Tags: CII

Open Source Threat Modeling

What is threat modeling? Application threat modeling is a structured approach to identifying ways that an adversary might try to attack an application and then designing mitigations to prevent, detect or reduce the impact of those attacks. The description of an application’s threat model is...
Read 0 Comments

CII Audit Identifies Most Secure NTP Implementation

Since its inception the CII has considered network time, and implementations of the Network Time Protocol, to be “core infrastructure.” Correctly synchronising clocks is critical both to the smooth functioning of many services and to the effectiveness of numerous security protocols; as a result...
Read 0 Comments


Linux kernel security
The Core Infrastructure Initiative (CII) exists to support work improving the security of critical open source components. Over the past few years, the CII has been funding the Kernel Self Protection Project, the aim of which is to ensure that the kernel fails safely rather than just running safely.

CII Project Advances Linux Kernel Security as Firm Ends Free Patches

There has been some public discussion in the last week regarding the decision by Open Source Security Inc. and the creators of the Grsecurity® patches for the Linux kernel to cease making these patches freely available to users who are not paid subscribers to their service. While we at the Core...
Read 0 Comments

Paving with Good Intentions: The Attempt to Rescue the Network Time Protocol

After the Heartbleed bug revealed in April 2014 how understaffed and under-funded the OpenSSL project was, the Network Time Foundation was discovered to be one of several projects in a similar condition. Unfortunately, thanks to a project fork, the efforts to lend NTP support have only divided the...
Read 0 Comments

Time Is Running Out for NTP

Everyone benefits from Network Time Protocol, but the project struggles to pay its sole maintainer or fund its various initiatives.  “NTF’s NTP project remains severely underfunded,” the project team wrote in a recent security advisory. “Google was unable to sponsor us this year, and currently, the...
Read 0 Comments

Linux Foundation Backs Reproducible Builds Effort for Secure Software

Building software securely requires a verifiable method of reproduction and that is why the Linux Foundation's Core Infrastructure Initiative is supporting the Reproducible Builds Project. In an effort to help open-source software developers build more secure software, the Linux Foundation is...
Read 0 Comments


open source funding
Here are some of the best options for finding funding for your open source project.

How to Find Funding for an Open Source Project

Ask people how to find funding for a technology project, and many of them will point to crowdsourcing sites. After all, the Oculus Rift virtual reality headset, the Pebble smartwatch, and even the low-cost Raspberry Pi computer were launched after their inventors collectively raised millions of...
Read 0 Comments


best practices badge
The OPNFV project is among a handful of open source organizations to recently earn a CII Best Practices Badge for security compliance.

How OPNFV Earned Its Security Stripes and Received a CII Best Practices Badge

Security is always a hot-button issue, and one the folks at the OPNFV project take seriously. In fact, the project -- an integrated open platform for facilitating NFV deployments -- is among a handful of open source organizations to recently earn a CII Best Practices Badge for security compliance...
Read 0 Comments

Secure the Internet: Core Infrastructure Initiative's Aim

VIDEO: Nicko van Someren, CTO of the Linux Foundation, discusses how the CII is moving forward to make open-source software more secure. In the aftermath of the Heartbleed vulnerability's emergence in 2014, the Linux Foundation created the Core Infrastructure Initiative (CII)to help prevent that...
Read 0 Comments


Best practices
Learn more about the Core Infrastructure Initiative (CII) Best Practices Badges Program. [Image credit: torbakhopper]

How to Get an Open Source Security Badge from CII

Co-authored by Dr. David A. Wheeler Everybody loves getting badges.  Fitbit badges, Stack Overflow badges, Boy Scout merit badges, and even LEED certification are just a few examples that come to mind.  A recent 538 article "Even psychologists love badges" publicized the value of a badge....
Read 0 Comments


Click Here!