Skip to content

The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

License

Notifications You must be signed in to change notification settings

ware/wg-best-practices-os-developers

 
 

Repository files navigation

Best Practices for Open Source Developers

GitHub Super-Linter

Anyone is welcome to join our open discussions related to the group's mission and charter.

Objective

Our objective is to provide open source developers with best practices recommendations, and with an easy way to learn and apply them.

Unlike other existing best practices list, we want it to be widely distributed to open source developers and community-sourced. And we want these practices to stick, thanks to an effective learning platform.

Vision

Our vision is to make it easy for developers to adopt these best practices, thanks to:

  • Identifying good practices, requirements, and tools that help open source developers create and maintain more secure software
  • Helping maintainers Learn to write secure software
  • Provide tools to help developers Adopt these good practices into their daily work

Scope

The Developer Best Practices group wants to help identify and curate an accessible inventory of best practices

  • Prioritized according to ROI for open source developers
  • Categorized per technology, language, framework
  • Community-curated

Help build a community

  • Program to attract open source contributors and incentivize them to use and contribute to the inventory

Supply a Learning platform -Any free course can be integrated into the platform

  • The learner can follow a track, track their progress and get badges
  • A suite of exercises are available for each best practice of the inventory

Current Work

Our work is organized into several discrete-yet-related projects that help us achieve our goals:

We welcome contributions, suggestions and updates to our projects. To contribute please fill in an issue or create a pull request.

Related Activities

There are many great projects both within and outside the Foundation that compliment and intersect our work here. Some other great projects/resources to explore:

  • SLSA Supply-chain Levels for Software Artifacts - https://github.com/slsa-framework/slsa
    • Purpose - A security framework from source to service, giving anyone working with software a common language for increasing levels of software security and supply chain integrity

Get Involved

Anyone is welcome to join our open discussions related to the group's mission and charter.

Quick Start

Areas that need contributions

  • Any topics related to helping developers more easily make more secure software or consumers to better understand the security qualities of the software they wish to ingest

Where to file issues

  • Issues can be reviewed and filed here

Meeting times

Every 2 weeks, Tuesday 10am EST. The meeting invite is available on the public OSSF calendar

Governance

The CHARTER.md outlines the scope and governance of our group activities.

Project Maintainers

Project Collaborators

Project Contributors

  • Laurent Simon, Google/Scorecard
  • Azeem Shaikh, Google/Scorecard
  • Spyros Gasteratos, OWASP/CRE
  • Harimohan Rajamohanan, Wipro
  • Aeva Black, Microsoft
  • Patricia Tarro, Dell
  • Sami Guirguis, TELUS
  • Jeff Mendoza, Google
  • Jonathan Leitschuh, Dan Kaminsky Fellowship @ Human Security
  • Jory Burson, Linux Foundation
  • Ixchel Ruiz, jfrog
  • Kara Olive, Google
  • Riccardo ten Cate, SKF

Antitrust Policy Notice

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at http://www.linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

About

The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 86.3%
  • CSS 10.7%
  • HTML 2.3%
  • Less 0.7%