security

A vulnerability description includes several fields, like the title and description. However, one is causing difficulties for people writing CVE (Common Vulnerability Enumeration) entries: the CVSS (Common Vulnerability Scoring System) vector. CVSS is an important field because it answers a fundamental question about the vulnerability: "How serious is it?" A...

Today, the Eclipse Foundation released the results of our security audit for Eclipse CycloneDDS . Findings from the audit have been addressed in the latest versioned source code of Eclipse CycloneDDS, available at https://github.com/eclipse-cyclonedds/cyclonedds . Eclipse CycloneDDS is an implementation of the Data Distribution Service (DDS) specification published by the...

Today, the Eclipse Foundation released the results of our security audit for the Eclipse Temurin project . Findings from the audit have been addressed in the latest versioned source code of Eclipse Adoptium and Eclipse Temurin, available in various repositories at https://github.com/adoptium . Eclipse Temurin is a part of the...

Exciting news - the 2024 IoT & Embedded Developer Survey is now open! This comprehensive survey provides developers and industry professionals with a unique opportunity to shape the future of IoT and embedded systems by sharing their insights and experiences. Since 2015, we've been at the forefront of exploring the...

Today, the Eclipse Foundation released the results of our security audit for the Eclipse Kuksa project . Findings from the audit have been addressed in the latest version source code of Kuksa available from https://github.com/eclipse-kuksa/kuksa-databroker . Please note that the repository has changed locations recently, so update your links. One...

TL;DR - Don't miss the opportunity to participate in Open Community Experience 2024, a new conference for our vibrant community of communities. At the Eclipse Foundation, our ethos is anchored in three pivotal Cs: Community, Code, and Collaboration. These principles are so integral to our mission that when we re-envisioned...

The Eclipse Foundation Security Team has been made aware of the vulnerability VU#421644 affecting multiple HTTP/2 implementations, that could cause an out-of-memory crash. The crash could happen if there is an insufficient limit on insufficient limitation of the number of CONTINUATION frames in one stream. The description of the issue...

tl;dr – Apache Software Foundation, Blender Foundation, OpenSSL Software Foundation, PHP Foundation, Python Software Foundation, Rust Foundation, and Eclipse Foundation are jointly announcing our intention to collaborate on the establishment of common specifications for secure software development based on existing open source best practices. In an effort to meet the...

TL;DR - We’re thrilled to announce Open Community Experience 2024, a new conference for our vibrant community of communities. 2023 has been a year of continued growth for Eclipse Foundation communities. New and existing industry collaborations including Software Defined Vehicle , Eclipse ThreadX , Adoptium , Eclipse IDE , and...

Eclipse Foundation’s vulnerability reporting programme has seen an important revamp in 2023.