List of the security working group - coding, theory, math


πŸ” Software Supply Chain & Security

OpenSSF (beyond the ones you already attend)

  • Vulnerability Disclosures WG – coordinated disclosure, CNA processes

  • Security Baseline WG – minimum security requirements for OSS

  • Best Practices WG – tooling & badge criteria evolution

  • Identifying Security Threats WG – threat modeling for OSS

OWASP (besides SCVS)

  • OWASP Top 10 Proactive Controls

  • OWASP CycloneDX WG – SBOM format (very active)

  • OWASP ASVS – Application Security Verification Standard

  • OWASP Dependency-Track Project

  • OWASP Firmware Security Project

CNCF / Cloud Native Security

  • TAG Security (umbrella group, very active)

  • SIG Security (Kubernetes)

  • Supply Chain Security SIG (K8s)

  • Policy WG (OPA / Gatekeeper ecosystem)

πŸ“¦ SBOM, Provenance & Artifact Integrity

  • CycloneDX Core WG

  • SPDX Technical Team (Linux Foundation)

  • in-toto Steering Committee

  • Sigstore Policy & UX Working Groups

  • OCI Artifacts / OCI Security WG

πŸ§ͺ Standards & Specifications

Ecma / ISO / W3C

  • Ecma TC54 (SBOM & SW transparency) – adjacent to TC54-TG2

  • ISO/IEC JTC 1 SC 38 – cloud & distributed platforms

  • W3C WebAppSec WG

  • W3C Privacy CG / Security Interest Group

πŸ€– AI, ML & Security (fast-growing)

  • OpenSSF AI/ML Security WG

  • MLCommons Security WG

  • NIST AI RMF Community of Practice

  • OWASP Top 10 for LLM Applications

πŸ—οΈ Infrastructure & Platform Security

  • Confidential Computing Consortium (CCC)

  • IETF SAAG (Security Area Advisory Group)

  • IETF SCITT WG – supply chain transparency (very relevant)

  • TUF Community Meetings

🧭 Governance, Risk & Ecosystem Trust

  • FINOS Security SIG

  • CHAOSS Risk & Security WG

  • Linux Foundation Trust & Safety Initiative

  • OpenJS Security WG

πŸ“Œ If you want something closer to your calendar…

Based on what you’re already attending, the closest matches you may want to look into are:

  • IETF SCITT WG

  • CycloneDX WG

  • Kubernetes Supply Chain Security SIG

  • OpenSSF Vulnerability Disclosures WG

  • MLCommons / AI supply chain groups

------

πŸ” Cryptography & Mathematical Security Foundations

IACR (International Association for Cryptologic Research)

These are not β€œWGs” in name, but ongoing, highly active research communities with regular workshops, mailing lists, and study groups:

  • CRYPTO / EUROCRYPT / ASIACRYPT communities

  • Theory of Cryptography Conference (TCC)

  • Real World Crypto (RWC) – applied but still very theory-aware

  • IACR ePrint Cryptography Archive (active discussion + review culture)

➑️ Strong focus on: number theory, algebra, complexity theory, zero-knowledge, MPC, post-quantum crypto.

Post-Quantum Cryptography

  • NIST PQC Forum & Study Groups

  • IETF PQUIP WG (Post-Quantum Use in Protocols)

  • ETSI Quantum-Safe Cryptography ISG

➑️ Heavy math: lattices, codes, isogenies, hardness assumptions.

πŸ“ Formal Methods, Logic & Verification (Security-oriented)

Formal Methods Groups

  • IFIP WG 1.6 – Rewriting

  • IFIP WG 1.7 – Theoretical Computer Science

  • IFIP WG 11.2 – Pervasive Systems Security (formal angle)

Program Verification & Proof Systems

  • Proof-Carrying Code (PCC) community

  • CompCert & Verified Compilation community

  • Verified Crypto community (HACL*, Fiat-Crypto, Jasmin)

Tools & ecosystems:

  • Coq Security & Crypto Users Group

  • Isabelle Security Group

  • Lean for Security / Crypto reading groups

🧠 Programming Languages & Semantics (Security Focus)

  • POPL Security Track community

  • CSF (IEEE Computer Security Foundations Symposium)

  • PLDI Security & Verification subgroup

  • OOPSLA Formal Security & Types community

Topics:

  • Type systems for security

  • Non-interference

  • Language-based security

  • Information flow control

πŸ”Ž Security Foundations & Logic

Dedicated Security Theory Venues

  • IEEE CSF (Computer Security Foundations)

  • POST (Principles of Security & Trust – ETAPS)

  • FOSAD (Foundations of Security Analysis and Design)

  • SecDev Theory Track

Access Control, Logic, and Models

  • ABAC & Policy Logic research groups

  • Modal logic for security protocols

  • Game-theoretic security models

  • Epistemic logic & knowledge-based security

πŸ§ͺ Protocol Analysis & Symbolic Models

  • Formal Protocol Verification community

    • ProVerif

    • Tamarin

    • AVISPA

  • Applied Ο€-calculus groups

  • Security Protocols Workshop (Cambridge)

🧬 Systems + Theory Hybrid Groups

  • USENIX Security (theory-heavy subcommunity)

  • SOSP/OSDI formal verification clusters

  • Microarchitectural Security + Formal Models (Spectre/Meltdown theory work)

🧩 Category-Theory / Abstract Math Adjacent Security

These are smaller but intellectually deep:

  • Applied Category Theory for Cryptography

  • Monoidal categories & composable security

  • UC (Universal Composability) theory community

  • Game-based vs simulation-based security groups

πŸŽ“ Ongoing Reading Groups & Seminars (Informal but Active)

  • Cryptography Reading Groups (many universities, often open)

  • Security Semantics Seminar Series

  • Formal Methods in Security (FM-Sec) workshops

  • Mathematical Foundations of Cybersecurity seminars