-
Notifications
You must be signed in to change notification settings - Fork 203
Publicity
David A. Wheeler edited this page Oct 9, 2018
·
24 revisions
Here are some examples of where the CII best practices badge has been publicly discussed. This includes our efforts to let people know about it, as well as others' public discussion about it that have reached many people.
- "Free Badge Program Signals What Open Source Projects Meet Criteria for Security, Quality and Stability" (Linux Foundation Press release), 2016-05-03
- "Linux Foundation launches badge program to boost open source security" by Charlie Osborne, May 3, 2016
- "CII’s Best Practices badge program is making open source projects more secure" by Swapnil Bhartiya, CIO, May 3, 2016
- "The Dave and Gunnar Show: Badge of Open Source Honor", 2016-05-10
- "Best Practices Badge", FLOSS Weekly 389, 2016-05-24
- "Core Infrastructure Initiative best-practices badge" by David A. Wheeler, LWN.net, 2016-06-08
- "How to Get an Open Source Security Badge from CII" by Emily Ratliff and David A. Wheeler, linux.com, 2016-06-01
- "Core Infrastructure Initiative (CII) Best-Practices Badge Criteria" by David A. Wheeler, June 28, 2016, IDA NS D-8054
- "Preventing the next Heartbleed and making FOSS more secure", interview by Mark Bohannon of David A. Wheeler, 2016-06-22, opensource.com
- "Open Source best practices criteria", Brandon Keepers (atom text editor), 2016-07-03. He said, "This is a great project and is receiving adoption in some circles..." and had two suggestions: "It needs a shorter and catchier name so I can tell more people about it" and "The project could benefit from more automation and autodetection." (David A. Wheeler agrees with both points.)
- The ChangeLog #215: Core Infrastructure Initiative Best Practices Badge with David A. Wheeler
- "Linux Foundation Core Infrastructure Initiative (CII) Best Practices Badge" by Dr. David A. Wheeler, Software and Supply Chain Assurance Forum, 2016-09-14
- "How OPNFV Earned Its Security Stripes and Received a CII Best Practices Badge", Linux.com, September 12, 2016
- "Report of the Workshop on Software Measures and Metrics to Reduce Security Vulnerabilities (SwMM-RSV)" by Paul E. Black and Elizabeth Fong, November 2016, NIST Special Publication 500-320 said the following in section 1.3.6: "Participants judged that software could benefit from the programs and criteria of widely-accepted non-governmental organizations. Some possibilities are UL’s Cybersecurity Assurance Program (CAP), Consortium for IT Software Quality (CISQ) Code Quality Standards, and (the) Core Infrastructure Initiative (CII) Best Practices badge."
- "Dramatically Reducing Software Vulnerabilities: Report to the White House Office of Science and Technology Policy" by Paul E. Black, Lee Badger, Barbara Guttman, and Elizabeth Fong, November 2016, NISTIR 8151 said the following in section 3: "Software can also benefit from the programs and criteria of third-party, non-governmental organizations. Some possibilities (include the)... Core Infrastructure Initiative (CII) Best Practices badge..."
- Open Source Security podcast episode 14 - David A Wheeler: CII Badges. Here's a nice quote: "This is a fantastic project... I think it is one of the most important security things going on today without question... folks go get your badges and make the world a better place..."
- "CII Best Practices Badge, One year later" by David Wheeler, Open Source Leadership Summit 2017, Lake Tahoe, CA, 2017-02-14. There also a video available.
- "CII Best Practices Badge, 1.5 years later" by David Wheeler, Linux Security Summit 2017, Los Angeles, CA, 2017-09-14
- "How to Develop Secure Applications: The BadgeApp Example" (video) by David A. Wheeler, 2017-09-18
- "Should R Consortium Recommend CII Best Practices Badge for R Packages: Latest Survey Results" by Mark Hornick (July 26, 2018), R Consortium Project blog
-
"The Only Linux Foundation CII Gold Rated Project Is a .. PHP Markdown Parser" on Hacker News. This was a posting by reindeerer, who later explained that his point was "Certainly not knocking on the badge or the practices. I just found it amusing that PHP often gets a bad rap, but then shows up at the top of the listed projects for objectively good development practices." This included a few interesting comments:
- exikyut said, "I just found and read through the criteria list. It's mind-bogglingly exhaustive, but in a very good way, and an excellent catalyst for maintainable, secure software. I'd regard it as universally applicable to any and all code."
- reindeerer said, "Best practices are a bit like good genes. By no means a guarantee of success, fame, glory and riches, but damn if they don't make things easier."
- throwaway2048 said, "I see absolutely nothing dogmatic or cargo cult about the recommendations they make. They are completely sensible, and a decent guideline for improving the technical support infrastructure of a project."