Topics

The Linux kernel has earned a gold badge!


David Wheeler
 

All: I want to formally congratulate the Linux kernel project for
earning a gold badge!! You can see their details here:
https://bestpractices.coreinfrastructure.org/en/projects/34

The Linux kernel has been close for a while. The final one they
completed was to add some HTTP hardening headers to key websites.

Of course, a gold badge doesn't mean that there are no
vulnerabilities, or that it's impossible to improve their development
processes. Perfection is rare in this life. But it *does* mean that
they've implemented a large number of good practices to keep the
project sustainable, to counter vulnerabilities from entering their
software, and to address vulnerabilities when they are found. The
Linux kernel project take many steps to do this, and it's good to see.

The Linux kernel joins some of the few other gold applications, such
as the Zephyr project who have been at gold for a while. You can see
the current gold holders here:
https://bestpractices.coreinfrastructure.org/en/projects?gteq=300

My thanks to Greg KH, who spearheaded getting the badge "over the
finish line". Thank you for your effort.

I hope that this result will help inspire other projects to pursue -
and earn - a gold badge. Of course, the real goal isn't a badge - the
real goal is to make our software much more secure. But I think it's
clear that good practices can help make our software more secure, and
we want to praise & encourage projects to have good practices.

-- David A. Wheeler
Director of Open Source Supply Chain Security, The Linux Foundation


Georg Link
 

This is fantastic news!
Congratulations to the Linux Kernel.

Thanks for highlighting this achievement.

Georg


On Wed, Jun 10, 2020 at 1:05 PM David Wheeler <dwheeler@...> wrote:
All: I want to formally congratulate the Linux kernel project for
earning a gold badge!! You can see their details here:
 https://bestpractices.coreinfrastructure.org/en/projects/34

The Linux kernel has been close for a while. The final one they
completed was to add some HTTP hardening headers to key websites.

Of course, a gold badge doesn't mean that there are no
vulnerabilities, or that it's impossible to improve their development
processes. Perfection is rare in this life. But it *does* mean that
they've implemented a large number of good practices to keep the
project sustainable, to counter vulnerabilities from entering their
software, and to address vulnerabilities when they are found. The
Linux kernel project take many steps to do this, and it's good to see.

The Linux kernel joins some of the few other gold applications, such
as the Zephyr project who have been at gold for a while. You can see
the current gold holders here:
https://bestpractices.coreinfrastructure.org/en/projects?gteq=300

My thanks to Greg KH, who spearheaded getting the badge "over the
finish line". Thank you for your effort.

I hope that this result will help inspire other projects to pursue -
and earn - a gold badge. Of course, the real goal isn't a badge - the
real goal is to make our software much more secure. But I think it's
clear that good practices can help make our software more secure, and
we want to praise & encourage projects to have good practices.

-- David A. Wheeler
    Director of Open Source Supply Chain Security, The Linux Foundation





--
Georg Link, PhD
(he/him)


Kate Stewart
 

Excellent news!   Kudo's to Greg and the other contributors to making this happen!


On Wed, Jun 10, 2020 at 1:05 PM David Wheeler <dwheeler@...> wrote:
All: I want to formally congratulate the Linux kernel project for
earning a gold badge!! You can see their details here:
 https://bestpractices.coreinfrastructure.org/en/projects/34

The Linux kernel has been close for a while. The final one they
completed was to add some HTTP hardening headers to key websites.

Of course, a gold badge doesn't mean that there are no
vulnerabilities, or that it's impossible to improve their development
processes. Perfection is rare in this life. But it *does* mean that
they've implemented a large number of good practices to keep the
project sustainable, to counter vulnerabilities from entering their
software, and to address vulnerabilities when they are found. The
Linux kernel project take many steps to do this, and it's good to see.

The Linux kernel joins some of the few other gold applications, such
as the Zephyr project who have been at gold for a while. You can see
the current gold holders here:
https://bestpractices.coreinfrastructure.org/en/projects?gteq=300

My thanks to Greg KH, who spearheaded getting the badge "over the
finish line". Thank you for your effort.

I hope that this result will help inspire other projects to pursue -
and earn - a gold badge. Of course, the real goal isn't a badge - the
real goal is to make our software much more secure. But I think it's
clear that good practices can help make our software more secure, and
we want to praise & encourage projects to have good practices.

-- David A. Wheeler
    Director of Open Source Supply Chain Security, The Linux Foundation