security

Unveiling Open Code Experience

Tuesday, December 19, 2023 - 16:57 by Thabang Mashologu
TL;DR - We’re thrilled to announce Open Code Experience 2024, a new conference for our vibrant community of communities. Watch for updates at opencode-x.org. 2023 has been a year of continued growth for Eclipse Foundation communities. New and existing industry collaborations including Software Defined Vehicle , Eclipse ThreadX , Adoptium...

Our Three Recommendations to the US Government's Interest in Securing and Sustaining Open Source Software

Thursday, November 30, 2023 - 14:09 by Deborah Bryant
Encouraged by the questions being asked, the Eclipse Foundation recently participated in an open and transparent process initiated by the US Office on the National Cyber Director, in collaboration with three federal agencies with stakes in setting policies and priorities for securing open source software as critical infrastructure. Specifically, they...

Learning about security: by example

Tuesday, October 31, 2023 - 08:36 by Marta Rybczynska
During this year's EclipseCon, the Eclipse Foundation staff offered a tutorial on best practices in open-source projects. For people who could not be there or want to learn more, repositories are available for everyone to re-use! Repository Best Practices Tutorial The first tutorial focuses on securing repositories. Your task is...

SECURITY.md: should I have it?

Monday, July 31, 2023 - 10:33 by Marta Rybczynska
You might have noticed a SECURITY.md file in git repositories of multiple projects. Should you have it? The answer is yes . Who uses SECURITY.md? When a security researcher has a potential vulnerability to communicate to a project, SECURITY.md is one of the first places (if not the first one)...

How to Report a Security Issue in an Eclipse Foundation Project?

Friday, June 30, 2023 - 01:17 by Marta Rybczynska
Have you found something that looks like a security issue in an Eclipse Foundation project? Here is a description of how to report them. Method 1: Project-specific Instructions First, look if the concerned project has SECURITY.md in its main repository. If it does, follow the instructions from that file. Method...

Eclipse Foundation Default Security Tracker Moves!

Thursday, June 29, 2023 - 16:16 by Marta Rybczynska
Eclipse Foundation projects share a default way to report security issues. Security researchers and all concerned users can create private issues to describe potential security issues so that projects can learn about them, study and fix them. For years, security issues have been reported using Bugzilla. Recently, related to the...

European Cyber Resilience Act: Potential Impact on the Eclipse Foundation

Sunday, January 15, 2023 - 21:22 by Mike Milinkovich
Europe has proposed new legislation intended to improve the state of cybersecurity for software and hardware products made available in Europe. The Cyber Resilience Act (“CRA”) will mandate that all manufacturers take security into account across both their development processes and the lifecycle of their products once in the hands...