The Core Infrastructure Initiative (CII) and our members understand that preventing the next Heartbleed not only requires supporting new and established projects but educating the open source ecosystem and the companies who support it on secure coding practices. CII is offering a full suite of programs to fortify open source security. More detail on our programs is provided below.
The CII Badge Program is a free program designed with the open source community with criteria that evolves to allow for compensating controls rather than a strict mechanical process.
The Census project is an experimental tool to help parse through the known data about popular open source projects to help identify the ones that should be tested to see if they need some help.
Tooling is expensive. Building tools that open source projects can rely on is very expensive. But tooling scales and investments in tooling pay off in improved security and verifiability in multiple projects.
CII members work with the industry and community to educate on these best practices through conference presentations where they discuss active issues and what is being done to resolve them.