Linux kernel earns CII best practices gold badge
The Linux Foundation | 12 June 2020
All: I want to formally congratulate the Linux kernel project for earning a gold badge!! You can see their details here:
https://bestpractices.coreinfrastructure.org/en/projects/34
The Linux kernel has been close for a while. The final one they completed was to add some HTTP hardening headers to key websites.
Of course, a gold badge doesn’t mean that there are no vulnerabilities, or that it’s impossible to improve their development processes. Perfection is rare in this life. But it *does* mean that they’ve implemented a large number of good practices to keep the project sustainable, to counter vulnerabilities from entering their software, and to address vulnerabilities when they are found. The Linux kernel project takes many steps to do this, and it’s good to see.
The Linux kernel joins some of the few other gold applications, such as the Zephyr project, who have been at gold for a while. You can see the current gold holders here:
https://bestpractices.coreinfrastructure.org/en/projects?gteq=300
My thanks to Greg Kroah-Hartman, who spearheaded getting the badge “over the finish line.” Thank you for your effort.
I hope that this result will help inspire other projects to pursue — and earn — a gold badge. Of course, the real goal isn’t a badge — the real goal is to make our software much more secure. But I think it’s clear that good practices can help make our software more secure, and we want to praise & encourage projects to have good practices.
David A. Wheeler
Director of Open Source Supply Chain Security, The Linux Foundation
Similar Articles
Browse Categories
2023 Compliance and Security Cloud Computing Projects Open Source Linux How-To Diversity & Inclusion Open Source Best Practices 2024 2022 Blog LF Research Training and Certification Newsletter Cross Technology Linux Foundation LFX Research software development AI Legal Linux Topic: Data cybersecurity Announcements Cloud Native Computing Foundation Networking and Edge Data Governance Energy In the news Interoperability LF Energy Open Mainframe Open Models OpenChain System Administration Topic: Security Topic: Sustainability confidential computing challenges eBPF generative AI human capital kernel lf blog license compliance maintainer openssf project news sbom tech talent techtalentsurvey