Stakeholder analysis

[hythloda]

We need to perform a stakeholder analysis is to outline the key stakeholders and their needs for the project. It is important to have a clear understanding of each stakeholder and what they are expecting from the project from the start.

[SecurityCRob]

I'll start us out, patches/comments welcome.
From my perspective we need to address the following audiences with our collective work:

• Open Source maintainers/developers/projects: need useful tools, processes, and training to do their jobs securely, with minimal friction and loss of velocity.
• The OpenSSF Membership: similar needs to maintainers, but also focus on supply chain security.
• The OpenSSF Governing Board: needs clear data and updates on foundation activities to make business decisions.
• Open Source Consumers: need tools and signals to understand and evaluate the security qualities of the software they are using and the supply chains it is created in.
• Other Open Source Foundations/Standards Bodies: needs collaboration on areas of shared interest and in the furtherance of the open source ecosystem.

[gkunz]

Additional groups could include security researchers and policy makers (OSPOs thereof).

[sevansdell]

@hythloda / @SecurityCRob where should this stakeholder analysis live? Is this a staff document, TAC process page, or something else? I recommend we post what we have to date, and iterate as needed.

[SecurityCRob]

any updates or progress on this? should we close this out due to lack of activity?

[sevansdell]

@SecurityCRob this feels very much linked to the persona work you have taken on in your role as Chief Architect. How do we feel about closing this issue, and using it as a reference incorporating stakeholders through persona work?

[sevansdell]

@SecurityCRob status update please?