Project: Document Best Practices for Secure Software Open Development #129
Labels
good first issue
Good for newcomers
intern project
This issue is in regards to an internship project.
Comments
|
If someone is interested in this, also consult @ChristopherA and myself my some documents that we have in-process regarding Open Development. |
shannona
added
good first issue
shannona
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is another project that would be good for a team with mixed skills, and does not require deeper software engineering experience (but at least one should have experience with build processes).
Various organizations (Linux Foundation, Google, etc.) have offered guidance as to the practices of security, supply chain, etc. , but also emphasize enterprise and OS supply chain use cases. There are also a number of automated tools (apps, GitHub actions, etc.) that can be used to audit on some of these.
However, many are not practical for smaller projects, especially the emerging blockchain security repos, where only a few people may be contributing.
The goal of this project is to survey the existing recommended practices, best practices of various important security projects (including Blockchain Commons practices), etc., to identify which address the biggest threats given the effort (threat analysis), are practical for small projects to implement, which we might be able to offer some documentation and examples of how best to install and use, and guidance to contributors to small projects on how to tool and support this practices (like docs teaching git signing for writers contributing documentation to a secure repo).
Related to: reproducible builds, scripts for protecting master branch, etc.. What are our best practices and what do we recommend to other parties (especially for our CLI apps) @nochiel
The text was updated successfully, but these errors were encountered: