Maybe this should link to <a href="https://openssf.org" rel="nofollow">https://openssf.org</a> or the press release (<a href="https://openssf.org/press-release/2020/08/03/technology-and-enterprise-leaders-combine-efforts-to-improve-open-source-security/" rel="nofollow">https://openssf.org/press-release/2020/08/03/technology-and-...</a>) rather than to the GitHub project?<p>Highlights from the FAQ:<p>> OpenSSF is focused on improving the security of open source software (OSS) by building a broader community with targeted initiatives and best practices. It will start with a focus on metrics, tooling, best practices, developer identity validation and vulnerability disclosures best practices.<p>> OpenSSF will be supported by Linux Foundation membership dues with targeted organization contributions to support initiatives<p>> The founding members are GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others.