Mikaël Barbero's blog

Update on Security improvement at the Eclipse Foundation

Thursday, November 24, 2022 - 10:00 by Mikaël Barbero

Thanks to financial support from the OpenSSF’s Alpha-Omega project, the Eclipse Foundation is glad to have made significant improvements in the last couple of months. Our previous analysis helped us prioritize work area where improvements would be the most significant. Let’s see where we are today.

Open Source Software Supply Chain Security starts with developers

Tuesday, November 22, 2022 - 10:00 by Mikaël Barbero

Open Source Software Supply Chain is at risk: threat actors are shifting target to amplify the blast radius of their attacks and as such increasing their return on investment. Over the past 3 years, we’ve witnessed an astonishing 742% average annual increase in Software Supply Chain attacks. To make it worse, the attack surface of the supply chain is wide. Covering it all requires a deep scrutinity of many factors.

Enforcing HTTPS on the Eclipse Marketplace

Tuesday, September 20, 2022 - 13:25 by Mikaël Barbero

As stewards of the Eclipse Marketplace, the Eclispe Foundation is responsible for providing a safe place for the Eclipse IDE users to download their plugins. While the Eclipse Marketplace does not host or transmit the plugins bits, it provides links to (p2) repositories containing them. Until today, there was no restriction on those links.

State of the Eclipse Foundation GitHub repositories

Wednesday, August 31, 2022 - 05:30 by Mikaël Barbero

The Eclipse Foundation recently received financial support from the OpenSSF’s Alpha-Omega project. We are thrilled to be able to help our projects improve the security of their Software Supply Chain. We have a number of initiatives that are being started, but today we will focus on the 1026 git repositories of the 254 Eclipse Projects hosted at Github, spread among 50 different organizations.

Credentials leaked on GitHub

Sunday, March 21, 2021 - 04:00 by Mikaël Barbero

A postmortem about the incident that could have affected artifacts on repo.eclipse.org

What happened?

On Feb 16th 2021, we received a security report about secrets in the main Jiro repository. This report was correct. On March 18th 2020, the secrets were committed inside the repository.

Scaling up the Continuous Integration infrastructure for Eclipse Foundation’s projects — Act 2

Tuesday, May 29, 2018 - 04:00 by Mikaël Barbero

TL;DR

Infrastructure improvements and migration described in last year post is eventually happening, with some tweaks.

Scaling up the Continuous Integration infrastructure for Eclipse Foundation’s projects

Friday, April 27, 2018 - 04:00 by Mikaël Barbero

TL;DR

Projects hosted by the Eclipse Foundation will soon benefit from a brand new enterprise-grade continuous integration (CI) infrastructure. Expected improvements are: resiliency, scalability and nimbleness. We are doing this move with tremendous support from our friends at CloudBees and RedHat with their respective products Jenkins Enterprise and OpenShift Container Platform.

Chromium / Eclipse SWT integration

Tuesday, July 4, 2017 - 04:00 by Mikaël Barbero

Key takeaways:

Do you want to see a Chromium based SWT Browser implementation? Please donate (or reach out to me if you want to do corporate donations) and the Eclipse Foundation will make it happens via the Friends of Eclipse Enhancement Program (FEEP).

I’m going to Devoxx US, and you should go as well!

Tuesday, March 7, 2017 - 03:00 by Mikaël Barbero

For the very first time, a Devoxx conference is happening in the USA, in San Jose, CA. It starts on March 21, 2017 and is 3 days long. Devoxx conferences are famous in Europe (organized in Belgium, France, UK, Poland, and Morocco) for their high quality talks from amazing speakers.

RFPs for new Friends of Eclipse Enhancement Program (FEEP) projects posted

Friday, December 9, 2016 - 10:11 by Mikaël Barbero

The Eclipse Foundation is actively seeking bids on 10 new FEEP Development Efforts, along with 5 outstanding Development Efforts that have not yet been bid. The objective is to have this work completed in the 1st quarter of 2017.

Please see the list of development efforts, and submit your bids before December 23, 2016. See the FAQ for the bidding process.

1
2
next
last

Eclipse Foundation Blogs

Wayne Beaton (818 posts)
Mike Milinkovich (316 posts)
Ivar Grimstad (230 posts)
Benjamin Cabé (131 posts)
Tanja Obradovic (58 posts)
Thabang Mashologu (37 posts)
John Kellerman (25 posts)
Paul Buck (22 posts)
Frédéric Desbiens (19 posts)
Brian King (19 posts)
Christopher Guindon (15 posts)
Mikaël Barbero (14 posts)
Gael Blondelle (14 posts)
Hailley Seed (10 posts)
Denis Roy (9 posts)
Hudson Kelly (8 posts)
Michael Plagge (4 posts)
Serina El Salibi (3 posts)
Shabnam Mayel (3 posts)
Shanda Giacomoni (3 posts)
Clark Roundy (2 posts)
Jacob Harris (2 posts)
Stephanie Swart (1 posts)
Karla Ferrer (1 posts)
Sharon Corbett (1 posts)
Paul White (1 posts)

Recent blog posts

Hashtag Jakarta EE #153
Hashtag Jakarta EE #152
Yes, JakartaOne Livestream is on December 6th and you are invited!
Update on Security improvement at the Eclipse Foundation
Three Good Reasons to Complete the 2022 Cloud Developer Survey
Open Source Software Supply Chain Security starts with developers
Hashtag Jakarta EE #151
2022 JCP Elections Results
Øredev 2022
Hack.Commit.Push Paris 2022