Monthly Archives

June 2017

CII Best Practices Badge Program Announces Higher-level Certification and Expanded Language Support

By | Blogs | No Comments

In May last year the CII launched it’s Best Practices Badge program, a qualitative self-assessment approach that is available online, the CII Best Practices Badge program allows open source projects to grade themselves against a set of best practices for open source development.

Today we are pleased to announce the next stage of the Best Practice Badge program, which adds two major upgrades to the original program: higher-level certification and internationalisation.

Since formally launching 13 months ago, more than 850 projects have signed up for the process, requiring project maintainers to answer an extensive questionnaire about their development process and explain how they meet the 60+ criteria. While this is a self-assessment process that does not mean that it is a low bar; so far about 10 percent have passed while many projects are making changes to allow them to meet the requirements. Projects that have received their badges so far include GitLab, Hyperledger Fabric, Linux, NTPSec, Node.js, OPNFV, OpenBlox, OpenSSL, OpenStack, and Zephyr.

The below chart shows the number of projects working toward earning a badge and indicates meaningful progress across the board. More CII Best Practices Badges growth and pass rate statistics can be found here.

Diagram Project Progress

It has always been our intention to use the program to push projects to raise their own standards and, to that end, today we are launching two new badges for projects that meet these higher standards. In addition to the original “Passing” badge, we are adding enhanced “Silver” and “Gold” badges. The new criteria for badges for silver and gold levels build on the existing criteria for the “Passing” level.

The new levels raise the bar in a number of areas and are meant to help identify projects that are not only highly committed to improving the quality and security of their code, but are also mindful and proactive with other success factors. For developers, the badges signal which projects are well-organized and easy to participate in, especially for newcomers. For consumers, the changes will ease the on ramp by requiring quick start guides, for example. While criteria that calls for even more rigorous development best practices will instill increased confidence with businesses leveraging open source. In fact, meeting the new criteria especially at the Gold level, will likely not be achievable by numerous small and single-organization projects.

To earn a silver badge, for example, projects are now required to adopt a code of conduct, clearly define their governance model, upgrade crypto_weaknesses and use at least one static analysis tool to look for common vulnerabilities in the analyzed language or environment, if possible.

The other change that we are excited to announce is internationalisation. To broaden the program’s reach and make it easier for projects around the world to participate in the Best Practice Badge program we have updated the Badge application to support multiple languages. We are launching the site with full Chinese and French language support today and German, Russian and Japanese in progress. We would especially like to thank CII member company Huawei for their generous support of the translation into Chinese and Yannick Moy for hard work translating the site into French.

 As with the original work, David Wheeler, project leader at the Institute for Defense Analyses, did the hard work to expand the program. We continue to welcome community feedback, especially on the translation work. To get involved, please join the cii-badges mailing list and track us on GitHub at coreinfrastructure/best-practices-badge. Or course, we also encourage projects to begin the CII Best Practices Badge application process.

For those attending LinuxCon | ContainerCon | CloudOpen China, CII Program Director Marcus Streets is presenting “The Core Infrastructure Initiative: Its First Three Years and Onwards to the Future” on June 20th. He will also share more on these new developments and explain how you can apply for a badge for your free software project.

Thales Joins Linux Foundation’s Core Infrastructure Initiative

By | Announcements

New Gold Member Partners with CII to Improve Internet Security and Fortify Open Source Infrastructure

San Francisco, June 6, 2017 – The Core Infrastructure Initiative (CII), a project managed by The Linux Foundation that collaboratively works to improve the security and resilience of critical open source projects, today announced that Thales is joining as a new gold member.

A leader in critical information systems, cybersecurity and data security, Thales offers advanced data security solutions and services, delivering trust wherever information is created, shared or stored. It is recognized for its deep information and cryptographic security expertise that enables organizations to confidently accelerate their digital transformation. Thales technology is found right across the enterprise, in financial services, retail, healthcare and government and secures more than 80% of debit card transactions around the world.

The CII’s mission is to ensure that the open source code that underpins business today is secure and resilient. Many of the world’s largest technology companies already belong to CII, and Thales is the first global security business to join the initiative.

“CII is incredibly excited to see our membership base expand and add a security-focused company like Thales, which has a vast understanding of the complex information technology demands we face in today’s digital world,” said Nicko van Someren, CII Executive Director. “Its investment validates the importance of CII and is a great vindication of our work to security harden open source infrastructure to combat today’s complicated threat landscape.”

“Thales has implemented open source building blocks and standards both internally and for customers for two decades,” said Jon Geater, Chief Technology Officer at Thales e-Security. “Open Source in general and Linux in particular have become core to delivery of modern products and system, offering distinct utility, cost and performance advantages that we increasingly leverage to solve real-world problems. By joining CII we can bring our expertise and focus on security to bear on strengthening core open source infrastructure and working to eliminate the security weaknesses that can emerge from less well maintained or directed inclusion of Open Source technology into products and infrastructure in the Cloud and IoT era. This shared vision of Thales and the Linux Foundation is critical to Thales’s strategic development objectives, our ability to serve our customers, and to improving the state of the Connected World more generally.”

CII recently celebrated its three-year anniversary and announced a new governance structure to enable it to scale up its operations going forward.

About Thales e-Security

Thales e-Security is the leader in advanced data security solutions and services, delivering trust wherever information is created, shared or stored. We ensure that company and government data is secure and trusted in any environment – on premise, in the cloud, in data centers and in big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and meeting the highest standards of certification for high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group. www.thales-esecurity.com

About Thales

Thales is a global technology leader for the Aerospace, Transport, Defense and Security markets. With 64,000 employees in 56 countries, Thales reported sales of €14.9 billion in 2016. With over 25,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its exceptional international footprint allows it to work closely with its customers all over the world.

About The Core Infrastructure Initiative

CII is a multimillion-dollar project that funds and supports critical open source elements of the global information infrastructure. It is organized by The Linux Foundation and supported by Amazon Web Services, Bloomberg, Cisco, Dell, Facebook, Fujitsu, Google, Hitachi, Huawei, Intel, Microsoft, NetApp, NEC, salesforce.com, and VMware. Moving beyond funding projects, CII is introducing preemptive tools and programs to help the open source ecosystem and the companies who support it deploy secure coding practices. For more information, please visit: https://www.coreinfrastructure.org/.

About The Linux Foundation

The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the Linux operating system and collaborative software development by marshaling the resources of its members and the open source community. The Linux Foundation provides a neutral forum for collaboration and education by hosting Collaborative Projects, Linux conferences, including LinuxCon and generating original research and content that advances the understanding of Linux and collaborative software development. More information can be found at http://www.linuxfoundation.org.

###

The Linux Foundation, Linux Standard Base, MeeGo, Tizen and Yocto Project are trademarks of The Linux Foundation. OpenBEL is a trademark of OpenBEL Consortium. OpenDaylight is a trademark of the OpenDaylight Project, Linux is a trademark of Linus Torvalds.