The Core Infrastructure Initiative (CII) and our members understand that preventing the next Heartbleed not only requires supporting new and established projects but educating the open source ecosystem and the companies who support it on secure coding practices. CII is offering a full suite of programs to fortify open source security. More detail on our programs is provided below.
Identify
The Census Program identifies open source projects that might constitute Core Infrastructure.
Audit
The Audit Program arranges for security audits of open source projects, with a focus on projects identified by the Census Program as Core Infrastructure.
Advise
The Best Practices Program outlines best practices for open source projects and offers a set of tools to measure and communicate compliance with best practices recommendations.
Assist
The Assistance Program makes grants and provides assistance to open source projects, primarily for the purpose of improving security.
