The criterion “license_location” says: > The project MUST post the license(s) of its results in a standard location in their source repository. {Met URL} [license_location] Issue #1544 proposes to

FYI: The "Report on the 2020 FOSS Contributor Survey” has been released from the Linux Foundation & The Laboratory for Innovation Science at Harvard. Authors are: Frank Nagle (Harvard Business

FYI, I thought it might be useful to summarize recent minor updates to the CII Best Practices badge. They don’t change anything substantive, but I wanted to make sure you were aware of

This is an automated monthly status report of the best practicesbadge application covering the month 2020-12. Here are some selected statistics for most recent completed month,preceded by the same

As mentioned earlier, several issues proposed tweaks to the CII Best Practices criteria or related text. Here are the pull requests that make those changes. Please note any last-minute issues, I

FYI: I was on FLOSS Weekly #609 to talk about “Open Source Security”. It’s available here: https://twit.tv/shows/floss-weekly/episodes/609?autostart=false I pointed out the CII Best Practices

All: Now that the CII Best Practices badge is part of the OpenSSF, there needs to be a discussion about whether or not it should eventually be rebranded to specifically note the OpenSSF, and if so,

We have several proposed tweaks to the CII Best Practices criteria or related text. Comments are very welcome in either the specific GitHub issue or here on the mailing list. Details below. --- David

This is an automated monthly status report of the best practicesbadge application covering the month 2020-11. Here are some selected statistics for most recent completed month,preceded by the same

All: There is now a *free* set of 3 courses on how to develop secure software, titled “Secure Software Development Fundamentals”. I wrote it, with lots of comments & help from others. Special

This is an automated monthly status report of the best practicesbadge application covering the month 2020-10. Here are some selected statistics for most recent completed month,preceded by the same

All: I must bring you the sad news that Dan Kohn has died. Dan was a pioneer who helped many people. Among many other things, he oversaw the explosive growth of the Cloud Native Computing Foundation

Other than describing the SACM's ArgumentReasoning symbol as a "half-rectangle", I have no objections. (A "half-rectangle" is also itself a rectangle, so I think some alternate description would be

For the BadgeApp we include an “assurance case”, that is, a set of claims/arguments/evidence explaining why we think it’s secure. You can see the assurance case

Adding Sean to this thread, as CHAOSS risk metrics have a dashboard that uses the CII badge information. Sean - any impact expected from your perspective? Thanks,

Some overeager people are trying to spider the entire best practices site all at once. This can cause trouble for everyone else. Our current rate limits don’t trigger soon enough, because they cover

This is an automated monthly status report of the best practicesbadge application covering the month 2020-08. Here are some selected statistics for most recent completed month,preceded by the same

All: Here's some proposed criteria introduction text. Comments? It's lengthy, so I want to fix it up *before* our translators have to deal with it. The plan is to use this text to enable people to

FYI: I intend to soon rename the route "/criteria" to "/criteria_stats". We can then use "/criteria" to display the actual criteria in the selected locale. This is technically a change in the

All: Minor correction. The more common term seems to be "allowlist" not "acceptlist" . E.g.: https://www.zdnet.com/article/linux-team-approves-new-terminology-bans-terms-like-blacklist-and-slave/ So I