Mikaël Barbero's blog

We’re proud to share that the Eclipse Foundation has completed the security audit for Eclipse Jetty, one of the world’s most widely deployed web server and servlet containers. All users are encouraged to upgrade to versions containing changes addressing all conclusions of the audit: Eclipse Jetty 12.0.0, 11.0.16, 10.0.16, and...

Today, the Eclipse Foundation released the results of our security audit for Eclipse JKube, a collection of tools for building Java applications that can be deployed to a cloud environment. Findings from the audit have been addressed in the 1.13 release leading to a new feature. This audit included a...

Over the past year, the Eclipse Foundation has made securing the open source software supply chain a priority. By growing our security team and laying the groundwork for the Cyber Risk Initiative, we’ve made strides to improve the security posture of our open source projects. Today, we’re taking another step...

Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software professionals view these practices as useful or not? Easy or hard? To help answer these and related questions, Chainguard, the...

Thanks to financial support from the OpenSSF’s Alpha-Omega project, the Eclipse Foundation is glad to have made significant improvements in the last couple of months. Two Factor Authentication Eclipse Tycho, Eclipse m2e, and Eclipse RAP have all enforced 2FA for all their committers on GitHub: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/2701 https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/2702 https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/2611 Meanwhile, we’ve...

Advanced shell prompts, such as those provided by theme engines like oh-my-zsh and oh-my-posh, have become increasingly popular among software developers due to their convenience, versatility, and customizability. However, the use of plugins that are executed outside of any sandbox and have full access to the developer shell environment, presents...

Thanks to financial support from the OpenSSF’s Alpha-Omega project, the Eclipse Foundation is glad to have made significant improvements in the last couple of months. Our previous analysis helped us prioritize work area where improvements would be the most significant. Let’s see where we are today. Protect the branches from...

Open Source Software Supply Chain is at risk: threat actors are shifting target to amplify the blast radius of their attacks and as such increasing their return on investment. Over the past 3 years, we’ve witnessed an astonishing 742% average annual increase in Software Supply Chain attacks. To make it...

As stewards of the Eclipse Marketplace, the Eclispe Foundation is responsible for providing a safe place for the Eclipse IDE users to download their plugins. While the Eclipse Marketplace does not host or transmit the plugins bits, it provides links to (p2) repositories containing them. Until today, there was no...

The Eclipse Foundation recently received financial support from the OpenSSF’s Alpha-Omega project. We are thrilled to be able to help our projects improve the security of their Software Supply Chain. We have a number of initiatives that are being started, but today we will focus on the 1026 git repositories...