in-toto tracks adoptions / integrations on this repo: https://github.com/in-toto/friends. It'd be neat to have someone from this community submit a short description and some pointers to the spec, tooling etc. We try to have the adopters or implementers write it up for a more accurate summary.

Only heard of OpenVEX today, has the window closed for initial maintainers?

OPEV #14: Expansion of the VEX Product Field

🖊️ Enhancement Overview

Six months after the introduction of OpenVEX, the initial integrations and
community feedback on the initial spec has pointed out several areas where
the product field can be improved to more accurately model the initial use
cases of OpenVEX.

This OPEV proposes reworking the VEX product to become a full object with a new
context called Componentthat lets us introduce new data fields needed today by
the community while letting us more easily add other data in the future.

🧑‍💻 Enhancement Proposal Authors

• @puerco

👩‍🔧 Sponsoring Maintainers

(not required)

📋 OpenVEX Projects

• openvex/spec
• openvex/go-vex
• openvex/vexctl

📐 Specs and Documents

Pull Request Open: #16

❓ Enhancement Questions

Does this enhancement propose a change to the OpenVEX project's governance
structure?

NO

Does this enhancement propose a breaking change with the upstream VEX design
established by the VEX Working Group?

NO

💬 Discussion Start Date:

OPEVs shall be discussed for no longer than 30 days after which the vote tally
will be computed and the proposal will either merge or be rejected.

Start Date: 2023-07-09

🗳️ Voting Results

Final Enhancement Vote Tally:

👍 : 3 Votes @lumjjb @wagoodman @puerco (implicit) | non binding: @SecurityCRob

👎 : 0 Votes

Result: APPROVED

ℹ️ Voting Instructions:

To vote for this enhancement, maintainers should add a comment with a 👍 emoji
to show support or 👎 to reject the enhancement. After voting is over (usually
after 30 days), votes will be computed by the project's maintainers and
registered in this issue. Refer to GOVERNANCE.md for details
on how many votes are required to approve and when voting ends.

Maintainer Nomination: Alex Goodman

GitHub handle: @wagoodman

Note: This nomination is part of the initial community bootstrap.

Sponsoring Maintainers

A community member may also be accepted as nominee if sponsored by a committee of
maintainers. Please refer to GOVERNANCE.md for details about
the nomination by committee process.

• @luhring
• @puerco

💬 Discussion Start Date:

A decision on the nomination shall be discussed for no longer than 30 days after
the discussion start date. After the the discussion period is over, the vote
tally will be computed and the nomination will be accepted or rejected.

Start Date: 202Y-MM-DD

🗳️ Voting Results

Final Enhancement Vote Tally:

👍 : 2 Votes

👎 : 0 Votes

Result: APPROVED

ℹ️ Voting Instructions:

To vote for this nomination, maintainers should add a comment with a 👍 emoji
to show support or 👎 to reject the enhancement. After voting is over (usually
after 30 days), votes will be computed by the project's maintainers and
registered in this issue. Refer to GOVERNANCE.md for details
on how many votes are required to approve and when voting ends.

Maintainer Nomination: Brandon Lum

GitHub handle: @lumjjb

Note: This nomination is part of the initial community bootstrap.

Sponsoring Maintainers

A community member may also be accepted as nominee if sponsored by a commitee of
maintainers. Please refer to GOVERNANCE.md for details about
the nomination by commitee process.

• @puerco
• @luhring

💬 Discussion Start Date:

A decision on the nomination shall be discussed for no longer than 30 days after
the discussion start date. After the the discussion period is over, the vote
tally will be computed and the nomination will be accepted or rejected.

Start Date: 2023-01-21

🗳️ Voting Results

Final Enhancement Vote Tally:

👍 : 2 Votes

👎 : 0 Votes

Result: APPROVED

ℹ️ Voting Instructions:

To vote for this nomination, maintainers should add a comment with a 👍 emoji
to show support or 👎 to reject the enhancement. After voting is over (usually
after 30 days), votes will be computed by the project's maintainers and
registered in this issue. Refer to GOVERNANCE.md for details
on how many votes are required to approve and when voting ends.

OPEV # 0015: Expansion of the Vulnerability Field

🖊️ Enhancement Overview

During the development of the initial implementations, there have been issues raised about the need to expand the vulnerability field. While this OPEV only addresses the need to expand the vulnerability field 1) become an object and to
2) to express more names or aliases of a vulnerability, members of the community have pointed to other cases where the vulnerability entry needs to be expanded from an identifier string to a full struct.

🧑‍💻 Enhancement Proposal Authors

• @puerco

👩‍🔧 Sponsoring Maintainers

(not required)

📋 OpenVEX Projects

• openvex/spec
• openvex/go-vex
• openvex/vexctl

📐 Specs and Documents

Pull Request open: #17

❓ Enhancement Questions

Does this enhancement propose a change to the OpenVEX project's governance
structure?

NO

Does this enhancement propose a breaking change with the upstream VEX design
established by the VEX Working Group?

NO

💬 Discussion Start Date:

OPEVs shall be discussed for no longer than 30 days after which the vote tally
will be computed and the proposal will either merge or be rejected.

Start Date: 2023-07-09

🗳️ Voting Results

Final Enhancement Vote Tally:

Final Enhancement Vote Tally:

👍 : 3 Votes @lumjjb @wagoodman @puerco (implicit) | non binding: @SecurityCRob

👎 : 0 Votes

ℹ️ Voting Instructions:

To vote for this enhancement, maintainers should add a comment with a 👍 emoji
to show support or 👎 to reject the enhancement. After voting is over (usually
after 30 days), votes will be computed by the project's mantainers and
registered in this issue. Refer to GOVERNANCE.md for details
on how many votes are required to approve and when voting ends.

Maintainer Nomination: Rose Judge

GitHub handle: @rnjudge

Note: This nomination is part of the initial community bootstrap.

Sponsoring Maintainers

A community member may also be accepted as nominee if sponsored by a commitee of
maintainers. Please refer to GOVERNANCE.md for details about
the nomination by committee process.

• @luhring
• @puerco

💬 Discussion Start Date:

A decision on the nomination shall be discussed for no longer than 30 days after
the discussion start date. After the the discussion period is over, the vote
tally will be computed and the nomination will be accepted or rejected.

Start Date: 2023-01-23

🗳️ Voting Results

Final Enhancement Vote Tally:

👍 : 2 Votes

👎 : 0 Votes

Result: APPROVED

ℹ️ Voting Instructions:

To vote for this nomination, maintainers should add a comment with a 👍 emoji
to show support or 👎 to reject the enhancement. After voting is over (usually
after 30 days), votes will be computed by the project's maintainers and
registered in this issue. Refer to GOVERNANCE.md for details
on how many votes are required to approve and when voting ends.