Skip to main content
All Posts By


InfoWorld: Linux Foundation Tackles Open Source Security with New Badge Program

By In the News

InfoWorld writer Fahmida Y. Rashid interviews Nicko van Someren, chief technology officer of The Linux Foundation about The Core Infrastructure Initiative’s Best Practices Badge program.

Businesses increasingly rely on open source software, but they usually don’t have a way to tell if developers are following secure coding practices, how they handle vulnerabilities and security updates, or how stable the software is. The CII Best Practices Badge program gives businesses answers to these questions.

Read more at InfoWorld.

CIO: CII’s Best Practices Badge Program is Making Open Source Projects More Secure

By In the News

Swapnil Bhartiya provides an overview of the CII Best Practices Badges Progam.

While open source projects boast of being more secure compared to proprietary solutions, the fact is not every project has resources or mechanism to ensure security. In many cases there are not enough eyeballs to render all bugs shallow.

CII enables technology companies, industry stakeholders and esteemed developers to collaboratively identify, fund and improve the security of critical open source projects.

Read more at CIO.

Softpedia News: Linux Foundation’s Badge Program Launches to Boost Security of Open Source Apps

By In the News

Marion Nester of Softpedia covers the basics of CII Best Practices Badges Program.

Dubbed CII Best Practices Badges, the free badge program has been created by Linux Foundation’s Core Infrastructure Initiative (CII) project. Its main goal is determining the security, stability, and quality and various open source software projects, and among the first to earn these badges are the well-known Linux kernel, OpenSSL, Node.js, GitLab, cURL, Zephyr, and OpenBlox.

Read more at Softpedia News.

SecurityWeek: No Exit: The Case for Moving Security Information Front and Center

By In the News

SecurityWeek has published an article by CII’s Emily Ratliff called No Exit: The Case for Moving Security Information Front and Center.

The top 4 were picked for brevity for this article, but I encourage you to compare the full lists for greater impact. With this in mind, the similarities between the two lists released 13 years apart are startling and humbling.

Read more at SecurityWeek.

Kees Cook Updates CollabSummit Attendees on the Kernel Self-Protection Project

By Blogs

Kees Cook entralled CollabSummit attendees last week with his update on how the Linux Kernel Self-Protection project is coming along. There are now developers from several different organizations (Google, Linaro, Oracle, Red Hat, Intel, one self-funded, and one funded by CII) participating in the project. Kees went into detail about how it is important to not stall out just fixing security bugs as they appear but that we need to proactively develop technology to defeat entire classes of bugs before they can be exploited (with examples). Kees’ charts are available online.