wg-securing-critical-projects
Helping allocate resources to secure the critical open source projects we all depend on. (by ossf)
wg-metrics-and-metadata
The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part. (by ossf)
| wg-securing-critical-projects | wg-metrics-and-metadata | |
|---|---|---|
| 15 | 4 | |
| 312 | 221 | |
| 3.2% | 0.9% | |
| 5.1 | 5.9 | |
| 6 days ago | 12 days ago | |
| Apache License 2.0 | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-securing-critical-projects
Posts with mentions or reviews of wg-securing-critical-projects.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-07-27.
- Adressing Misconceptions
-
I’m aware that the template is kinda bad
1.https://www.privacyguides.org/basics/threat-modeling/ 2. https://www.privacyguides.org/linux-desktop/overview/ 3. https://www.privacyguides.org/basics/common-threats/#common-misconceptions 4. https://madaidans-insecurities.github.io/linux.html 5. Founder of Qubes 6. https://twitter.com/justinschuh/status/1190347400885329920 7. https://github.com/ossf/wg-securing-critical-projects/blob/main/presentations/The_state_of_the_Linux_kernel_security.pdf 8. https://grsecurity.net/10_years_of_linux_security.pdf 9. https://grsecurity.net/~spender/interview_notes.txt 10. https://twitter.com/grsecurity/status/1249850031357788162 11. https://seclists.org/oss-sec/2019/q2/165 12. https://arxiv.org/abs/2105.14565 13. https://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html 14. https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md 15. https://docs.microsoft.com/en-us/windows/uwp/security/intro-to-secure-windows-app-development#41-windows-app-model
- Linux may be Private, but it is not secure. Although Privacy is not that useful without security. The misconception that opensource is secure baffles me.
- ossf/wg-securing-critical-projects: Helping allocate resources to secure the critical open source projects we all depend on.
-
Google wants to work with government to secure open-source software
[3] https://github.com/ossf/wg-securing-critical-projects#how-we...
-
How impactful is free and open source software development?
It's security-specific, but I appreciate that in the wake of Heartbleed, the industry really did take things seriously, from the Linux Foundation's Core Infrastructure Initiative (now OpenSSF's Securing Critical Projects Working Group) to Project Zero, the latter of which is still quite active testing everything from Windows filesystem "filter drivers" to Apple's ImageIO library to old versions of Acroread to GhostScript sandboxing.
- If you want HDR content from the web to display properly on a retina display, use a Chromium-based browser.
- The State of the Linux Kernel Security (2020)
- The_state_of_the_Linux_kernel_security(2020) [pdf]
-
Microsoft pulls Windows 10 AMD driver causing PCs not to boot
I am not sure point you are making here? Are you saying linux is freaking stable, not even linux kernel developers gonna agree with you! (https://github.com/ossf/wg-securing-critical-projects/blob/main/presentations/The_state_of_the_Linux_kernel_security.pdf)
wg-metrics-and-metadata
Posts with mentions or reviews of wg-metrics-and-metadata.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-05-28.
-
Have I Been Pwned: Open-Source in the .NET Foundation and Working with the FBI
Issue is that .net is a language oriented foundation, not a cyber security one. Sending the project there looks like an ad for a Microsoft initiative and not something done with the best interest of HIBP in mind. Just an example, there is foundation literally called Open Source Security Foundation.1 If I write a python security tool and it is useful for the community, I'd think first of transferring it to them, not to the Python foundation.
1. https://openssf.org/
-
Open Source Security Foundation
I work at Microsoft and lead one of the OpenSSF working groups (https://github.com/ossf/wg-identifying-security-threats). We're always looking for folks to join the conversation and contribute to any working groups. There is a public calendar for those meetings, and there is a recording of our last town hall at https://openssf.org under the Community menu at the top.
I'm also looking to hire a software/security engineer to join our team at Microsoft, to improve security tooling and analysis around open source. This work will align/contribute to OpenSSF projects. If you like having one foot in software development and the other in security, please take a look: https://careers.microsoft.com/us/en/job/1009857
What are some alternatives?
When comparing wg-securing-critical-projects and wg-metrics-and-metadata you can also consider the following projects:
vello - An experimental GPU compute-centric 2D renderer.
compromised - Compromised/Pwned Passwords API On-premisses
itpol - Useful IT policies
repo
filmulator-gui - Filmulator --- Simplified raw editing with the power of film
criticality_score - Gives criticality score for an open source project