Mikaël Barbero's blog

    Introducing the Updated Eclipse Foundation Security Policy

    Friday, December 6, 2024 - 03:00 by Mikaël Barbero
    On November 20, 2024, the Board of Director of the Eclipse Foundation approved version 1.2 of its Security Policy. This update brings significant enhancements aimed at improving the management, resolution, and disclosure of vulnerabilities within the Eclipse community. Here’s a rundown of the key changes and what they mean for...

    Exploring the Future of Open Source Security at OCX 2024

    Tuesday, August 20, 2024 - 10:00 by Mikaël Barbero
    In the fast-paced world of software development, open source has emerged as a catalyst for innovation. But with this rapid growth comes an equally crucial responsibility: security. As open source continues to reshape the digital landscape, ensuring robust security measures is no longer optional; it’s essential. That’s why Open Community...

    Securing the Future: 2FA Now Mandatory for Eclipse Foundation Committers

    Thursday, June 6, 2024 - 10:00 by Mikaël Barbero
    The Eclipse Foundation is pleased to announce the successful implementation of two-factor authentication (2FA) for all committers on both gitlab.eclipse.org and github.com. This initiative, aimed at bolstering the security of our source code repositories, mandates that all users with write access to an Eclipse Project repository (commonly known as committers)...

    Understanding Software Provenance Attestation: The Roles of SLSA and in-toto

    Thursday, December 28, 2023 - 09:00 by Mikaël Barbero
    A software provenance attestation is a signed document that associates metadata with an artifact, encompassing details like the artifact’s origin, build steps, and dependencies. This information is critical for verifying the artifact’s authenticity and integrity. Featuring a cryptographic signature, provenance attestation ensures the document remains unaltered, playing a vital role...

    Understanding Software Provenance

    Tuesday, December 26, 2023 - 09:00 by Mikaël Barbero
    In the ever-evolving landscape of open-source software development, the creation and distribution of artifacts—such as compiled binaries, libraries, and documentation—represent the tangible results of a multifaceted process. These artifacts are more than just a collection of code; they are the final product of myriad decisions, alterations, and contributions, each with...

    Eclipse Foundation Embraces Sigstore

    Saturday, December 23, 2023 - 05:00 by Mikaël Barbero
    As part of our ongoing commitment to fortifying the security of our software development processes, we’re excited to announce a significant enhancement for all Eclipse Foundation projects utilizing our Jenkins infrastructure. This advancement comes with the integration of Sigstore, a cutting-edge solution designed to bolster the security and integrity of...

    Elevating Software Supply Chain Security: Eclipse Foundation's 2FA Milestone

    Monday, December 18, 2023 - 11:00 by Mikaël Barbero
    In the realm of open-source software, security of the supply chain is not just a concern—it’s a crucial battleground. The Eclipse Foundation, at the forefront of this fight, has taken a decisive step with its 2023 initiative to enforce two-factor authentication (2FA) across its platforms. This move is more than...

    Eclipse Jetty Security Audit Has Been Completed

    Wednesday, October 18, 2023 - 11:00 by Mikaël Barbero
    We’re proud to share that the Eclipse Foundation has completed the security audit for Eclipse Jetty, one of the world’s most widely deployed web server and servlet containers. All users are encouraged to upgrade to versions containing changes addressing all conclusions of the audit: Eclipse Jetty 12.0.0, 11.0.16, 10.0.16, and...

    Eclipse Foundation Publishes Results of Eclipse JKube Security Audit

    Friday, September 15, 2023 - 10:00 by Mikaël Barbero
    Today, the Eclipse Foundation released the results of our security audit for Eclipse JKube, a collection of tools for building Java applications that can be deployed to a cloud environment. Findings from the audit have been addressed in the 1.13 release leading to a new feature. This audit included a...