Take the 2024 State of Open Standards survey today! START SURVEY

Search

    Join
    2 MIN READ

    Linux kernel earns CII best practices gold badge

    The Linux Foundation | 12 June 2020

    All: I want to formally congratulate the Linux kernel project for earning a gold badge!! You can see their details here:

    https://bestpractices.coreinfrastructure.org/en/projects/34

    The Linux kernel has been close for a while. The final one they completed was to add some HTTP hardening headers to key websites.

    Of course, a gold badge doesn’t mean that there are no vulnerabilities, or that it’s impossible to improve their development processes. Perfection is rare in this life. But it *does* mean that they’ve implemented a large number of good practices to keep the project sustainable, to counter vulnerabilities from entering their software, and to address vulnerabilities when they are found. The Linux kernel project takes many steps to do this, and it’s good to see.

    The Linux kernel joins some of the few other gold applications, such as the Zephyr project, who have been at gold for a while. You can see the current gold holders here:

    https://bestpractices.coreinfrastructure.org/en/projects?gteq=300

    My thanks to Greg Kroah-Hartman, who spearheaded getting the badge “over the finish line.” Thank you for your effort.

    I hope that this result will help inspire other projects to pursue — and earn — a gold badge. Of course, the real goal isn’t a badge — the real goal is to make our software much more secure. But I think it’s clear that good practices can help make our software more secure, and we want to praise & encourage projects to have good practices.

    David A. Wheeler

    Director of Open Source Supply Chain Security, The Linux Foundation
    Similar Articles
    Browse Categories

    2023 Compliance and Security Cloud Computing Projects Linux How-To Diversity & Inclusion Open Source Open Source Best Practices 2022 Training and Certification Cross Technology LF Research 2024 Newsletter LFX AI Legal Linux Foundation Research Topic: Data Blog Linux Networking and Edge cybersecurity Cloud Native Computing Foundation Data Governance LF Energy Open Mainframe Open Models OpenChain System Administration Topic: Security Topic: Sustainability eBPF generative AI human capital kernel license compliance maintainer openssf techtalentsurvey

    Stay Connected with the Linux Foundation