A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/ossf/wg-best-practices-os-developers below:

ossf/wg-best-practices-os-developers: The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

Best Practices for Open Source Developers

Anyone is welcome to join our open discussions related to the group's mission and charter.

The BEST Working group is officially a Graduated-level working group within the OpenSSF

Our Mission is to provide open source developers with security best practices recommendations and easy ways to learn and apply them.

We seek to fortify the open-source ecosystem by championing and embedding best security practices, thereby creating a digital environment where both developers and users can trust and rely on open-source solutions without hesitation.

The Developer Best Practices group wants to help identify and curate an accessible inventory of best practices

To achieve our Mission and Vision, the BEST Working group will execute on the following strategy:

To deliver on our Strategy, the BEST Working Group will do the following:

Supply a Learning platform -Any free course can be integrated into the platform

We welcome contributions, suggestions and updates to our projects. To contribute please fill in an issue or create a pull request.

We typically use the Simplest Possible Process (SPP) to publish and maintain the documents we publish; see the SPP documentation if you have questions about it.

Our work is organized into several discrete-yet-related projects that help us achieve our goals:

Effort Description Git Repo Slack Channel Mailing List Best Practices Guides Longer reference documents on implementing specific secure techniques - Compiler Annotations for C and C++ (incubating), - Compiler Options Hardening Guide for C and C++, - Existing Guidelines for Developing and Distributing Secure Software, - Package Manager Best Practices (incubating), - npm Best Practices Guide, - Source Code Management Platform Configuration Best Practices, - Cyber Resilience Act (CRA) Brief Guide for Open Source Software (OSS) Developers. - Secure Coding Guide for Python, - #wg-best-practices-compilers, - #wg-best-practices-scm Concise Guides SIGs Quick Guidance around Open Source Software Development Good Practices - Concise Guide for Developing More Secure Software, - Concise Guide for Evaluating Open Source Software Mailing List Education SIG - (incubating) To provide industry standard secure software development training materials that will educate learners of all levels and backgrounds on how to create, compose, deploy, and maintain software securely using best practices in cyber and application security. EDU.SIG (course links are there) stream-01-security-education Mailing List OpenSSF Best Practices Badge - formerly CII Best Practices badge Identifies FLOSS best practices & implements a badging system for those practices, best-practices-badge OpenSSF Scorecard Automate analysis on the security posture of open source projects OpenSSF Scorecard #scorecard Contribute! OpenSSF Scorecard — Allstar Monitors GitHub organizations or repositories for adherence to security best practices Allstar #allstar Contribute! OpenSSF Security Baseline Provide avenue for participants to help evolve the OpenSSF security baseline into a security baseline that can be applied to a broad range of software-based projects OpenSSF Security Baseline #sig-security-baseline Mailing List Secure Software Development Fundamentals - online course Teach software developers fundamentals of developing secure software GitHub Memory Safety SIG The Memory Safety SIG is a group working within the OpenSSF's Best Practices Working Group formed to advance and deliver upon The OpenSSF's Mobilization Plan - Stream 4. Git Repo Slack Mailing List The Security Toolbelt Assemble a “sterling” collection of capabilities (software frameworks, specifications, and human and automated processes) that work together to automatically list, scan, remediate, and secure the components flowing through the software supply chain that come together as software is written, built, deployed, consumed, and maintained. Each piece of the collection will represent an interoperable link in that supply chain, enabling adaptation and integration into the major upstream language toolchains, developer environments, and CI/CD systems. Security Toolbelt security-toolbelt Mailing List Python Hardening Guide SIG A group working to document a secure coding guide for python and associates code examples Git Repo #secure-coding-guide-for-python Web Developer Security Guidelines A group working on security guidelines specific to web developers. This work is happening in the W3C SWAG Community Group in coordination with the OpenSSF Best Practices working group. (W3C communith groups are open to any participant.) SWAG home page Git Repo #swag-cg on the W3C Community Slack

There are many great projects both within and outside the Foundation that compliment and intersect our work here. Some other great projects/resources to explore:

Areas that need contributions

Anyone is welcome to join our open discussions related to the group's mission and charter.

Every 2 weeks, Tuesday 10am EST. The meeting invite is available on the public OSSF calendar

Meeting notes are maintained in a Google Doc found in the above table. If attending please add your name, and if a returning attendee, please change the color of your name from gray to black.

The CHARTER.md outlines the scope and governance of our group activities.

A listing of our current and past group members.

Unless otherwise specifically noted, software released by this working group is released under the Apache 2.0 license, and documentation is released under the CC-BY-4.0 license. Formal specifications would be licensed under the Community Specification License (though at this time we don't have any examples of that).

We are delighted that some are willing to help us translate materials to other languages. Please ensure all pull requests that add or modify translations are labeled with its language. Such pull requests (PRs) must be first reviewed and approved by a trusted translator.

See translations for specific details.

Like all OpenSSF working groups, this working group reports to the OpenSSF Technical Advisory Council (TAC). For more organizational information, see the OpenSSF Charter.

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4