Linux kernel earns CII best practices gold badge
The Linux Foundation | 12 June 2020
All: I want to formally congratulate the Linux kernel project for earning a gold badge!! You can see their details here:
https://bestpractices.coreinfrastructure.org/en/projects/34
The Linux kernel has been close for a while. The final one they completed was to add some HTTP hardening headers to key websites.
Of course, a gold badge doesn’t mean that there are no vulnerabilities, or that it’s impossible to improve their development processes. Perfection is rare in this life. But it *does* mean that they’ve implemented a large number of good practices to keep the project sustainable, to counter vulnerabilities from entering their software, and to address vulnerabilities when they are found. The Linux kernel project takes many steps to do this, and it’s good to see.
The Linux kernel joins some of the few other gold applications, such as the Zephyr project, who have been at gold for a while. You can see the current gold holders here:
https://bestpractices.coreinfrastructure.org/en/projects?gteq=300
My thanks to Greg Kroah-Hartman, who spearheaded getting the badge “over the finish line.” Thank you for your effort.
I hope that this result will help inspire other projects to pursue — and earn — a gold badge. Of course, the real goal isn’t a badge — the real goal is to make our software much more secure. But I think it’s clear that good practices can help make our software more secure, and we want to praise & encourage projects to have good practices.
David A. Wheeler
Director of Open Source Supply Chain Security, The Linux Foundation
Similar Articles
Browse Categories
2023 Compliance and Security Cloud Computing Open Source Projects Linux How-To 2024 Diversity & Inclusion LF Research Blog Open Source Best Practices Linux Foundation Newsletter 2022 Training and Certification Research Cross Technology Linux lf blog research report linux blog LFX cybersecurity project news software development AI Cloud Native Computing Foundation Legal OpenSearch Topic: Data Announcements Financial Services In the news Networking and Edge lf events Data Governance Energy Featured Events Industry: Finance Industry: Fintech Interoperability LF Energy Open Mainframe Open Models OpenChain System Administration This week at FINOS Topic: Open Source Development Topic: Security Topic: Sustainability Web Application & Development amazon web services aws brand perception cloud native cncf community tools confidential computing challenges developer needs eBPF emerging technologies generative AI human capital japan spotlight kernel lf projects license compliance maintainer openssf research survey sbom skills development tech talent techtalentsurvey updates