The criterion “license_location” says: > The project MUST post the license(s) of its results in a standard location in their source repository. {Met URL} [license_location] Issue #1544 proposes to als

FYI: The "Report on the 2020 FOSS Contributor Survey” has been released from the Linux Foundation & The Laboratory for Innovation Science at Harvard. Authors are: Frank Nagle (Harvard Business School)

FYI, I thought it might be useful to summarize recent minor updates to the CII Best Practices badge. They don’t change anything substantive, but I wanted to make sure you were aware of them. Hopefully

This is an automated monthly status report of the best practices badge application covering the month 2020-12. Here are some selected statistics for most recent completed month, preceded by the same s

We have several proposed tweaks to the CII Best Practices criteria or related text. Comments are very welcome in either the specific GitHub issue or here on the mailing list. Details below. --- David

FYI: I was on FLOSS Weekly #609 to talk about “Open Source Security”. It’s available here: https://twit.tv/shows/floss-weekly/episodes/609?autostart=false I pointed out the CII Best Practices badge, t

All: Now that the CII Best Practices badge is part of the OpenSSF, there needs to be a discussion about whether or not it should eventually be rebranded to specifically note the OpenSSF, and if so, wh

This is an automated monthly status report of the best practices badge application covering the month 2020-11. Here are some selected statistics for most recent completed month, preceded by the same s

All: There is now a *free* set of 3 courses on how to develop secure software, titled “Secure Software Development Fundamentals”. I wrote it, with lots of comments & help from others. Special thanks g

This is an automated monthly status report of the best practices badge application covering the month 2020-10. Here are some selected statistics for most recent completed month, preceded by the same s

All: I must bring you the sad news that Dan Kohn has died. Dan was a pioneer who helped many people. Among many other things, he oversaw the explosive growth of the Cloud Native Computing Foundation (

For the BadgeApp we include an “assurance case”, that is, a set of claims/arguments/evidence explaining why we think it’s secure. You can see the assurance case here: https://github.com/coreinfrastruc

Some overeager people are trying to spider the entire best practices site all at once. This can cause trouble for everyone else. Our current rate limits don’t trigger soon enough, because they cover *

This is an automated monthly status report of the best practices badge application covering the month 2020-08. Here are some selected statistics for most recent completed month, preceded by the same s

All: Here's some proposed criteria introduction text. Comments? It's lengthy, so I want to fix it up *before* our translators have to deal with it. The plan is to use this text to enable people to mor

FYI: I intend to soon rename the route "/criteria" to "/criteria_stats". We can then use "/criteria" to display the actual criteria in the selected locale. This is technically a change in the user-vis

All: This pull request:https://github.com/coreinfrastructure/best-practices-badge/pull/1449 renames “whitelist” to “acceptlist” and “blacklist” to “denylist" everywhere in the CII Best Practices badge

I’m one of the many people working on the Linux ONAP (Open Networking Automation Platform) Project. We chose to pursue CII badges from the very beginning, but because of the size of the project, we ch

All: Here's a team report, as part of an architecture class, where they examined open source software projects: https://se.ewi.tudelft.nl/desosa2019/ If you look at a part that discusses Zephyr: https

All: CHAOSS Podcast #10 is now available, titled "Managing Risks and Opportunities in Open Source with Frank Nagle & David A. Wheeler". The hosts were Georg Link, Sean Goggins, and Kate Stewart. The p