Open Source Sustainability Initiative landing page.

site/_data/menu.yml

@@ -11,6 +11,8 @@ about:
         href: /#our-projects
       - title: Our Sponsors
         href: /about/sponsors/
+      - title: Sustainability Initiative
+        href: /about/ossi.html
       - title: Foundation Bylaws
         href: /bylaws
       - title: Foundation Policies

site/_includes/layouts/display-ossi-sponsors.vto

@@ -0,0 +1,33 @@
+{{- if tier.layout == 1 }}
+<section class="cards wide">
+  {{- for sponsor of sponsorGroup }}
+  {{- set ossiHome = sponsor.ossi.home || sponsor.display.home }}
+  {{- set ossiDescription = sponsor.ossi.description || sponsor.display.description }}
+      <div class="card wide">
+          {{ include "layouts/display-logo.vto" { name: sponsor.name, display: sponsor.display, rel: "sponsored" } }}
+          <div class="text-content">
+              <h3><a href="{{ ossiHome }}" rel="sponsored">{{ sponsor.name }}</a></h3>
+              {{- if sponsor.ossi.role === 'founder' }}
+              <!-- TODO: founder badge -->
+              {{- /if }}
+              <p>{{ ossiDescription |> md(true) }}</p>
+          </div>
+      </div>
+  {{- /for }}
+{{- else if tier.layout == 2 }}
+<section class="cards wrapped">
+  {{- for sponsor of sponsorGroup }}
+  {{- set ossiHome = sponsor.ossi.home || sponsor.display.home }}
+  {{- set ossiDescription = sponsor.ossi.description || sponsor.display.description }}
+      <div class="card two">
+          {{ include "layouts/display-logo.vto" { name: sponsor.name, display: sponsor.display, rel: "sponsored" } }}
+          <div class="text-content">
+              {{- if sponsor.ossi.role === 'founder' }}
+              <!-- TODO: founder badge -->
+              {{- /if }}
+              <p>{{ ossiDescription |> md(true) }}</p>
+          </div>
+      </div>
+  {{- /for }}
+{{ /if -}}
+</section>

site/about/_data.ts

@@ -62,6 +62,11 @@ interface Sponsor {
     display?: Display;
     inKind?: Display;
     reps: AdvisorContact[];
+    ossi?: {
+        role: 'founder' | 'partner';
+        home?: string;
+        description?: string;
+    };
 }
 interface GroupedSponsors {
     [key: string]: Sponsor[];
@@ -250,6 +255,22 @@ function tier(tier: string): SponsorTier {
     return tiers[tier];
 }
 
+function ossiSponsors(): GroupedSponsors {
+    const result: GroupedSponsors = {};
+    for (const [key, sponsors] of Object.entries(groupedSponsors)) {
+        if (key === 'inKind') continue;
+        const ossi = sponsors.filter(s => s.ossi);
+        if (ossi.length === 0) continue;
+        // founders first, then partners, otherwise preserve order
+        result[key] = ossi.sort((a, b) => {
+            if (a.ossi?.role === 'founder' && b.ossi?.role !== 'founder') return -1;
+            if (a.ossi?.role !== 'founder' && b.ossi?.role === 'founder') return 1;
+            return 0;
+        });
+    }
+    return result;
+}
+
 function members(): User[] {
     return Object.values(USER_DATA)
         .filter((user: User) => user.groups?.includes(MEMBERS) && user.groups?.length === 1);
@@ -272,5 +293,6 @@ export {
     filteredTiers,
     inKind,
     members,
-    supporters
+    supporters,
+    ossiSponsors
 }

site/about/ossi.md

@@ -0,0 +1,84 @@
+---
+title: Open Source Sustainability Initiative
+description: Our Open Source Sustainability Initiative and Partners
+templateEngine: [vto]
+index: true
+metas:
+  robots: true
+cssclasses:
+- projects
+- sponsors
+scripts:
+- /assets/random-sponsor.js
+---
+<p>The Commonhaus Foundation Open Source Sustainability Initiative (OSSI) recognizes organizations
+that take responsibility for the security and stability of open source software beyond its end-of-life (EOL).
+For organizations that depend on EOL software but cannot yet upgrade, OSSI partners provide continued security support and compatibility fixes.</p>
+
+<p>Explore our partners below, or <a href="#about-the-initiative">learn more about the initiative</a> and <a href="#joining-the-initiative">how to join</a>.</p>
+
+<hr />
+
+{{- set ossiSponsors = page.data.ossiSponsors() }}
+{{- set tiers = page.data.filteredTiers(ossiSponsors) }}
+{{- if Object.keys(ossiSponsors).length == 0 }}
+<p>Coming soon 🚀 </p>
+{{ else }}
+{{- for key, tier of tiers }}
+{{- if ossiSponsors[key] }}
+{{- set sponsorGroup = ossiSponsors[key] }}
+<h2 id="{{key}}-initiative-partners"><a class="header-anchor" href="#{{key}}-initiative-partners">{{ tier.name }} Initiative Partners</a></h2>
+{{ include "layouts/display-ossi-sponsors.vto" { tier: tier, sponsorGroup: sponsorGroup } }}
+{{ /if -}}
+{{ /for -}}
+{{ /if }}
+
+<hr />
+
+<h2 id="about-the-initiative"><a class="header-anchor" href="#about-the-initiative">About the Initiative</a></h2>
+
+<p>Legacy codebases, compliance requirements, and complex dependency chains can make immediate upgrades impractical.
+Our OSSI partners bridge that gap, providing ongoing support for EOL software so that project maintainers can focus on what's next.</p>
+
+<p>Commonhaus projects are expected to clearly identify end-of-life and unsupported releases and link to this initiative as a resource for users seeking continued support.</p>
+
+<hr />
+
+<h2 id="pertner-commitments"><a class="header-anchor" href="#partner-commitments">Partner commitments</a></h2>
+
+<p>Each OSSI partner determines which software and versions it supports. Inclusion in OSSI does not mean that every partner supports every Commonhaus project or every EOL release.</p>
+
+<p>For the software a partner does support, you can expect them to:</p>
+
+<ul>
+  <li>identify, triage, and remediate security vulnerabilities in EOL software;</li>
+  <li>deliver security and compatibility fixes to users who cannot yet upgrade;</li>
+  <li>coordinate vulnerability disclosure with Commonhaus projects and upstream maintainers.</li>
+</ul>
+
+<hr />
+
+<h2 id="joining-the-initiative"><a class="header-anchor" href="#joining-the-initiative">Joining the Initiative</a></h2>
+
+<p>Participation is open to organizations that meet all of the following requirements:</p>
+
+<ul>
+  <li>Active Gold or Silver annual sponsorship of the Commonhaus Foundation;</li>
+  <li>Current SOC 2 Type 1 and Type 2 certification(s);</li>
+  <li>Substantive prior work on at least two (2) CVEs affecting EOL open source software relevant to Commonhaus projects, including remediation, coordinated disclosure, or delivery of fixes; and</li>
+  <li>Commitment to supporting the EOL software they cover and coordinating responsible CVE disclosure with project maintainers to minimize the window of unpatched vulnerability exposure.</li>
+</ul>
+
+<p>To apply, see our <a href="/about/sponsorship.html">sponsorship tiers and benefits</a> and contact us at <a href="mailto:sponsors@commonhaus.org">sponsors@commonhaus.org</a>.</p>
+
+<hr />
+
+<h2 id="governance-and-independence"><a class="header-anchor" href="#governance-and-independence">Governance and independence</a></h2>
+
+<p>OSSI operates within the Commonhaus Foundation's existing governance structure.
+Participation does not grant governance rights, authority over project roadmaps or technical direction, or endorsement beyond inclusion in this initiative.
+Foundation governance and project stewardship remain defined by the <a href="/bylaws/">bylaws</a> and <a href="/policies/">policies</a>.</p>
+
+<p>Services listed here are provided by the named partners directly, not by the Commonhaus Foundation.
+Each partner determines the specific software they support — the Foundation makes no guarantees about coverage or availability.
+Use of Commonhaus project names and logos must comply with Foundation trademark guidelines.</p>