Skip to main content
  • Log in
  • Manage Cookies
Eclipse Foundation
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More
      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs
      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research
      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum
    • Search

  1. Home
  2. Blogs
  3. Mikaël Barbero's blog

Mikaël Barbero's blog

Mikaël Barbero's picture

New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security

Wednesday, March 15, 2023 - 08:00 by Mikaël Barbero

Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software professionals view these practices as useful or not? Easy or hard?

Read More
Mikaël Barbero's picture

March 2023 Update on Security improvements at the Eclipse Foundation

Friday, March 3, 2023 - 04:00 by Mikaël Barbero

Thanks to financial support from the OpenSSF’s Alpha-Omega project, the Eclipse Foundation is glad to have made significant improvements in the last couple of months.

Read More
Mikaël Barbero's picture

Shell Hole: How Advanced Prompts are Putting Software Developers at Risk

Wednesday, March 1, 2023 - 03:00 by Mikaël Barbero

Advanced shell prompts, such as those provided by theme engines like oh-my-zsh and oh-my-posh, have become increasingly popular among software developers due to their convenience, versatility, and customizability. However, the use of plugins that are executed outside of any sandbox and have full access to the developer shell environment, presents significant security risks, especially for Open Source Software developers.

Read More
Mikaël Barbero's picture

Update on Security improvements at the Eclipse Foundation

Thursday, November 24, 2022 - 10:00 by Mikaël Barbero

Thanks to financial support from the OpenSSF’s Alpha-Omega project, the Eclipse Foundation is glad to have made significant improvements in the last couple of months. Our previous analysis helped us prioritize work area where improvements would be the most significant. Let’s see where we are today.

Read More
Mikaël Barbero's picture

Open Source Software Supply Chain Security starts with developers

Tuesday, November 22, 2022 - 10:00 by Mikaël Barbero

Open Source Software Supply Chain is at risk: threat actors are shifting target to amplify the blast radius of their attacks and as such increasing their return on investment. Over the past 3 years, we’ve witnessed an astonishing 742% average annual increase in Software Supply Chain attacks. To make it worse, the attack surface of the supply chain is wide. Covering it all requires a deep scrutinity of many factors.

Read More
Mikaël Barbero's picture

Enforcing HTTPS on the Eclipse Marketplace

Tuesday, September 20, 2022 - 13:25 by Mikaël Barbero

As stewards of the Eclipse Marketplace, the Eclispe Foundation is responsible for providing a safe place for the Eclipse IDE users to download their plugins. While the Eclipse Marketplace does not host or transmit the plugins bits, it provides links to (p2) repositories containing them. Until today, there was no restriction on those links.

Read More
Mikaël Barbero's picture

State of the Eclipse Foundation GitHub repositories

Wednesday, August 31, 2022 - 05:30 by Mikaël Barbero

The Eclipse Foundation recently received financial support from the OpenSSF’s Alpha-Omega project. We are thrilled to be able to help our projects improve the security of their Software Supply Chain. We have a number of initiatives that are being started, but today we will focus on the 1026 git repositories of the 254 Eclipse Projects hosted at Github, spread among 50 different organizations.

Read More
Mikaël Barbero's picture

Credentials leaked on GitHub

Sunday, March 21, 2021 - 04:00 by Mikaël Barbero

A postmortem about the incident that could have affected artifacts on repo.eclipse.org

What happened?

On Feb 16th 2021, we received a security report about secrets in the main Jiro repository. This report was correct. On March 18th 2020, the secrets were committed inside the repository.

Read More
Mikaël Barbero's picture

Scaling up the Continuous Integration infrastructure for Eclipse Foundation’s projects — Act 2

Tuesday, May 29, 2018 - 04:00 by Mikaël Barbero

TL;DR

Infrastructure improvements and migration described in last year post is eventually happening, with some tweaks.

Read More
Mikaël Barbero's picture

Scaling up the Continuous Integration infrastructure for Eclipse Foundation’s projects

Friday, April 27, 2018 - 04:00 by Mikaël Barbero

TL;DR

Projects hosted by the Eclipse Foundation will soon benefit from a brand new enterprise-grade continuous integration (CI) infrastructure. Expected improvements are: resiliency, scalability and nimbleness. We are doing this move with tremendous support from our friends at CloudBees and RedHat with their respective products Jenkins Enterprise and OpenShift Container Platform.

Read More
  • 1
  • 2
  • next
  • last

Eclipse Foundation Blogs

  • Wayne Beaton (821 posts)
  • Mike Milinkovich (322 posts)
  • Ivar Grimstad (254 posts)
  • Benjamin Cabé (131 posts)
  • Tanja Obradovic (60 posts)
  • Thabang Mashologu (37 posts)
  • John Kellerman (31 posts)
  • Paul Buck (22 posts)
  • Brian King (19 posts)
  • Frédéric Desbiens (19 posts)
  • Mikaël Barbero (17 posts)
  • Christopher Guindon (16 posts)
  • Gael Blondelle (14 posts)
  • Hailley Seed (10 posts)
  • Denis Roy (9 posts)
  • Hudson Kelly (8 posts)
  • Michael Plagge (4 posts)
  • Shabnam Mayel (3 posts)
  • Shanda Giacomoni (3 posts)
  • Serina El Salibi (3 posts)
  • Jacob Harris (2 posts)
  • Clark Roundy (2 posts)
  • Karla Ferrer (2 posts)
  • Paul White (1 posts)
  • Stephanie Swart (1 posts)
  • Sharon Corbett (1 posts)

Recent blog posts

  • Organising Your Eclipse Open Source Project Team
  • Hashtag Jakarta EE #168
  • New SLSA++ Survey Reveals Real-World Developer Approaches to Software Supply Chain Security
  • Take the 2023 Jakarta EE Developer Survey
  • Hashtag Jakarta EE #167
  • Product Liability Directive: More Bad News for Open Source
  • Rodrigo Pinto: Eclipse Cloud DevTools Contributor of the Month!
  • Hashtag Jakarta EE #166
  • March 2023 Update on Security improvements at the Eclipse Foundation
  • Eclipse Cloud DevTools Digest - January and February, 2023
More

Eclipse Foundation

  • About Us
  • Contact Us
  • Sponsor
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors
  • Careers

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace

Other

  • IDE and Tools
  • Projects
  • Working Groups
  • Research@Eclipse
  • Report a Vulnerability
  • Service Status

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top