Security Requires Thinking (His Monkey, His Circus)

This week Dave and Gunnar talk with Dr. David A. Wheeler about what’s new at the Linux Foundation, a brand-new free course on developing secure software, some survey results, and recent news concerning SolarWinds.

• Open Source Security Foundation (OpenSSF) of the Linux Foundation replaces the Core Infrastructure Initiative (CII) and has several working groups
  • Secure Software Development Fundamentals Courses
  • The Linux Foundation’s Core Infrastructure Initiative (CII) Badge Program is now part of the OpenSSF Best Practices Working Group
    • Project statistics, now >3,500 participating projects & >500 passing badges
    • If you develop OSS, make sure your projects are pursuing a badge
  • “Report on the 2020 FOSS Contributor Survey” - these are the RESULTS of the survey call we discussed last time - THANK YOU to everyone who participated in the contributor survey
  • If you’re interested, please join!
• The Linux Foundation (other than OpenSSF)
  • Linux Foundation Energy
  • Linux Foundation Public Health
    • The Linux Foundation Public Health Initiative Sponsored the Audit of COVID Exposure Notification Apps. Here Are The Results! (OSTIF) - “Because of these two reviews, both applications have had improvements implemented to correct potential issues. This review provides assurances that the applications are generally safe and private.”
• Reproducible Builds in December 2020
• Preventing Supply Chain Attacks like SolarWinds
• Be sure to visit David on the internet at dwheeler.com!

We Give Thanks

• Dr. David A. Wheeler for being our special guest star!