We have several proposed tweaks to the CII Best Practices criteria or related text. Comments are very welcome in either the specific GitHub issue or on the cii-badges mailing list. For the cii-badges

FYI: Here’s some data about the EdX "Fundamentals of Developing Secure Software” set of courses as of 2021-01-06: * Secure Software Development: Requirements, Design, and Reuse (LFD104x) 807 registran

FYI, I thought it might be useful to summarize recent minor updates to the CII Best Practices badge. They don’t change anything substantive, but I wanted to make sure you were aware of them. Hopefully

FYI: the CII Best Practices badge project’s web application is slowly working to transition from Rails 5 to Rails 6. The code generally works on Rails 6 already; the problem is that we’ve always done

Thanks for putting the flow chart together (last slide in handout). One symbol says “Vuln Remediation Process”. If that were expanded, you’d find several needs: * Need enough information to be able to

I propose that we create a “list of best practices” document in Markdown as part of our Best Practices WG. We can include this document, the CII Best Practices, and others. This wouldn’t be like CRE,

Hey Everyone, I'm hoping to get a conversation started here around best practices for signing artifacts. We now recommend this as a best practice in a few places: https://github.com/ossf/scorecard htt

FYI: Here’s the latest number of participants in each of the "Fundamentals of Developing Secure Software” courses, as of 2021-02-03: • Secure Software Development: Requirements, Design, and Reuse (LFD

The OpenSSF community has been working fast and furious since its formation last year to improve the security of the open source ecosystem. We all know this is no small mission and so we’re taking a m

Team - we're preparing for the upcoming townhall(1) to share everything the foundation and the working groups have been working on over the last several months. If anyone has anything super-awesome th

Team - the question is out that due to the 15th being a US Holiday, do we want to hold the call next Monday. I am fine either way, please express yourself on this thread and we'll keep it or cancel it

This WG earlier asked me to convert the contents of the “Secure Software Development Fundamentals” course from Google docs to Markdown (so it can go on GitHub). However, I’ve tried that conversion mul

Hi! The CII Best Practices badge project has translations in a number of languages: English, Chinese, French, German, Japanese, and Russian. A Swahili translation is in progress. We’re always looking

Hi, I’ve been thinking about the success of the badging program. DCI (diversity, civility, and inclusion) feels similar to security in some aspects… we want open source developers to be aware of and i

All, I thought I’d give you an update on some of the things going on with the CII Best Practices badge project (I just posted this on its own mailing list): * We’ve upgraded to Rails 6.1! We’ve been s

FYI: The registrants for our edX security course continue to grow. Here are the registration numbers for the edX course on Secure Software Development Fundamentals (as of March 2), for each part: 1. 1

FYI: We have 3,682 participating projects as of 2021-03-04. If our current 1-year trend continues precisely ((3682-2986)/365=1.9 projects/day), we will reach 4,000 participating projects around August

If you're using the CII Best Practices badge API, please don’t use the HTTP "Accept” header to state what format you want. That deprecated capability will soon stop working. Instead, indicate your des

Fellow Goose-enthusiasts - I will be on PTO on Monday March 15. I send this note out asking if anyone is interested in leading our call for the day, or if we cancel the call next week. Please let me k

<subject> -- This is the Way. I have spoken, CRob ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Christopher "CRob" Robinson Modern Renaissance Man for Red Hat Product Security ....and other d