Skip to main content
  • Log in
  • Manage Cookies
Eclipse Foundation
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More
      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs
      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research
      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum
  1. Home
  2. Blogs
  3. Mike Milinkovich's blog
  4. Security Leadership at the Eclipse Foundation

Security Leadership at the Eclipse Foundation

Thursday, May 12, 2022 - 07:41 by Mike Milinkovich

As everyone who is involved in the software industry is well aware, security is a significant topic these days. In particular, open source supply chain security is top of mind across the entire ICT industry. The Eclipse Foundation, its community, its projects, and its working groups all have a strong motivation to be leaders in advocating and implementing security best practices. Our members, adopters, users, and stakeholders all desire that their security risks be mitigated to the degree possible. 

One thing that is clear, however, is that simply putting the burden of added security work on the shoulders of our committers and project leaders is not an option. This topic needs to be addressed by services provided by the Eclipse Foundation to our project community or it will fail. Without strong support in terms of release and build engineering, tooling, and education, developers simply do not have the time, interest, or skills necessary to be responsible for implementing security best practices. It is equally true that security, and particularly supply chain security, requires a programmatic approach. Security is not an attribute that you simply add to existing software.

So we need to provide services to our projects to implement our Open Source Software Supply Chain Best Practices. We envisage this as a collection of services provided to our projects by staff to protect our code repositories, secure third party artifacts, provide security audits, secure build pipelines, and protect build outputs. 

The Eclipse Foundation has long had a security policy, and is a CVE numbering authority. We have a long track record of taking security seriously. However, we are not going to be able to accomplish more without leadership. So, to that end, I am very pleased to announce that we have recently promoted Mikaël Barbero as our new Head of Security. Mikaël is well known to our community as having led our Common Build Infrastructure for many years, as well as having authored the best practices document referenced above. Mikaël will be providing leadership to our security initiatives, and will be working closely with our projects and our IT staff to steadily improve security across the Eclipse community. Some of this work will complement or leverage related efforts to improve our IP processes and provide software bill of materials (SBOMs) for all of our projects. We expect to make a number of program announcements over the coming months, so stay tuned. Please join me in welcoming Mikaël in his new role.

Tags: 
Foundation
eclipse
Eclipse Foundation
Open Source
security
Source: 
http://eclipse-foundation.blog/
  • Mike Milinkovich's blog

Eclipse Foundation Blogs

  • Wayne Beaton (817 posts)
  • Mike Milinkovich (311 posts)
  • Ivar Grimstad (177 posts)
  • Benjamin Cabé (131 posts)
  • Tanja Obradovic (52 posts)
  • Thabang Mashologu (37 posts)
  • Brian King (19 posts)
  • Paul Buck (19 posts)
  • Frédéric Desbiens (18 posts)
  • Christopher Guindon (15 posts)
  • Gael Blondelle (13 posts)
  • Hailley Seed (10 posts)
  • Denis Roy (9 posts)
  • Mikaël Barbero (9 posts)
  • Hudson Kelly (8 posts)
  • John Kellerman (7 posts)
  • Michael Plagge (3 posts)
  • Shabnam Mayel (3 posts)
  • Shanda Giacomoni (3 posts)
  • Jacob Harris (2 posts)
  • Paul White (1 posts)
  • Stephanie Swart (1 posts)
  • Clark Roundy (1 posts)
  • Sharon Corbett (1 posts)

Recent blog posts

  • The Edge of Things: A Name That Means a Lot of Things
  • Eclipse Cloud DevTools Contributor Award: Internationalization for Eclipse Theia
  • Hashtag Jakarta EE #124
  • GeeCON 2022
  • Security Leadership at the Eclipse Foundation
  • Community Awards are Back
  • Back to Ludwigsburg: Q&A with EclipseCon 2022 Program Committee Chair
  • Eclipse Cloud DevTools Digest - April, 2022
  • Hashtag Jakarta EE #123
  • Jfokus 2022
More

Eclipse Foundation

  • About Us
  • Contact Us
  • Donate
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace

Other

  • IDE and Tools
  • Projects
  • Working Groups
  • Research@Eclipse
  • Report a Vulnerability
  • Service Status

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top