security

Eclipse Kuksa Security Audit Has Been Completed

Tuesday, May 21, 2024 - 03:39 by Marta Rybczynska
Today, the Eclipse Foundation released the results of our security audit for the Eclipse Kuksa project . Findings from the audit have been addressed in the latest version source code of Kuksa available from https://github.com/eclipse-kuksa/kuksa-databroker . Please note that the repository has changed locations recently, so update your links. One...

OCX 2024: Celebrating Community, Code and Collaboration

Thursday, April 11, 2024 - 14:25 by Clark Roundy
TL;DR - Don't miss the opportunity to participate in Open Community Experience 2024, a new conference for our vibrant community of communities. At the Eclipse Foundation, our ethos is anchored in three pivotal Cs: Community, Code, and Collaboration. These principles are so integral to our mission that when we re-envisioned...

202404-01 Eclipse Foundation Security Advisory

Thursday, April 4, 2024 - 00:21 by Marta Rybczynska
The Eclipse Foundation Security Team has been made aware of the vulnerability VU#421644 affecting multiple HTTP/2 implementations, that could cause an out-of-memory crash. The crash could happen if there is an insufficient limit on insufficient limitation of the number of CONTINUATION frames in one stream. The description of the issue...

The Open Source Community is Building Cybersecurity Processes for CRA Compliance

Tuesday, April 2, 2024 - 03:00 by Mike Milinkovich
tl;dr – Apache Software Foundation, Blender Foundation, OpenSSL Software Foundation, PHP Foundation, Python Software Foundation, Rust Foundation, and Eclipse Foundation are jointly announcing our intention to collaborate on the establishment of common specifications for secure software development based on existing open source best practices. In an effort to meet the...

Unveiling Open Community Experience

Tuesday, December 19, 2023 - 16:57 by Thabang Mashologu
TL;DR - We’re thrilled to announce Open Community Experience 2024, a new conference for our vibrant community of communities. 2023 has been a year of continued growth for Eclipse Foundation communities. New and existing industry collaborations including Software Defined Vehicle , Eclipse ThreadX , Adoptium , Eclipse IDE , and...

Our Three Recommendations to the US Government's Interest in Securing and Sustaining Open Source Software

Thursday, November 30, 2023 - 14:09 by Deborah Bryant
Encouraged by the questions being asked, the Eclipse Foundation recently participated in an open and transparent process initiated by the US Office on the National Cyber Director, in collaboration with three federal agencies with stakes in setting policies and priorities for securing open source software as critical infrastructure. Specifically, they...

Learning about security: by example

Tuesday, October 31, 2023 - 08:36 by Marta Rybczynska
During this year's EclipseCon, the Eclipse Foundation staff offered a tutorial on best practices in open-source projects. For people who could not be there or want to learn more, repositories are available for everyone to re-use! Repository Best Practices Tutorial The first tutorial focuses on securing repositories. Your task is...

SECURITY.md: should I have it?

Monday, July 31, 2023 - 10:33 by Marta Rybczynska
You might have noticed a SECURITY.md file in git repositories of multiple projects. Should you have it? The answer is yes. Who uses SECURITY.md? When a security researcher has a potential vulnerability to communicate to a project, SECURITY.md is one of the first places (if not the first one) they...

How to Report a Security Issue in an Eclipse Foundation Project?

Friday, June 30, 2023 - 01:17 by Marta Rybczynska
Have you found something that looks like a security issue in an Eclipse Foundation project? Here is a description of how to report them. Method 1: Project-specific Instructions First, look if the concerned project has SECURITY.md in its main repository. If it does, follow the instructions from that file. Method...