New badge: Bareflank hypervisor

David A. Wheeler

All: We have a new badge-holder: Bareflank hypervisor.  Details:

It “aims to provide all of the scaffolding needed to rapidly prototype new hypervisors.”


Overall it looks good.  It’s a GitHub-host project, so we already know how some of the questions typically get answered.  It’s in C++.  A few interesting points:

* For static analysis they use Clang-Tidy and Coverity.

* For the “Secure development knowledge” questions they justify their knowledge using linkedin URLs.  I think that is an *awesome* way to make that justification – maybe we should even modify the “details” text to mention that as a way to do it.  They’re the first to use a linkedin URL this way (see below for proof).

* They originally used a non-https URL for their project page, but that wasn’t necessary – they just needed to use their https URL instead, which is: <>.  We could detect “” and automatically upgrade projects to their https address, since that’s a special but common case.

* They have a clear vulnerability reporting process that *requires* reports to be made public.  While that’s not the way I would personally do it, we *specifically* devised the criteria to permit this, because some projects do it that way… and they are quite clear about it.


They also have a video that lacks audio, but it still makes me want to try it out.  Hey, I *like* playing with stuff :-).


--- David A. Wheeler


P.S. I’m not just guessing regarding linkedin.  I ran this query, and this is the *only* matching record:

SELECT id,know_secure_design_justification,know_common_errors_justification FROM projects WHERE know_secure_design_justification LIKE '%linkedin%' OR know_common_errors_justification LIKE '%linkedin%';"

So this is an interesting first.