security

You might have noticed a SECURITY.md file in git repositories of multiple projects. Should you have it? The answer is yes . Who uses SECURITY.md? When a security researcher has a potential vulnerability to communicate to a project, SECURITY.md is one of the first places (if not the first one)...

Have you found something that looks like a security issue in an Eclipse Foundation project? Here is a description of how to report them. Method 1: Project-specific Instructions First, look if the concerned project has SECURITY.md in its main repository. If it does, follow the instructions from that file. Method...

Eclipse Foundation projects share a default way to report security issues. Security researchers and all concerned users can create private issues to describe potential security issues so that projects can learn about them, study and fix them. For years, security issues have been reported using Bugzilla. Recently, related to the...

Europe has proposed new legislation intended to improve the state of cybersecurity for software and hardware products made available in Europe. The Cyber Resilience Act (“CRA”) will mandate that all manufacturers take security into account across both their development processes and the lifecycle of their products once in the hands...

Open source software is the single most important engine for innovation today. The ability to freely combine software components, frameworks, and platforms frees developers from constantly reinventing the wheel and allows them to focus on the new innovations that users want. Free software also enables business models to scale in...

As everyone who is involved in the software industry is well aware, security is a significant topic these days. In particular, open source supply chain security is top of mind across the entire ICT industry. The Eclipse Foundation, its community, its projects, and its working groups all have a strong...

This week the Eclipse IoT and Eclipse Edge Native Working Groups officially launched our 2022 IoT & Edge Developer and Adoption Survey . This annual survey is well-known for delivering unique and critical insights across the IoT and edge computing industry landscapes. If your company uses or deploys commercial IoT...