David A. Wheeler's Blog

Wed, 04 May 2016

Get your CII best practices badge!

If you’re involved in a free / libre / open source software (FLOSS) project, go to bestpractices.coreinfrastructure.org and get your best practices badge!

The Linux Foundation’s Core Infrastructure Initiative (CII) has just announced its CII best practices badging program for FLOSS projects. It’s a free program that lets developers explain how they follow best practices, and if they do, they can get a badge that they can show on their GitHub page or anywhere else. Early badge earners include the Linux kernel, Curl, GitLab, OpenBlox, OpenSSL, Node.js and Zephyr.

The idea is straightforward. The Heartbleed vulnerability in OpenSSL made it obvious that there are widely-accepted best practices that not everyone is doing - and that even includes important projects. This isn’t just speculation; if you compare OpenSSL before Heartbleed with current OpenSSL the difference is striking. I think it’s clear that if more projects would apply generally-accepted best practices, we’d have more secure software. This badging process helps projects identify those best practices, determine if they meet them, and show everyone else that they’re meeting them.

The web application and criteria are being maintained as an open source software project, so we’d love to have you! I say “we” because I’m leading this project… but it’s not just me, and we would love to have you involved.

More detail is in the Linux Foundation press release about the best practices badging project.

path: /oss | Current Weblog | permanent link to this entry