MVVR

Signed-off-by: Eddie Knight <knight@linux.com>

Author: eddie-knight

CLAUDE.md

@@ -0,0 +1,37 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Repository Overview
+
+This is the governance repository for the **OpenSSF Technical Advisory Council (TAC)** — the body overseeing all Technical Initiatives (TIs) within the Open Source Security Foundation. It contains no application code; it is entirely documentation, governance processes, and meeting records in Markdown.
+
+## Repository Structure
+
+- `process/` — Core governance docs: TI lifecycle stages (Sandbox → Incubating → Graduated), decision processes, roles & responsibilities, funding requests, and stage-specific requirements in subdirectories
+- `TI-reports/` — Quarterly status update reports from Technical Initiatives (use `0000-quarterly-update-template.md` as a template)
+- `minutes/` — TAC meeting minutes (chronological, dating back to 2020)
+- `elections/` — TAC and SCIR election nominations and results
+- `policies/` — Governance policies (e.g., access control)
+- `files/images/` — Image assets referenced by documentation
+- `organizational-structure-overview.md` — Org hierarchy and project-to-WG mapping
+- `technical-vision.md` — 2-5 year strategic vision
+- `working-group-abilities.md` — Permitted WG activities and autonomy
+
+## Key Governance Concepts
+
+The TI lifecycle has three stages: **Sandbox → Incubating → Graduated**. Requirements for each stage differ by TI type (Working Group, Project, SIG) and are documented in `process/wg-lifecycle-documents/`, `process/project-lifecycle-documents/`, and `process/sig-lifecycle.md`.
+
+The main README.md contains the canonical table of all TIs with their current lifecycle status, sponsoring WG, and repository links.
+
+## Contribution Requirements
+
+- **DCO required**: All commits must include a `Signed-off-by` line. Use `git commit -s` to add it automatically.
+- **GitVote**: Decisions use `.gitvote.yml` — 2-week voting period, 55% pass threshold, voters are `@ossf/tac` team members.
+- **CODEOWNERS**: Repository is owned by `@ossf/tac`.
+
+## Common Tasks
+
+- **Adding a quarterly report**: Create a new file in `TI-reports/` following the template in `TI-reports/0000-quarterly-update-template.md`
+- **Updating TI status**: Edit the tables in `README.md` to reflect lifecycle stage changes
+- **Adding meeting minutes**: Create a new dated file in `minutes/`

process/wg-lifecycle-documents/ORBIT_WG_incubating_stage.md

@@ -52,6 +52,18 @@ The WG must have a charter or mission statement for review by TAC
   * Link to the WG charter or mission statement defining its goals.
   * https://github.com/ossf/wg-orbit/blob/main/CHARTER.md
 
+### Alignment with the OpenSSF MVSSR
+The mission of the WG must be aligned with the [Mission, Vision, Values, Strategy, and Roadmap (MVVSR)](https://openssf.org/about/) of the OpenSSF. Please indicate to which of the three strategies and four pillars of the OpenSSF the WG is contributing to.
+
+Strategies: *i) Catalyst for Change*, *ii) Educate and Empower the Modern Developer*, *iii) Ecosystem Leader*
+  * **Catalyst for Change**: ORBIT develops interoperable baselines and specifications (e.g., the Open Source Project Security Baseline and the Security Insights Specification) that drive adoption of "secure by design/default" practices by defining clear, actionable security standards for open source projects.
+  * **Educate and Empower the Modern Developer**: Through initiatives like ORBIT Launchpad, the WG provides resources and guidance that help developers and maintainers understand and implement security baselines in their projects.
+  * **Ecosystem Leader**: ORBIT's focus on interoperability—standardizing how security-relevant data is identified, formatted, and shared across tools and ecosystems—positions the OpenSSF as a leader in cross-ecosystem security collaboration.
+
+Pillars: *i) Programs & Projects, ii) Education, iii) Public Policy, iv) Community & Events*
+  * **Programs & Projects**: ORBIT maintains several active technical initiatives including the Open Source Project Security Baseline, Security Insights Specification, Gemara, and ORBIT Launchpad, all focused on producing practical, reusable security artifacts.
+  * **Education**: The WG contributes educational resources through its best practices documentation and Launchpad materials that help projects adopt security baselines.
+
 ### Governance
 WG must have documented, initial group governance.
   * Link to initial group governance doc