wg-best-practices-os-developers VS studio

You will learn about the different checks provided by OpenSSF Scorecard, how to configure the checks for your environment, and how to automate their implementation.

In April 2014, the Linux Foundation Executive Director Jim Zemlin seized the opportunity to get visibility and managed to get Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Qualcomm, Rackspace, and VMware to all pledge to commit at least $100,000 a year for at least three years to the Core Infrastructure Initiative. The initiative continued for many years and eventually transformed into the Open Source Security Foundation. Also due to Heartbleed, the European Commission launched the EU-Free and Open Source Software Auditing project and spent at least a million euros on auditing OpenSSL, the Apache Server, KeePass, and other security-critical open source software.

https://github.com/ossf/wg-best-practices-os-developers/issu...

The idea of using `-fsanitize-minimal-runtime` is interesting. I don't have any direct experience with that option. I've created an issue to investigate maybe adding that to the guide. Thanks for the tip!

These are technical details that are out of the scope of this article, but we think that it is important to mention them because the security strategy of a company should be based on a solid foundation, and these frameworks show that there are already some good starting points, companies don't have to start from scratch. If you want to know more about them or other ways to improve the security of your software supply chain, visit the OpenSSF website.

Participating in the cybersecurity community can be a useful way to gain information about security trends and possible risks. Organizations such as the OWASP, OpenSSF, SANS Institute, and ISC2 promote the exchange of information between organizations and can raise the alarm about emerging issues or hacking strategies.

You might find Awesome Security or Other Security Awesome Lists and the Open Source Security Foundation helpful

Today corporations, open source projects, nonprofit foundations, and even governments are all trying to figure out how to improve the global software supply chain security. While these efforts are more than welcome, for the moment, there is hardly any straightforward way for organizations to improve on that front.

https://github.com/ossf/wg-best-practices-os-developers/blob...

Cross industry best practices - openssf.org

> Especially a tool like RViz is always missing. And in many many robotics video I see (of a moderately complex robot), there's ROS's RViz on some screen.

I would love the future robotics development stack to be more modular, so that (for example) future middleware solutions don't need to also bundle their own visualization software. This was direct inspiration for creating Foxglove Studio[0] for visualization and MCAP[1] for logging - both work great with ROS, or equally well without it.

[0] https://github.com/foxglove/studio

[1] https://github.com/foxglove/mcap

That's the true strength of combining existing open source solutions. Thanks for the great support of Foxglove Inc. over the past few years.

Foxglove | Remote (US time zones) | Full Time or Contract | https://foxglove.dev/

Foxglove is the leading observability platform for robotics developers. We help robotics and AV companies log, ingest, organize, and visualize multimodal data. Join our small, highly experienced, and fast moving team. Prior experience working in robotics or AV is a bonus but not necessary.

* Senior Frontend Engineer (TypeScript, React, bonus if you have WebGL experience)

* Senior Full Stack Engineer (TypeScript, Go)

* Senior SRE/Infrastructure/DevOps Engineer (GCP, AWS, Azure, Terraform, K8s)

https://foxglove.dev/careers

Email in profile if you have questions.

It's a common misconception that you need a ML or robotics PhD to work in the field. There are plenty of frontend & backend web engineering, data engineering, and infrastructure/devops roles available at robotics companies - you don't need to be a domain expert.

For example, at Foxglove[0] we are building open source web-based visualization and data management for robotics (shameless plug: currently hiring).

[0] https://foxglove.dev/

You can use the rosbag commandline-tool to figure out all of this: http://wiki.ros.org/rosbag/Commandline rosbag info for example can give you some of the type/number of messages information. For more complex stuff, you could use https://foxglove.dev/ to visualize and inspect rosbags

Web-based data visualization for robotics and self-driving. Robotics is such an interesting industry, and we're only scratching the surface of what new tools are needed.

Try it live here (hit "view sample data"): https://studio.foxglove.dev/

And it's open source! https://github.com/foxglove/studio

Shameless plug - we're hiring: https://foxglove.dev/careers

When our team at Foxglove announced MCAP, we wanted to empower teams to spend less time building commodity tools and more time tackling their hardest robotics challenges.

Foxglove | Remote (Americas/Oceania) | Full Time or Contract | https://foxglove.dev/

Dev tools for robotics and autonomous vehicles.

Robotics will have a massive positive impact on the world economy and global human productivity over the coming decade. At Foxglove, we're building powerful web-based open source & commercial tools to accelerate this trend.

We're a small, highly experienced, and fast moving team. We're looking to hire several more people (most roles don't require previous robotics experience, unless specified below):

- Senior Frontend Engineer (react, typescript, some webgl+wasm)

- Senior Full Stack Engineer (typescript, some golang)

- First Product Manager (robotics/AV experience required)

- First Account Executive (infrastructure SaaS experience required)

https://foxglove.dev/

https://foxglove.dev/careers

React + Typescript. Forgot to mention it’s open source so you can see for yourself:

https://github.com/foxglove/studio