The Linux Foundation Core Infrastructure Initiative’s badging program matures, as the first projects to achieve security badges are announced.
InfoWorld writer Fahmida Y. Rashid interviews Nicko van Someren, chief technology officer of The Linux Foundation about The Core Infrastructure Initiative’s Best Practices Badge program.
Businesses increasingly rely on open source software, but they usually don’t have a way to tell if developers are following secure coding practices, how they handle vulnerabilities and security updates, or how stable the software is. The CII Best Practices Badge program gives businesses answers to these questions.
Eduard Kovacs provides a list of projects that received badges as part of its best practices program so far.
The list of projects that earned badges so far includes Node.js, the Linux kernel, GitLab, OpenSSL, Curl, OpenBlox, the Zephyr Project, and Syncthing. Tens of other open source apps are in the process of getting certified.
The Linux Foundation’s chief technology officer Nicko van Someren explains the importance of a unifying open source badge program.
Swapnil Bhartiya provides an overview of the CII Best Practices Badges Progam.
While open source projects boast of being more secure compared to proprietary solutions, the fact is not every project has resources or mechanism to ensure security. In many cases there are not enough eyeballs to render all bugs shallow.
CII enables technology companies, industry stakeholders and esteemed developers to collaboratively identify, fund and improve the security of critical open source projects.
Read more at CIO.