SIDO - OSXP 2021

Description

Open Source Software (OSS) is critical in the world today. However, while some OSS follow security-related best practices, others do not, sometimes leading to dangerous security vulnerabilities. To address this, the Core Infrastructure Initiative (CII) Best Practices Badge program was created. The CII Best Practices badge program created security and sustainment "best practices" criteria and a process so OSS projects could get a badge for meeting these criteria. This incentivizes projects to apply best practices and helps users identify projects using best practices. This presentation will discuss the current status of the badging program. It will highlight key criteria for its various levels (passing, silver, and gold), the projects with badges, security improvements that projects have made to get the badge, natural language support (French, German, etc.), and some interesting ways that projects have met the criteria. We will also discuss participation over time (now over 3,800 participating projects). Finally, the presentation will discuss its connections in the larger world, including its becoming part of the Open Source Security Foundation (OpenSSF) and the potential impact of the US Executive Order on Cybersecurity.

OpenSSF CII Best Practices Badge

Nov 9th, 11:20 am CET - 11:40 am CET

Presented by

Suggested Sessions