2025-05-22-security-mindsets-worksheet

Worksheet - Developing a Security Mindset for Your Open Source Project

Authors: Georgia Bullen, Robert P. Davey, Beth Duckles, Jonah Duckles, Eriol Fox, Kate Hertweck, Dan Sholler, David Swenson, Kirstie Whitaker

Published: August 12, 2025

Overview

This worksheet is designed to help your open source project team have meaningful conversations about security practices. By working through these questions together, you’ll identify potential security gaps and develop a more security-conscious mindset across your team. 1

Setting aside a one to two hour conversation with your team would be a good start at bringing more of a security mindset. The below worksheet can walk a team through security considerations and ways in which the team feels vulnerable / exposed.

Comments, contributions and questions can be shared with the editorial team using GitHub Issues on the repository used for managing and maintaining this work: eoss-om-communitycalls/2025-05-22-security-mindsets-worksheet Or reach out to the team at Organizational Mycology by email at: info@orgmycology.com They can provide services to facilitate these discussions across larger teams and help your community build accountability frameworks for these topics.

A worksheet to help start security discussions within your Open Source Project. While focused on Open Source, many of the topics could seed a security discussion in any type of organization.

PDF - Google Document - make a copy of Google Document image

Access the Resource

We have it available as a PDF and as a Google Document which you can make a copy of to use for running a 1-2 hour workshop. Note that there is some pre-work to consider before you launch into a workshop to help you think through some big picture things around your project’s security outlook.

Chan-Zuckerberg Initiative community call for the Essential Open Source Software Program on the topic of Security in Open Source. Comments welcome in this document._

  1. _This resource was developed based on conversation with attendees at the May 22, 2025 

This site is open source. Improve this page.