├── .github
    └── settings.yml
├── CHARTER.md
├── LICENSE
├── README.md
├── SECURITY.md
├── doc
    └── 2020 - 2023 Meeting Notes -  WG Metrics and Metadata - OpenSSF.md
├── publications
    └── threats-risks-mitigations
    │   ├── README.md
    │   ├── v1.1
    │       ├── Supporting Visio Diagrams.vsdx
    │       ├── Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.1.docx
    │       ├── Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.1.pdf
    │       ├── Threats, Risks, and Mitigations in the Open Source Ecosystem.md
    │       └── img
    │       │   ├── AttackSurface.png
    │       │   ├── AttackSurface2.png
    │       │   ├── CentralInfrastructure.png
    │       │   ├── ExternalContribution.png
    │       │   ├── Ideation.png
    │       │   ├── LocalDevelopment.png
    │       │   ├── PackageConsumptionFlow.png
    │       │   ├── PackageIdentity.png
    │       │   ├── ReducingTheLikelihoodThatAVulnerabilityWillBeIntroduced.png
    │       │   ├── Threat&Risks.png
    │       │   ├── VulnerabilitiesFixingFlow.png
    │       │   └── WritingCode.png
    │   ├── v1.2
    │       ├── Threats, Risks, and Mitigations in the Open Source Ecosystem.md
    │       └── img
    │       │   ├── AttackSurface.png
    │       │   ├── AttackSurface2.png
    │       │   ├── CentralInfrastructure.png
    │       │   ├── ExternalContribution.png
    │       │   ├── Ideation.png
    │       │   ├── LocalDevelopment.png
    │       │   ├── PackageConsumptionFlow.png
    │       │   ├── PackageIdentity.png
    │       │   ├── ReducingTheLikelihoodThatAVulnerabilityWillBeIntroduced.png
    │       │   ├── Threat&Risks.png
    │       │   ├── VulnerabilitiesFixingFlow.png
    │       │   └── WritingCode.png
    │   └── v1
    │       ├── Supporting Visio Diagrams.vsdx
    │       ├── Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.docx
    │       └── Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.pdf
└── virtual-mini-summit-for-maintainers-of-critical-OSS-projects.md


/.github/settings.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/.github/settings.yml


--------------------------------------------------------------------------------
/CHARTER.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/CHARTER.md


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/README.md


--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/SECURITY.md


--------------------------------------------------------------------------------
/doc/2020 - 2023 Meeting Notes -  WG Metrics and Metadata - OpenSSF.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/doc/2020 - 2023 Meeting Notes -  WG Metrics and Metadata - OpenSSF.md


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/README.md


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/Supporting Visio Diagrams.vsdx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/Supporting Visio Diagrams.vsdx


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.1.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.1.docx


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.1.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.1.pdf


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/Threats, Risks, and Mitigations in the Open Source Ecosystem.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/Threats, Risks, and Mitigations in the Open Source Ecosystem.md


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/AttackSurface.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/AttackSurface.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/AttackSurface2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/AttackSurface2.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/CentralInfrastructure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/CentralInfrastructure.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/ExternalContribution.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/ExternalContribution.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/Ideation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/Ideation.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/LocalDevelopment.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/LocalDevelopment.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/PackageConsumptionFlow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/PackageConsumptionFlow.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/PackageIdentity.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/PackageIdentity.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/ReducingTheLikelihoodThatAVulnerabilityWillBeIntroduced.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/ReducingTheLikelihoodThatAVulnerabilityWillBeIntroduced.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/Threat&Risks.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/Threat&Risks.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/VulnerabilitiesFixingFlow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/VulnerabilitiesFixingFlow.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.1/img/WritingCode.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.1/img/WritingCode.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/Threats, Risks, and Mitigations in the Open Source Ecosystem.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/Threats, Risks, and Mitigations in the Open Source Ecosystem.md


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/AttackSurface.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/AttackSurface.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/AttackSurface2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/AttackSurface2.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/CentralInfrastructure.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/CentralInfrastructure.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/ExternalContribution.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/ExternalContribution.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/Ideation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/Ideation.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/LocalDevelopment.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/LocalDevelopment.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/PackageConsumptionFlow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/PackageConsumptionFlow.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/PackageIdentity.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/PackageIdentity.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/ReducingTheLikelihoodThatAVulnerabilityWillBeIntroduced.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/ReducingTheLikelihoodThatAVulnerabilityWillBeIntroduced.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/Threat&Risks.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/Threat&Risks.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/VulnerabilitiesFixingFlow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/VulnerabilitiesFixingFlow.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1.2/img/WritingCode.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1.2/img/WritingCode.png


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1/Supporting Visio Diagrams.vsdx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1/Supporting Visio Diagrams.vsdx


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1/Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1/Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.docx


--------------------------------------------------------------------------------
/publications/threats-risks-mitigations/v1/Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/publications/threats-risks-mitigations/v1/Threats, Risks, and Mitigations in the Open Source Ecosystem - v1.pdf


--------------------------------------------------------------------------------
/virtual-mini-summit-for-maintainers-of-critical-OSS-projects.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ossf/wg-metrics-and-metadata/HEAD/virtual-mini-summit-for-maintainers-of-critical-OSS-projects.md


--------------------------------------------------------------------------------