The Core Infrastructure Initiative (CII) and our members understand that preventing the next Heartbleed not only requires supporting new and established projects but educating the open source ecosystem and the companies who support it on secure coding practices. CII is offering a full suite of programs to fortify open source security. More detail on our programs is provided below.
The Census Program identifies open source projects that might constitute Core Infrastructure.
The Audit Program arranges for security audits of open source projects, with a focus on projects identified by the Census Program as Core Infrastructure.
The Best Practices Program outlines best practices for open source projects and offers a set of tools to measure and communicate compliance with best practices recommendations.