Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Open Source Security Software Linux

Linux Foundation Project Will Evaluate Security of Open Source Software 37

An anonymous reader writes: The Core Infrastructure Initiative (CII), a project managed by The Linux Foundation, is developing a new free Badge Program, seeking input from the open source community on the criteria to be used to determine security, quality and stability of open source software. The first draft of the criteria is available on GitHub and is spearheaded by David A. Wheeler, an open source and security research expert who works for the Institute for Defense Analyses and is also coordinating the CII's Census Project, and Dan Kohn, a senior adviser on the CII.
This discussion has been archived. No new comments can be posted.

Linux Foundation Project Will Evaluate Security of Open Source Software

Comments Filter:
  • Just one request... (Score:5, Interesting)

    by Penguinisto ( 415985 ) on Friday August 21, 2015 @08:57AM (#50361357) Journal

    Please, please, PLEASE do not let this thing get morphed into Yet Another Certification Program.

    Considering the expense and the mind-chewing bureaucratic colonoscopy that PCI (and similar) usually requires, I'd hate to see something similar have to happen to OSS dev projects - they can't afford that shit (either in time, attention, or money).

    If you're truly going to do it? Advise, not dictate. Not all OSS projects have big-name sponsors and gobs of money, so make it a service to the smaller ones if you can.

  • by Anonymous Coward
    My criteria is "not being drunk between christmas and new year eve while you commit a very important modification to a critical security library."
  • And the black-hats promptly try really hard to compromised the evaluation process... 0 day express in 3.. 2..

  • I can see this being used to knock out open source competitors.

If you didn't have to work so hard, you'd have more time to be depressed.

Working...