This week Dave (https://twitter.com/davidegts) and Gunnar (http://atechnologyjobisnoexcuse.com/about) talk with Dr. David A. Wheeler (https://twitter.com/drdavidawheeler) about what’s new at the Linux Foundation, a brand-new free course on developing secure software, some survey results, and recent news concerning SolarWinds.
Open Source Security Foundation (OpenSSF) (https://openssf.org/) of the Linux Foundation replaces the Core Infrastructure Initiative (CII) and has several working groups
Secure Software Development Fundamentals Courses (https://openssf.org/edx-courses/)
The Linux Foundation’s Core Infrastructure Initiative (CII) Badge Program (https://bestpractices.coreinfrastructure.org/en) is now part of the OpenSSF Best Practices Working Group
Project statistics (https://bestpractices.coreinfrastructure.org/project_stats), now >3,500 participating projects & >500 passing badges
If you develop OSS, make sure your projects are pursuing a badge (https://bestpractices.coreinfrastructure.org/)
“Report on the 2020 FOSS Contributor Survey” (https://www.linuxfoundation.org/en/press-release/new-open-source-contributor-report-from-linux-foundation-and-harvard-identifies-motivations-and-opportunities-for-improving-software-security/) - these are the RESULTS of the survey call we discussed last time - THANK YOU to everyone who participated in the contributor survey
If you’re interested, please join!
The Linux Foundation (https://www.linuxfoundation.org/) (other than OpenSSF)
Linux Foundation Energy (https://www.lfenergy.org/)
Linux Foundation Public Health (https://www.lfph.io/)
The Linux Foundation Public Health Initiative Sponsored the Audit of COVID Exposure Notification Apps. Here Are The Results! (OSTIF) (https://ostif.org/the-linux-foundation-public-health-initiative-sponsored-the-audit-of-covid-exposure-notification-apps-here-are-the-results/) - “Because of these two reviews, both applications have had improvements implemented to correct potential issues. This review provides assurances that the applications are generally safe and private.”
Reproducible Builds in December 2020 (https://reproducible-builds.org/reports/2020-12/)
Preventing Supply Chain Attacks like SolarWinds (https://www.linuxfoundation.org/en/blog/preventing-supply-chain-attacks-like-solarwinds/)
Be sure to visit David on the internet at dwheeler.com (https://dwheeler.com/)!
We Give Thanks
* Dr. David A. Wheeler (https://twitter.com/drdavidawheeler) for being our special guest star! Special Guest: David A. Wheeler.
