Our Three Recommendations to the US Government's Interest in Securing and Sustaining Open Source Software
Encouraged by the questions being asked, the Eclipse Foundation recently participated in an open and transparent process initiated by the...
security
Eclipse Mosquitto Security Audit Has Been Completed
We’re excited to announce that the Eclipse Foundation has successfully conducted a security audit for Eclipse Mosquitto, marking our fourth...
Learning about security: by example
During this year's EclipseCon, the Eclipse Foundation staff offered a tutorial on best practices in open-source projects. For people who...
Eclipse Jetty Security Audit Has Been Completed
We’re proud to share that the Eclipse Foundation has completed the security audit for Eclipse Jetty, one of the world’s...
Eclipse Foundation Publishes Results of Eclipse JKube Security Audit
Today, the Eclipse Foundation released the results of our security audit for Eclipse JKube, a collection of tools for building...
SECURITY.md: should I have it?
You might have noticed a SECURITY.md file in git repositories of multiple projects. Should you have it? The answer is...
Eclipse Foundation Publishes Results of Equinox p2 Security Audit
Over the past year, the Eclipse Foundation has made securing the open source software supply chain a priority. By growing...
How to Report a Security Issue in an Eclipse Foundation Project?
Have you found something that looks like a security issue in an Eclipse Foundation project? Here is a description of...
Eclipse Foundation Default Security Tracker Moves!
Eclipse Foundation projects share a default way to report security issues. Security researchers and all concerned users can create private...
New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security
Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different...