to raise awareness about the WG and to engage with folks beyond the OpenSSF. A primary goal of the talks and panels is to share their experiences and advice for newcomers to the OSS and cybersecurity space. -### Current Status -We had two talks accepted at OSS NA + OpenSSF Community Day, presented by Marcela: -* OSSNA: BEAR-ing Fruit: How OpenSSF’s Working Group Is Diversifying Open Source Security -* OpenSSF Keynote: BEAR-ing Fruit: A Year of Learning, Mentorship, and Community Building in Open Source Security -* As well as hosted a BEAR Lunch Meetup on Wednesday during OSS NA. - -OpenSSF Africa -* held a booth at AfricaCyberFest and presented their talk during the conference about OSS in Africa. -* Working towards a sponsorship package with the Kubernetes Community Day (KCD) in Nigeria in Oct 2026 - goal is to get a booth, speaker slot, and community shout out. -* Sal and Ejiro are working on a CFP for OpenSSF Community Day Europe (Prague) - -DevRel -* Spoke at and attended the OSSNA and UN Open Source Week - - -### Up Next -Most conference participation for the remainder of the year will flow through the OpenSSF Africa and DelRev SIGs. We will revisit conferences in the later part of 2026 and early 2027. -## OpenSSF Africa SIG -### Purpose -The SIG is dedicated to fostering collaboration, education, and innovation in open source software and cybersecurity throughout Africa. Our goal is to empower African developers, security professionals, and enthusiasts to contribute to and benefit from the global open source ecosystem. -### Current Status -Throughout Q3, the SIG: -* SIG was rebranded as OpenSSF Africa SIG, after initial SIG leads left. -* New co-leads are all from Nigeria region: Ejiro, Ijeoma, and Harmony. -* Team has worked together to generate the following proposals and strategy for the next steps of OpenSSF Africa - * MSVR Strategy proposal for OpenSSF Africa structure - * Research proposal to uncover missing gaps and information about OSS in Africa - * This has been shared with David Wheeler and we are looking at reaching out to other organizations to help fund the research -* Blog post in draft and to be reviewed by Marketing for their involvement with Africa CyberFest -* KCD Nigeria - Harmony is working with the conference committee to negotiate a sponsorship award that will grant OpenSSF Africa a booth, speaker slot, social media shoutout, breakout session, and potentially a hackathon. Working with Stacey on budgets and negotiation ask. -### Up Next -* Generate a blog series of the various OpenSSF projects - targeting exposure to several Africa regions including Nigeria and Gambia -* Sal and Ejiro are working on a CFP for OpenSSF Community Day Europe (Prague) - -## DevRel SIG -### Purpose -Demonstrate the value proposition of making developer's lives easier and reduce perceived workload of OpenSSF -* Increase community engagement with OpenSSF Technical Initiatives and Events. -* Increase awareness and visibility of OpenSSF, its projects, tools, initiatives. -* Increase non-member contributions / participation -* Increase adoption - -### Current Status - -* Two sessions from DevRel community members (Katherine Druckman (JetBrains), Stacey Potter (OpenSSF), Tabatha DiDomenico (G-Research), Kadi McKean (ReversingLabs)) at cdCon (May 18–20, Minneapolis), both Room 200C, Tuesday May 19: -* Bring Your Lunch, We'll Bring Our Notebooks: Securing Software Workflows — 12:45pm CDT — Open-floor feedback session with project maintainers in the room — no slides, no pitches. -Security Things: How OpenSSF's Technical Initiatives Keep You Safe From the Upside Down! — 2:10pm CDT — Real supply chain problems mapped to OpenSSF solutions, with lightning-round demos from Working Group Leads and Project Maintainers.. -### Up Next -* DevRel community meeting July 9 11:30am ET -* They continue to work on their list of CFPs to submit for conferences -## Questions/Issues for the TAC -* Welcome Calls: We have been struggling to get responses from other WGs willing to host a Welcome Call. Would love the TAC’s help in promoting these as part of our more general community onboarding resources. -## Additional Information -* Reminder: - * Marcela has stepped away for parental leave - * Yesenia is planning to go on parental leave targeting August 14 - * With the 3 meeting gap between Yesenia leaving and Marcela returning, our goal is to keep the BEAR WGs with Ejiro and Sal serving as interim co-chairs to support the August mentorship showcase and have a channel for OpenSSF Africa to communicate through. - From 3e6c4f1894244fb7cfd12d6343b2219318dc44fe Mon Sep 17 00:00:00 2001 From: CyberJiuJiteira <107970777+Cyber-JiuJiteria@users.noreply.github.com> Date: Mon, 6 Jul 2026 18:14:57 -0400 Subject: [PATCH 5/6] Add 2026 Q3 BEAR WG report This document outlines the activities and progress of the BEAR Working Group for Q3 2026, including updates on mentorship programs, conference participation, and the OpenSSF Africa SIG. Signed-off-by: CyberJiuJiteira <107970777+Cyber-JiuJiteria@users.noreply.github.com> --- TI-reports/2026/2026-Q3-BEAR-WG.md | 99 ++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 TI-reports/2026/2026-Q3-BEAR-WG.md diff --git a/TI-reports/2026/2026-Q3-BEAR-WG.md b/TI-reports/2026/2026-Q3-BEAR-WG.md new file mode 100644 index 00000000..4045118d --- /dev/null +++ b/TI-reports/2026/2026-Q3-BEAR-WG.md @@ -0,0 +1,99 @@ +# 2026 Q3 BEAR WG +[Q2 2026 TAC report - not yet merged](https://github.com/ossf/tac/pull/611) + +## Overview + +The BEAR WG continues our mission to increase representation and strengthen the overall effectiveness of the cybersecurity workforce. The WG continues to see relatively low regular attendance in meetings (3 attendees on avg) since moving to the new time of Wednesday at 11am ET to support the new interim co-leads. Slack engagement has also been reduced since the OpenSSF Africa left and now we are running the OpenSSF Africa SIG. +Over the past quarter, we've made progress in these areas: +* No Welcome calls have been hosted since March 26. We have July-Sept planned out with confirmed groups. +* Summer 2026 mentorship program is in full swing with mentee evaluations due on July 10. +* OSSAfrica SIG has been rebranded to OpenSSF Africa SIG with 3 co-leads, Ejiro, Ijeoma, and Harmony marching forward to support. +* Interim co-leads, Sal and Ejiro, have started to assist and collaborate towards OpenSSF Africa SIG. +* Major strides have been accomplished by the OpenSSF Africa SIG with various proposal, blog series and workshops ideas, and a blog post from their experience in AfricaCyberFest, pending Marketing review +* OpenSSF Africa working towards a sponsored spot at the KCDNigeria conference. + +## Welcome Calls +### Purpose +Our Welcome Calls are a monthly event in which we highlight maintainers and/or contributors from OpenSSF Projects or working groups to talk about their initiative. The goal is to allow for information sharing for new members to understand the initiative, current efforts, where the TI needs help, and how to connect. Each month, we aim to host diverse TIs to help spread the awareness of OpenSSF WGs and Projects. +### Current Status +We have unfortunately been unable to engage with other working groups interested in participating in the Welcome Calls from April-June. As the calls have been conflicting with conference dates and other priorities. +### Up Next +Below is our current schedule for the upcoming Welcome Calls with agreed OpenSSF WGs and Projects. + +* July 23 - OpenSSF Africa +* August 27 - Summer Mentorship Showcase +* Sept 24 - DevRel + +We will continue to look for groups to participate in October and November. +## OpenSSF Mentorship Program +### Purpose +Hands-on experience and contributions to OSS projects are a major advantage for obtaining a job in SWE and/or cybersecurity. At the same time, mentoring and coaching experiences are increasingly viewed as important leadership skills in tech jobs. The OpenSSF Mentorship Program (via LFX) offers these experiences and opportunities to students and individuals from underrepresented groups to boost the skills they need to enter the cybersecurity workforce, and to OpenSSF project maintainers wishing to grow their community by mentoring rising developers. +### Current Status +* We are aiming towards the half-way mark with the Mentorship and still hosting 8 mentees. +* Mentee evaluations are underway with mentors having a deadline of July 10 to complete the evaluation. +* Sal and Ejiro have been granted access to the mentorship channel to support and coordinate the August Welcome Call. +### Up Next +* Mentorship to run June 1-August 21 (12 weeks) +* Mentees will showcase their projects during the August Welcome Call (coordinated by Sal and Ejiro) +* Kate and Yesenia will follow up while Marcela is out June-August. +* Kate will support once Yesenia is out in August. +## Conference Participation +### Purpose +Members of the OpenSSF BEAR WG community present talks and panel discussions at major industry conferences to raise awareness about the WG and to engage with folks beyond the OpenSSF. A primary goal of the talks and panels is to share their experiences and advice for newcomers to the OSS and cybersecurity space. +### Current Status +We had two talks accepted at OSS NA + OpenSSF Community Day, presented by Marcela: +* OSSNA: BEAR-ing Fruit: How OpenSSF’s Working Group Is Diversifying Open Source Security +* OpenSSF Keynote: BEAR-ing Fruit: A Year of Learning, Mentorship, and Community Building in Open Source Security +* As well as hosted a BEAR Lunch Meetup on Wednesday during OSS NA. + +OpenSSF Africa +* held a booth at AfricaCyberFest and presented their talk during the conference about OSS in Africa. +* Working towards a sponsorship package with the Kubernetes Community Day (KCD) in Nigeria in Oct 2026 - goal is to get a booth, speaker slot, and community shout out. +* Sal and Ejiro are working on a CFP for OpenSSF Community Day Europe (Prague) + +DevRel +* Spoke at and attended the OSSNA and UN Open Source Week + + +### Up Next +Most conference participation for the remainder of the year will flow through the OpenSSF Africa and DelRev SIGs. We will revisit conferences in the later part of 2026 and early 2027. +## OpenSSF Africa SIG +### Purpose +The SIG is dedicated to fostering collaboration, education, and innovation in open source software and cybersecurity throughout Africa. Our goal is to empower African developers, security professionals, and enthusiasts to contribute to and benefit from the global open source ecosystem. +### Current Status +Throughout Q3, the SIG: +* SIG was rebranded as OpenSSF Africa SIG, after initial SIG leads left. +* New co-leads are all from Nigeria region: Ejiro, Ijeoma, and Harmony. +* Team has worked together to generate the following proposals and strategy for the next steps of OpenSSF Africa + * MSVR Strategy proposal for OpenSSF Africa structure + * Research proposal to uncover missing gaps and information about OSS in Africa + * This has been shared with David Wheeler and we are looking at reaching out to other organizations to help fund the research +* Blog post in draft and to be reviewed by Marketing for their involvement with Africa CyberFest +* KCD Nigeria - Harmony is working with the conference committee to negotiate a sponsorship award that will grant OpenSSF Africa a booth, speaker slot, social media shoutout, breakout session, and potentially a hackathon. Working with Stacey on budgets and negotiation ask. +### Up Next +* Generate a blog series of the various OpenSSF projects - targeting exposure to several Africa regions including Nigeria and Gambia +* Sal and Ejiro are working on a CFP for OpenSSF Community Day Europe (Prague) + +## DevRel SIG +### Purpose +Demonstrate the value proposition of making developer's lives easier and reduce perceived workload of OpenSSF +* Increase community engagement with OpenSSF Technical Initiatives and Events. +* Increase awareness and visibility of OpenSSF, its projects, tools, initiatives. +* Increase non-member contributions / participation +* Increase adoption + +### Current Status + +* Two sessions from DevRel community members (Katherine Druckman (JetBrains), Stacey Potter (OpenSSF), Tabatha DiDomenico (G-Research), Kadi McKean (ReversingLabs)) at cdCon (May 18–20, Minneapolis), both Room 200C, Tuesday May 19: +* Bring Your Lunch, We'll Bring Our Notebooks: Securing Software Workflows — 12:45pm CDT — Open-floor feedback session with project maintainers in the room — no slides, no pitches. +Security Things: How OpenSSF's Technical Initiatives Keep You Safe From the Upside Down! — 2:10pm CDT — Real supply chain problems mapped to OpenSSF solutions, with lightning-round demos from Working Group Leads and Project Maintainers.. +### Up Next +* DevRel community meeting July 9 11:30am ET +* They continue to work on their list of CFPs to submit for conferences +## Questions/Issues for the TAC +* Welcome Calls: We have been struggling to get responses from other WGs willing to host a Welcome Call. Would love the TAC’s help in promoting these as part of our more general community onboarding resources. +## Additional Information +* Reminder: + * Marcela has stepped away for parental leave + * Yesenia is planning to go on parental leave targeting August 14 + * With the 3 meeting gap between Yesenia leaving and Marcela returning, our goal is to keep the BEAR WGs with Ejiro and Sal serving as interim co-chairs to support the August mentorship showcase and have a channel for OpenSSF Africa to communicate through. From 94076262e7fb8640a99ffe138bd2023c8fb8e390 Mon Sep 17 00:00:00 2001 From: CyberJiuJiteira <107970777+Cyber-JiuJiteria@users.noreply.github.com> Date: Tue, 7 Jul 2026 10:56:58 -0400 Subject: [PATCH 6/6] Update DevRel conference submissions and resources Added submitted talks for upcoming conferences and details on shareable content preparation by DevRel. Signed-off-by: CyberJiuJiteira <107970777+Cyber-JiuJiteria@users.noreply.github.com> --- TI-reports/2026/2026-Q3-BEAR-WG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/TI-reports/2026/2026-Q3-BEAR-WG.md b/TI-reports/2026/2026-Q3-BEAR-WG.md index 4045118d..a6f62497 100644 --- a/TI-reports/2026/2026-Q3-BEAR-WG.md +++ b/TI-reports/2026/2026-Q3-BEAR-WG.md @@ -89,7 +89,12 @@ Demonstrate the value proposition of making developer's lives easier and reduce Security Things: How OpenSSF's Technical Initiatives Keep You Safe From the Upside Down! — 2:10pm CDT — Real supply chain problems mapped to OpenSSF solutions, with lightning-round demos from Working Group Leads and Project Maintainers.. ### Up Next * DevRel community meeting July 9 11:30am ET -* They continue to work on their list of CFPs to submit for conferences +* DevRel has submitted talks for: + * Open Source SecurityCon NA 2026 + * Open Source Summit EU + * OpenSSF Community Day +* They're also working to prep shareable content/materials (“talks in a box” style with CFP drafts, talk outlines and slides) so the community is able to give talks on OpenSSF, WGs, TI’s/Projects. + ## Questions/Issues for the TAC * Welcome Calls: We have been struggling to get responses from other WGs willing to host a Welcome Call. Would love the TAC’s help in promoting these as part of our more general community onboarding resources. ## Additional Information