I’m planning to review the OpenSSF Best Practices document to see if there are any areas we can improve on as a project when it comes to security and development practices. If I do find something that I think needs improvement, I’ll send out an RFC / Pull Request for that specific item so we can discuss.
If this interests you at all and you want to help, please let me know.