Linux Community to Share Inputs on New Badge Program
SEATTLE, WA: The Core Infrastructure Initiative (CII), a project managed by The Linux Foundation that enables technology companies, industry stakeholders and developers to collaboratively identify and fund critical open source projects in need of assistance, has announced the introduction of a new free Badge Program, seeking input from the open source software.
The first draft is published on GitHub by David A. Wheeler, an open source and security research expert who works for the Institute for Defense Analyses (IDA) and Dan Kohn, a senior advisor on the CII.
Since today more and more industries and businesses are becoming increasingly dependent on open source platform, determining the best maintained and most secure and reliable open source to use is a challenging task even for the most experienced and seasoned developers. The self-assessment and the badges that will follow are designed to be simple, and a fairly straight forward way to showcase their commitment towards security and quality. The criteria aims to encourage open source software (OSS) projects to take positive steps with both in mind and to help users know which projects are taking a positive approach.
“By coming out early with some initial criteria, we hope that the community will quickly get involved and not only influence the questions, but also acknowledge how important it is for developers to be able to quickly assess the health of a project that they depend on," says Emily Ratliff, Senior Director of Infrastructure Security at The Linux Foundation.
Vulnerabilities can still exist in projects that consistently follow best practices. Many suggest a multi-person review to successively reduce vulnerabilities. Currently the criteria include general best practices combined with questions specific to security.