ossf
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 54 additions & 0 deletions b/‎CONTRIBUTING.md‎
Lines changed: 54 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 4 additions & 4 deletions b/‎README.md‎
Lines changed: 4 additions & 4 deletions
@@ -0,0 +1,54 @@
+# Contributing to the OpenSSF Best Practices for Open Source Developers Working Group
+
+Welcome! We're excited that you're interested in contributing to the Best Practices for Open Source Developers Working Group. We aim to create a supportive, inclusive environment where everyone can thrive and make meaningful contributions.
+
+## How to Connect with Us
+
+- **Public Calendar:** Stay informed about our meetings, events, and activities by checking our [public calendar](https://openssf.org/calendar/).
+
+- **Slack Channel:** Join the conversation on our #wg-best-practices-ossdev [OpenSSF Slack channel](https://openssf.slack.com/archives/C01AHCRP8BT). This is the best place to ask questions, share ideas, and collaborate.
+
+## How to Contribute
+
+We value all contributions, from improving documentation to participating in discussions and developing new initiatives. Here’s how you can get started:
+
+### 1. Participate in Discussions
+
+- Join our #wg-best-practices-ossdev channel via the [OpenSSF Slack channel](https://openssf.slack.com/archives/C01AHCRP8BT).
+
+- Attend working group meetings listed on the public calendar.
+
+### 2. Report Issues or Suggest Enhancements
+
+- Use the [GitHub Issues](https://github.com/ossf/wg-best-practices-os-developers/issues) tab to report problems or suggest ideas.
+- Follow our issue template to provide clear and detailed information.
+
+### 3. Submit Pull Requests
+
+- Fork the repository.
+- Create a feature branch (`git checkout -b feature/your-feature-name`).
+- Commit changes (`git commit -m 'Add your message here'`).
+- See here for more information on [signing your commit](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits).
+- Push your branch (`git push origin feature/your-feature-name`).
+- Open a Pull Request (PR) with a detailed description.
+
+### 4. Review Process
+
+- All PRs are reviewed by maintainers.
+- Ensure your PR is well-documented and follows project guidelines.
+- Be open to feedback and ready to make improvements.
+- Don't hesitate to post a reminder if you didn't get any feedback after some time, e.g. two weeks.
+
+## Code of Conduct
+
+We are committed to maintaining a welcoming, inclusive, and respectful environment. Please read and follow our [Code of Conduct](https://github.com/ossf/wg-best-practices-os-developers/blob/main/code-of-conduct.md) to ensure a positive experience for everyone.
+
+## Community Expectations
+
+- **Be Respectful:** Value each other's ideas and contributions.
+- **Be Collaborative:** Work together to solve problems and build new initiatives.
+- **Be Open:** Share your knowledge and be open to learning from others.
+
+We’re excited to collaborate with you and appreciate your support in advancing open source cybersecurity!
+
+For any questions or additional guidance, contact us through Slack or during our working group meetings.
@@ -76,18 +76,18 @@ Our work is organized into several discrete-yet-related projects that help us ac
 
 | Effort                  |     Description           |       Git Repo        | Slack Channel | Mailing List |
 | ------------------      | ------------------------  |  -------------------  |  -----------  |  ----------  |
-| Best Practices Guides   | Longer reference documents on implementing specific secure techniques   | - [Compiler Annotations for C and C++ (incubating)](https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Annotations-for-C-and-C++.html), </p> - [Compiler Options Hardening Guide for C and C++](https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++), </p> - [Existing Guidelines for Developing and Distributing Secure Software](https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Existing%20Guidelines%20for%20Developing%20and%20Distributing%20Secure%20Software.md), </p> - [Package Manager Best Practices (incubating)](https://github.com/ossf/package-manager-best-practices), </p> - [npm Best Practices Guide](https://github.com/ossf/package-manager-best-practices/blob/main/published/npm.md), </p> - [Source Code Management Platform Configuration Best Practices](docs/SCM-BestPractices/README.md), </p> - [Secure Coding Guide for Python](https://github.com/ossf/wg-best-practices-os-developers/tree/main/docs/Secure-Coding-Guide-for-Python), | - [#wg-best-practices-compilers](https://openssf.slack.com/archives/C07LH7RH8MT), </p> - [#wg-best-practices-scm](https://openssf.slack.com/archives/C058EC1EZ5Y) | |
-|  Concise Guides SIGs   |  Quick Guidance around Open Source Software Develpment Good Practices | - [Concise Guide for Developing More Secure Software](https://best.openssf.org/Concise-Guide-for-Developing-More-Secure-Software), </p> - [Concise Guide for Evaluating Open Source Software](https://best.openssf.org/Concise-Guide-for-Evaluating-Open-Source-Software) |  | [Mailing List](https://lists.openssf.org/g/openssf-wg-best-practices) |
+| Best Practices Guides   | Longer reference documents on implementing specific secure techniques   | - [Compiler Annotations for C and C++ (incubating)](https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Annotations-for-C-and-C++.html), </p> - [Compiler Options Hardening Guide for C and C++](https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++), </p> - [Existing Guidelines for Developing and Distributing Secure Software](https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Existing%20Guidelines%20for%20Developing%20and%20Distributing%20Secure%20Software.md), </p> - [Package Manager Best Practices (archived)](https://github.com/ossf/package-manager-best-practices), </p> - [npm Best Practices Guide](https://github.com/ossf/package-manager-best-practices/blob/main/published/npm.md), </p> - [Source Code Management Platform Configuration Best Practices](docs/SCM-BestPractices/README.md), </p> - [Cyber Resilience Act (CRA) Brief Guide for Open Source Software (OSS) Developers](https://best.openssf.org/CRA-Brief-Guide-for-OSS-Developers). </p> - [Secure Coding Guide for Python](https://github.com/ossf/wg-best-practices-os-developers/tree/main/docs/Secure-Coding-Guide-for-Python), </p> - [Security Focused Guide for AI Code Assistant Instructions](https://best.openssf.org/Security-Focused-Guide-for-AI-Code-Assistant-Instructions), </p>| - [#wg-best-practices-compilers](https://openssf.slack.com/archives/C07LH7RH8MT), </p> - [#wg-best-practices-scm](https://openssf.slack.com/archives/C058EC1EZ5Y) | |
+|  Concise Guides SIGs   |  Quick Guidance around Open Source Software Development Good Practices | - [Concise Guide for Developing More Secure Software](https://best.openssf.org/Concise-Guide-for-Developing-More-Secure-Software), </p> - [Concise Guide for Evaluating Open Source Software](https://best.openssf.org/Concise-Guide-for-Evaluating-Open-Source-Software) |  | [Mailing List](https://lists.openssf.org/g/openssf-wg-best-practices) |
 | Education SIG - (incubating) | To provide industry standard secure software development training materials that will educate learners of all levels and backgrounds on how to create, compose, deploy, and maintain software securely using best practices in cyber and application security. | [EDU.SIG](https://github.com/ossf/education/) (course links are there) | [stream-01-security-education](https://openssf.slack.com/archives/C03FW3YGXH9)  |  [Mailing List](https://lists.openssf.org/g/openssf-sig-education)  |
 |[OpenSSF Best Practices Badge - formerly CII Best Practices badge](https://www.bestpractices.dev/) | Identifies FLOSS best practices & implements a badging system for those practices, | [best-practices-badge](https://github.com/coreinfrastructure/best-practices-badge) | | |
 | [OpenSSF Scorecard](https://scorecard.dev/) | Automate analysis on the security posture of open source projects | [OpenSSF Scorecard](https://github.com/ossf/scorecard) | [#scorecard](https://openssf.slack.com/archives/C0235AR8N2C) | [Contribute!](https://github.com/ossf/scorecard?tab=readme-ov-file#contribute) |
 | [OpenSSF Scorecard — Allstar](https://github.com/ossf/allstar) | Monitors GitHub organizations or repositories for adherence to security best practices | [Allstar](https://github.com/ossf/allstar) | [#allstar](https://openssf.slack.com/archives/C02UQ2RL0HM) | [Contribute!](https://github.com/ossf/scorecard?tab=readme-ov-file#contribute) |
-| [OpenSSF Security Baseline](https://github.com/ossf/security-baseline) | Provide avenue for particpants to help evolve the OpenSSF security baseline into a security baseline that can be applied to a broad range of software-based projects |[OpenSSF Security Baseline](https://github.com/ossf/security-baseline) | [#sig-security-baseline](https://app.slack.com/client/T019QHUBYQ3/C07DC6TT2QY) | [Mailing List](https://lists.openssf.org/g/openssf-sig-security-baseline) |
+| [OpenSSF Security Baseline](https://github.com/ossf/security-baseline) | Provide avenue for participants to help evolve the OpenSSF security baseline into a security baseline that can be applied to a broad range of software-based projects |[OpenSSF Security Baseline](https://github.com/ossf/security-baseline) | [#sig-security-baseline](https://app.slack.com/client/T019QHUBYQ3/C07DC6TT2QY) | [Mailing List](https://lists.openssf.org/g/openssf-sig-security-baseline) |
 | [Secure Software Development Fundamentals - online course](https://openssf.org/training/courses/)  |Teach software developers fundamentals of developing secure software  | [GitHub](https://github.com/ossf/secure-sw-dev-fundamentals) | | |
 | Memory Safety SIG | The Memory Safety SIG is a group working within the OpenSSF's Best Practices Working Group formed to advance and deliver upon The OpenSSF's Mobilization Plan - Stream 4.   |[Git Repo](https://github.com/ossf/Memory-Safety) | [Slack](https://openssf.slack.com/archives/C03G8NZH58R) | [Mailing List](https://lists.openssf.org/g/openssf-sig-memory-safety) |
 |  The Security Toolbelt | Assemble a “sterling” collection of capabilities (**software frameworks, specifications, and human and automated processes**) that work together to **automatically list, scan, remediate, and secure the components flowing through the software supply chain** that come together as software is written, built, deployed, consumed, and maintained. Each piece of the collection will represent an **interoperable** link in that supply chain, enabling adaptation and integration into the major upstream language toolchains, developer environments, and CI/CD systems. | [Security Toolbelt](https://github.com/ossf/toolbelt) | [security-toolbelt](https://openssf.slack.com/archives/C057BN7K19B) | [Mailing List]([email protected]) |
 | Python Hardening Guide SIG | A group working to document a secure coding guide for python and associates code examples | [Git Repo](https://github.com/ossf/wg-best-practices-os-developers/tree/main/docs/Secure-Coding-Guide-for-Python) | [#secure-coding-guide-for-python](https://openssf.slack.com/archives/C07LH7RH8MT) |  |
-| Web Developer Security Guidelines | A group working on security guidelines specifc to web developers. This work is happening in the W3C SWAG Community Group in coordination with the OpenSSF Best Practices working group. (W3C communith groups are open to any participant.) | [SWAG home page](https://www.w3.org/community/swag/) [Git Repo](https://github.com/w3c-cg/swag) | [#swag-cg on the W3C Community Slack](https://w3ccommunity.slack.com/archives/C079JKV32RX) |  |
+| Web Developer Security Guidelines | A group working on security guidelines specific to web developers. This work is happening in the W3C SWAG Community Group in coordination with the OpenSSF Best Practices working group. (W3C communith groups are open to any participant.) | [SWAG home page](https://www.w3.org/community/swag/) [Git Repo](https://github.com/w3c-cg/swag) | [#swag-cg on the W3C Community Slack](https://w3ccommunity.slack.com/archives/C079JKV32RX) |  |
 
 ## Related resources