Loading...
 

No Food for Thought

Open Source Security Foundation

admin Sunday December 13, 2020

A couple of months ago, when writing about the end of EU-FOSSA 2, I criticized its reactionary nature. Just like I had done a few years ago about the Core Infrastructure "Initiative", EU-FOSSA's private counterpart.

That is why we can feel very grateful once again to the Linux Foundation's Jim Zemlin for setting up OpenSSF, replacing the CII this year. Not only does the Open Source Security Foundation lose the "initiative" in its name, but it really is a lot less reactionary, established as a permanent project:

OpenSSF FAQ wrote:
The CII was funded largely by grants, OpenSSF will be supported by Linux Foundation membership dues with targeted organization contributions to support initiatives. The CII’s ongoing work is being transitioned to the OpenSSF, and we expect that the CII will eventually be dissolved as the OpenSSF replaces it.


A lot has changed since Heartbleed. The next challenge would be to see security efforts more integrated into primary software projects, rather than in secondary projects, still somewhat reactionary afterthoughts.

Here's hoping for truly organic security (which doesn't prevent external security assessments)

Update

Wanting to become more universal than the CII, OpenSSF is facing a serious challenge: prioritization. By trying to become neutral, it appears it's so far risking its auditing efforts to be irrelevant, with its current method computing Qt's criticality as way lower than... some Bitcoin software cry And beyond noting that the current metrics are broken, I don't see an easy fix without completely changing the approach.
Here's hoping common sense prevails

Fully Free

Kune ni povos is seriously freethough not completely humor-free :

  • Free to read,
  • free to copy,
  • free to republish;
  • freely licensed.
  • Free from influenceOriginal content on Kune ni povos is created independently. KNP is entirely funded by its freethinker-in-chief and author, and does not receive any more funding from any corporation, government or think tank, or any other entity, whether private or public. , advertisement-free
  • Calorie-free*But also recipe-free
  • Disinformation-free, stupidity-free
  • Bias-free, opinion-free*OK, feel free to disagree on the latter.
  • Powered by a free CMS...
  • ...running on a free OS...
  • ...hosted on a server sharedby a great friend for free