Sourceware Cyber Security FAQ
Jeffrey Walton
noloader@gmail.com
Wed Nov 27 17:27:14 GMT 2024
On Wed, Nov 27, 2024 at 11:35 AM Mark Wielaard <mark@klomp.org> wrote:
>
> Hi all,
>
> After lots of discussions at some of our Open Office hours, at the
> Cauldron, with other Software Freedom organizations and some of our
> hardware and services providers we now have a Sourceware Cyber Security
> FAQ explaining topics like the "US Improving the Nation's Cybersecurity
> Executive Order 14028", "EU Cyber Resilience Act (EU CRA)" and "Secure
> Software Development Framework (NIST SP 800-218)".
>
> https://sourceware.org/cyber-security-faq.html
s/so they share security threads/so they share security threats/g
> We would like to extend this with some recommended practices for
> projects to adopt. Although it is clear that these regulations are
> mainly aimed at commercial entities, who bear the brunt of these
> requirements. We believe this is an opportunity for projects to get
> more (corporate) contributions since these guidelines and requirements
> strongly suggest/mandate to make all their work public and contribute
> (security issues) back upstream. So any policies documenting how to
> clearly report issues and documenting the contributing and release
> practices should be helpful.
>
> Please let us know if you have any questions or suggestions.
Jeff
More information about the Gdb
mailing list