I’m one of the many people working on the Linux ONAP (Open Networking Automation Platform) Project. We chose to pursue CII badges from the very beginning, but because of the size of the project, we ch

All: Here's a team report, as part of an architecture class, where they examined open source software projects: https://se.ewi.tudelft.nl/desosa2019/ If you look at a part that discusses Zephyr: https

All: CHAOSS Podcast #10 is now available, titled "Managing Risks and Opportunities in Open Source with Frank Nagle & David A. Wheeler". The hosts were Georg Link, Sean Goggins, and Kate Stewart. The p

All: The CII mailing list service is expected to soon switch to the “Linux Foundation Single Sign-on (SSO)” system for logging in to the mailing list service. This is part of an LF effort to have *one

If you're a contributor to Free/Libre and Open Source Software (FOSS), please participate in the LF CII / Harvard FOSS survey! Here are more details, with a link at the bottom to the actual survey: ht

All: A recent paper looked at Heartbleed’s impact on OpenSSL: “The Impact of a Major Security Event on an Open Source Project:The Case of OpenSSL” by James Walden, 2020, https://arxiv.org/abs/2005.142

All - I thought you might like to know that I recently posted a blog post titled "Why CII best practices gold badges are important": https://www.linuxfoundation.org/blog/2020/06/why-cii-best-practices

All: I want to formally congratulate the Linux kernel project for earning a gold badge!! You can see their details here: https://bestpractices.coreinfrastructure.org/en/projects/34 The Linux kernel ha

Georg Link has proposed that we switch from the translation.io translation management system to a different system (in particular, Weblate). If you have thoughts on such a potential change, or informa

This is an automated monthly status report of the best practices badge application covering the month 2020-05. Here are some selected statistics for most recent completed month, preceded by the same s

I propose that for the "hardened_sites" criterion we stop requiring the HTTP header X-XSS-Protection, and that we require CSP & explain why. Here's the background. The Linux kernel is failing to meet

This change makes perfect since. Best, Jason N. Dossett, Ph.D. Research Staff Member Institute for Defense Analyses 4850 Mark Center Drive, Alexandria, VA 22311 Phone: 703-578-2773 Email: jdossett@...

This is an automated monthly status report of the best practices badge application covering the month 2020-04. Here are some selected statistics for most recent completed month, preceded by the same s

This is an automated monthly status report of the best practices badge application covering the month 2020-03. Here are some selected statistics for most recent completed month, preceded by the same s

All: As of today, I am a full-time employee of the Linux Foundation. My official title is "Director, Open Source Supply Chain Security". Basically, I'm going to working full-time on various efforts to

This is an automated monthly status report of the best practices badge application covering the month 2020-02. Here are some selected statistics for most recent completed month, preceded by the same s

FYI, we have implemented some simple spam countering mechanisms on the best practices badge application. Most trivially, whenever someone tries to create a project badge entry, they now see this: We'v

This is an automated monthly status report of the best practices badge application covering the month 2020-01. Here are some selected statistics for most recent completed month, preceded by the same s

CII Badging community, I just updated the ESAPI project on the CII Badges site to account for a newly discovered CVE. Specifically, I added this verbiage: Most Software Compositional Analysis tools /

David, et al, Does the username / password for https://bestpractices.coreinfrastructure.org/ now require it to be done via GitHub? I just tried to login using my Gmail account (which was how I registe