Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Linux Foundation Advances Security Efforts via Badging Program

    Written by

    Sean Michael Kerner
    Published May 5, 2016
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Back in August 2015, the Linux Foundation Core Infrastructure Initiative (CII) announced a new badging effort to help open-source projects with security best practices. On May 3, the first groups to achieve the security badge were formally announced, and they include Curl, GitLab, OpenBlox, OpenSSL, Node.js, Zephyr and the Linux kernel.

      To earn a badge, projects must comply with a set of security best practices as outlined in the CII Best Practices Badge GitHub repository. Most of the items are either automatically verified—for example, providing encrypted access to a repository—or obvious, such as providing good release notes, according to Dan Kohn, senior adviser to CII and the Linux Foundation.

      “Individuals who find that a project is not living up to aspects of the badge can open an issue on the CII Best Practices Badge’s GitHub site, and we can manually move badges off of passing status,” he told eWEEK.

      For the badging of the Linux kernel itself, Kohn noted that Greg Kroah-Hartman, a Linux Foundation fellow and maintainer of the stable kernel branch, conducted the assessment on behalf of the kernel community.

      “As one of the largest, oldest and best funded open-source projects, the Linux kernel has long been an example of best practices,” Kohn said. “In particular, it has excellent documentation about contributing, formatting patches, security, etc.”

      As such, the Linux kernel security badge assessment consisted mostly of entering the URLs for the existing documentation, he said. While the Linux kernel is a large project that already has established best practices, the CII Best Practices Badge is also designed for smaller projects, and single developer projects such as Curl have already achieved a badge, Kohn added.

      The way assessments have worked is that a core developer from each project that has achieved a badge so far completed the assessment to receive the badge, according to Kohn. He noted that CII reached out directly to each of the initial projects to encourage them to consider becoming the among the first to get badges.

      “We’re now encouraging all open-source developers to get a badge,” he said. “We would like to see tens of thousands of badged projects.”

      From a risk perspective, the fact that a given project has achieved the CII Best Practices Badge doesn’t necessarily reduce the risk of a security incident, but it can make security comparatively better.

      “Between two equivalent projects, a project that cares enough to ensure that it qualifies for a badge and to take the trouble to get one may well be more secure or reliable,” Kohn said. “CII encourages all open-source projects, and especially ones that are part of the Internet’s core infrastructure, to get the badge.”

      At this point there is only one type of badge in the CII program, but Kohn said that will evolve in the future. He expects in the future the program will have not just a pass/fail, but also have silver, gold and platinum badges.

      “We also expect to add additional constraints over time to help ensure that best practices only get better as they become more widely accessible,” Kohn said.

      The CII Best Practices badge page lists a number of projects that are currently in process but have not yet been granted a badge.

      “Any open-source developer can go that page and receive an in-progress badge for any or all of their projects,” Kohn said. “We are happy to provide support via GitHub issues, but it’s now up to those developers to complete the assessment.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×