Linux Foundation Furthers Security Efforts with Badge Issuance Program
By apacciooutlook | Monday, December 03, 2018
SAN FRANSISCO, CA: The Core Infrastructure Initiative (CII), a Linux Foundation based project, announces the availability of CII Best Practices Badges. The CII Best Practices Badges are issued for those developers whose software’s pass the security test conducted by it.
The CII Best Practices is a free program that determines and evaluates security, quality and stability of open source softwares. The online application enables developers to verify and know if they are following the best open source security practices. The test is done through a trusted source.
Once software meets the standard criteria and clears the test, developers are given a badge on GitHub and other online properties. The latest badges include an assessment of OpenSSL,an open source software responsible for most encryption on the internet.
The biggest challenge faced by developers for both proprietary and open source software is determining the security of the project or software. With open source software increasing in supporting more and more of the world’s critical infrastructure, ensuring the best practices for security, quality and stability of the code is required.
The CII Best Practices Badge program is an open source project designed in collaboration with the community and seeks constant participation to ensure the most relevant criteria for the badge is included and continually updated.
Some of the early badge earners include Curl, GitLab, the Linux kernel, OpenBlox, OpenSSL, Node.js and Zephyr.
“Open source projects often have very good security practices in place but need a way to validate those against industry and community best practices and ensure they’re always improving,” says Nicko van Sommeren, chief technology officer at The Linux Foundation. “Thanks to the generous contributions by the Core Infrastructure Initiative supporters, we’re able to provide this program to educate developers on security best practices and provide a directory for developers and CIOs to understand what projects have an understanding and methodology that focuses on security.”
