wg-securing-critical-projects
repo
wg-securing-critical-projects | repo | |
---|---|---|
15 | 2 | |
312 | - | |
3.2% | - | |
5.1 | - | |
6 days ago | - | |
Apache License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-securing-critical-projects
- Adressing Misconceptions
-
I’m aware that the template is kinda bad
1.https://www.privacyguides.org/basics/threat-modeling/ 2. https://www.privacyguides.org/linux-desktop/overview/ 3. https://www.privacyguides.org/basics/common-threats/#common-misconceptions 4. https://madaidans-insecurities.github.io/linux.html 5. Founder of Qubes 6. https://twitter.com/justinschuh/status/1190347400885329920 7. https://github.com/ossf/wg-securing-critical-projects/blob/main/presentations/The_state_of_the_Linux_kernel_security.pdf 8. https://grsecurity.net/10_years_of_linux_security.pdf 9. https://grsecurity.net/~spender/interview_notes.txt 10. https://twitter.com/grsecurity/status/1249850031357788162 11. https://seclists.org/oss-sec/2019/q2/165 12. https://arxiv.org/abs/2105.14565 13. https://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html 14. https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md 15. https://docs.microsoft.com/en-us/windows/uwp/security/intro-to-secure-windows-app-development#41-windows-app-model
- Linux may be Private, but it is not secure. Although Privacy is not that useful without security. The misconception that opensource is secure baffles me.
- ossf/wg-securing-critical-projects: Helping allocate resources to secure the critical open source projects we all depend on.
-
Google wants to work with government to secure open-source software
[3] https://github.com/ossf/wg-securing-critical-projects#how-we...
-
How impactful is free and open source software development?
It's security-specific, but I appreciate that in the wake of Heartbleed, the industry really did take things seriously, from the Linux Foundation's Core Infrastructure Initiative (now OpenSSF's Securing Critical Projects Working Group) to Project Zero, the latter of which is still quite active testing everything from Windows filesystem "filter drivers" to Apple's ImageIO library to old versions of Acroread to GhostScript sandboxing.
- If you want HDR content from the web to display properly on a retina display, use a Chromium-based browser.
- The State of the Linux Kernel Security (2020)
- The_state_of_the_Linux_kernel_security(2020) [pdf]
-
Microsoft pulls Windows 10 AMD driver causing PCs not to boot
I am not sure point you are making here? Are you saying linux is freaking stable, not even linux kernel developers gonna agree with you! (https://github.com/ossf/wg-securing-critical-projects/blob/main/presentations/The_state_of_the_Linux_kernel_security.pdf)
repo
-
The Danger of Microsoft Pluton
You really nailed it with that car analogy.
Most "car people" would agree that changing the oil in your car is super easy. To me, it is not easy. It's not something I'm willing to do, even though I know the steps of how to do it. I just don't know what I don't know. When I have my oil changed, the mechanic tells me what I should be concerned about. He tells me what upcoming work I need to have done, how much it will cost, and what could happen if I don't do it. He has experience, expertise, and specialized tools. He had knowledge gathered over years to be highly proficient in his profession.
I could do those things. I could read, and listen, and learn. I could be under my car every day learning new things about how to install this, or replace that. But I don't really have the drive or inclination to do so. I'd rather leave it to the pro. I also have the added novice-worry of screwing something up, and hurting myself or others as a result. I don't want that kind of pressure. I don't want my car breaking down while doing some long journey - I just want it to run when I need it to run, without any scary warning lights coming up on my dashboard.
To bring the analogy back to computers, I still know people - people in their 20's or 30's - who do not know how to copy and paste with keyboard shortcuts. I will sit there and see them highlight, right-click, click copy, move their cursor, left-click, right-click, choose paste. I'll tell them how much time they could save if they "just did ..." and get a basic "Yeah...I just don't really care though, ya know? This works." The thing is, there is no investment on their part to want or need to do that more efficiently. They get by well enough with not bothering.
They could get super into computers, and learn something as "technical" as `git clone https://github.com/some/repo` and follow the process to configure and run a script. They could learn to do those things. But they don't really have that time to invest in it, or don't have that passion for it, or have a professional investment in needing to do it.
They want it to work. They want to not get hacked. They want to not have to think about computers at all. Computers are the interface to do "the thing" more easily. And if the computer breaks? They want it fixed so it won't happen again. The computer "does the internet thing". And I can respect that because they focus their energy into knowledge into other topics that I don't have a clue about, the same way I don't have a clue about cars, even if I know oil changes are "easy".
-
I’m aware that the template is kinda bad
> curl -o- https://github.com/some/repo/install.sh | bash
What are some alternatives?
vello - An experimental GPU compute-centric 2D renderer.
keylime - A CNCF Project to Bootstrap & Maintain Trust on the Edge / Cloud and IoT
itpol - Useful IT policies
Windows10Debloater - Script to remove Windows 10 bloatware.
filmulator-gui - Filmulator --- Simplified raw editing with the power of film
sharpapp - 💩⭐️🚀A #app with cutting edge technology to #minimize windows-10 telemetry and #maximize privacy plus many more
criticality_score - Gives criticality score for an open source project
Wazuh - Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
28c3-doctorow - Transcription of Cory Doctorow's keynote from 28C3.
linux-hardening-checklist - Simple checklist to help you deploying the most important areas of the GNU/Linux production systems - work in progress.
hn-search - Hacker News Search