OpenSSF best practices badge

[planetf1]

The openssf best practices badge can demonstrate a project follows best practice.

Unlike the scorecard, this badge has specific levels: bronze, silver, gold. Rather than automated checks it is a self-assessment where a project can explain their approach to a particular aspect.

In previous work I undertook, we achieved silver (nearly gold) on our egeria project

Originally opened as PQCA TAC issue #45 . We discussed on the TAC, and felt it was down to individual projects to decide whether to adopt, and at what pace. If oqs were to adopt we could feedback to pqca.

No deadline/timeline but as noted by @baentsch in the original issue, this is related to #1 github.com/orgs/open-quantum-safe/discussions/1892

Note: Apologies I won't be able to make TSC/further meetings this month to discuss

[baentsch]

As any other "badge" this can lead to self-delusion (of code and project quality that doesn't exist in reality) and worse, may mis-lead users ("Gold must be perfectly secure code"). As this program in addition seems to be even just a "self-certification" I don't really see value in spending time on this, particularly considering OQS has a contribution/participation problem already (see the growing list of un-handled issues and drop in utility (performance, interop, support of standard algs, just to name a few)) and IMO priority should thus be given to work improving the code over the addition of what I see --in the present state of the project-- as merely just another marketing gimmick.