Quality

Last month the Core Infrastructure Initiative, or CII, launched their CII best practices project (now OpenSSF Best Practices Badge Program). Its primary goal is to gamify the process of building more secure software. Let’s have a look at the project, and how it can help.

Open Source and Security

If we look in the open source world of software, we see that many projects were created by volunteers. While doing this voluntary, this doesn’t say anything about the quality of the project. After all, half of the internet exists because of these small, yet powerful utilities. I personally created two projects myself: Rootkit Hunter (rkhunter) to detect malware, and Lynis to perform a security audit on Linux and UNIX systems. While these tools are focused on security, it is definitely not simple to make software itself secure. This is where a project of CII comes in, to provide a checklist of items to enhance the project and its quality.