The Eclipse Foundation announced that it is partnering with the Apache Software Foundation and other open source foundations to establish common specifications for secure software development based on existing open source best practices.
In an April 2 blog post, Eclipse said that the goal of the initiative was to meet the challenges of cybersecurity in the open source ecosystem and demonstrate cooperation with the European Union’s Cyber Resilience Act (CRA). Participants include Apache, Eclipse, the Rust Foundation, the PHP Foundation, the Blender Foundation, the OpenSSL Software Foundation, and the Python Software Foundation.
The collaborative effort will be hosted at the Brussels-based Eclipse Foundation AISBL under the auspices of the Eclipse Foundation Specification Process and a new working group. Other code-hosting open source foundations and industry players are invited to join.
The starting point for the technical standardization effort will be current security policies and procedures of open source foundations and similar documents describing best practices. The governance of the working group will follow the Eclipse-led model but will be augmented by representation from the open source community. The deliverables will consist of one or more process specifications available under a liberal specification copyright license and a royalty-free patent license, Eclipse said.
Interested persons can receive updates on the effort by signing up for the Eclipse mailing list.
Next read this:
