Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression. Learn more →
Wg-best-practices-os-developers Alternatives
Similar projects and alternatives to wg-best-practices-os-developers
-
-
oss-fuzz
OSS-Fuzz - continuous fuzzing for open source software.
-
Appwrite
Appwrite - The Open Source Firebase alternative introduces iOS support . Appwrite is an open source backend server that helps you build native iOS applications much faster with realtime APIs for authentication, databases, files storage, cloud functions and much more!
-
-
PostHog
🦔 PostHog provides open-source product analytics, session recording, feature flagging and a/b testing that you can self-host.
-
QuestDB
An open source time-series database for fast ingest and SQL queries
-
tpm2-tss
OSS implementation of the TCG TPM2 Software Stack (TSS2)
-
supabase
The open source Firebase alternative. Follow to stay updated about our public Beta.
-
InfluxDB
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
-
Mattermost
Mattermost is an open source platform for secure collaboration across the entire software development lifecycle.
-
Zulip
Zulip server and web application. Open-source team chat that helps teams stay productive and focused.
-
Plausible Analytics
Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.
-
QEMU
Official QEMU mirror. Please see http://wiki.qemu.org/Contribute/SubmitAPatch for how to submit changes to QEMU. Pull Requests are ignored. Please only use release tarballs from the QEMU website.
-
zotero
Zotero is a free, easy-to-use tool to help you collect, organize, cite, and share your research sources.
-
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
-
Camunda BPM
Flexible framework for workflow and decision automation with BPMN and DMN. Integration with Spring, Spring Boot, CDI.
-
bicep
Bicep is a declarative language for describing and deploying Azure resources
-
serverless-graphql
Serverless GraphQL Examples for AWS AppSync and Apollo
-
determined
Determined: Deep Learning Training Platform
-
-
criticality_score
Gives criticality score for an open source project
-
google-search-results-nodejs
SerpApi client library for Node.js. Previously: Google Search Results Node.js.
-
Sonar
Write Clean JavaScript Code. Always.. Sonar helps you commit clean code every time. With over 300 unique rules to find JavaScript bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a better wg-best-practices-os-developers alternative or higher similarity.
wg-best-practices-os-developers reviews and mentions
Posts with mentions or reviews of wg-best-practices-os-developers.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-10-30.
-
Wake-up call: why it's urgent to deal with your hardcoded credentials
Today corporations, open source projects, nonprofit foundations, and even governments are all trying to figure out how to improve the global software supply chain security. While these efforts are more than welcome, for the moment, there is hardly any straightforward way for organizations to improve on that front.
- 'Securing Open Source Software Act' Introduced to US Senate
-
Great Time at JavaZone 2022
Cross industry best practices - openssf.org
- Ask HN: Who is hiring? (June 2022)
-
runk
The Open Source Security Foundation is the continuation(?) of the group CII that was originally founded after this mess came to light. Can't say anything about the salary, but they're currently hiring for a few positions.
-
Ask HN: Is funding the actual problem for healthy Open Source?
TL;DR: Is there any data to suggest that funding an Open Source project materially benefits the users of that project? If you know of any, please share!
This is a question that has been on my mind ever since Log4Shell. I want to know if funding could have an impact on preventing major vulnerabilities or if the issue is something else (lack of guidance for projects, too many cooks, rampant dev ADHD, etc).
It seems like a lot of people are talking about this[0][1] and how funding Open Source would help, but I'm concerned that it's simply wishful thinking that money alone would solve the problem. Sometimes reality is cruel like that.
Is it possible that more funding would help prevent the next Log4Shell or Heartbleed? Maybe! Or are we simply touting a solution, without any data, and our hubris could actually end up hurting security further by just having companies "wash their hands" of responsibility? If FAANG/Fortune 500 throws money over the fence at developers, how much of that money will actually translate into improving the Open Source software?
I personally believe that funding would _help_ with the security of Open Source software. And it would also help with documentation, support, and a number of other "health problems", all of which would likely help with security. But I'm also concerned that this could backfire too in spectacular ways (increased library proliferation to get funding, people pocketing it for a vacation, hackers targeting popular, dormant libs to harvest money from them, etc).
I'm not aware of any actual research/data to provide evidence around improving Open Source security. That's why I wanted to ask y'all. Hacker News is a pretty small community and I wouldn't be surprised if somebody from OpenSSF[2] chimed in to help answer this, lol.
Beyond funding, there are also some projects that I've found like CHAOSS[3][4] that seem to be thinking about quantifying risk for Open Source dependencies and other problems like the "bus factor". It doesn't matter if you fund a project if the dev behind it MIA.
If this data doesn't exist, then it's something that I'll likely start investing my time into generating. (I'm working on some Open Source tooling for dealing with managing dependency security[5] that follows up the Log4Shell tooling we also built[6], which is why this has been on my mind a lot recently.)
Anyway, if you're interested in brainstorming about this further, please shoot me an email (on my profile). Cheers!
0: https://www.wsj.com/articles/protect-open-source-software-prevention-oss-public-use-cybersecurity-innovation-cyberattack-apache-log4j-11643316125
1: https://blog.google/technology/safety-security/making-open-source-software-safer-and-more-secure/
2: https://openssf.org/
3: https://chaoss.community/
4: https://chaoss.community/wp-content/uploads/2021/10/English-Release-2021-10-21.pdf
(Search for "Business Risk" or use the Nav to find the section about how they're attempting to measure the security of Open Source packages)
5: https://github.com/lunasec-io/lunasec/tree/master/lunatrace
(This is under active development and is something that is a week or two away from being polished enough for serious usage.)
6: https://github.com/lunasec-io/lunasec/tree/master/lunatrace/cli/cmd/log4shell
-
Can Some one here verify whether it is true or false? I saw this passage on Quora. It looks Kinda funny to me.
https://openssf.org/ "OSTIF enhances security for users everywhere. We do this through security reviews. (...) reviews have resulted in hundreds of bug patches, including over 20 with a Critical or High severity."
-
A note from our sponsor - InfluxDB
www.influxdata.com | 25 Mar 2023
Stats
Basic wg-best-practices-os-developers repo stats
11
426
6.1
4 days ago
ossf/wg-best-practices-os-developers is an open source project licensed under Apache License 2.0 which is an OSI approved license.
Write Clean JavaScript Code. Always.
Sonar helps you commit clean code every time. With over 300 unique rules to find JavaScript bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
www.sonarsource.com