Skip to content

Commit

Permalink
Status: Add FreeBSD Foundation security engineering report
Browse files Browse the repository at this point in the history
  • Loading branch information
khorben committed Jan 7, 2025
1 parent 3d94a37 commit d72ad4a
Showing 1 changed file with 23 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
=== Security engineering at the FreeBSD Foundation

Links: +
link:https://freebsdfoundation.org/news-and-events/latest-news/freebsd-foundation-releases-bhyve-and-capsicum-security-audit-funded-by-alpha-omega-project/[FreeBSD Foundation Releases Bhyve and Capsicum Security Audit Funded by Alpha-Omega Project] URL: link:https://freebsdfoundation.org/news-and-events/latest-news/freebsd-foundation-releases-bhyve-and-capsicum-security-audit-funded-by-alpha-omega-project/[] +
link:https://fosdem.org/2025/schedule/event/fosdem-2025-6152-how-freebsd-security-audits-have-improved-our-security-culture/[How FreeBSD security audits have improved our security culture] URL: link:https://fosdem.org/2025/schedule/event/fosdem-2025-6152-how-freebsd-security-audits-have-improved-our-security-culture/[] +
link:https://github.com/orcwg/orcwg[Home of the ORC WG] URL: link:https://github.com/orcwg/orcwg[] +
link:https://freebsdfoundation.org/about-us/contact-us/[FreeBSD Foundation: Contact Us] URL: link:https://freebsdfoundation.org/about-us/contact-us/[] +
link:https://openssf.org/projects/osv-schema/[Open Source Vulnerability schema (OSV Schema)] URL: link:https://openssf.org/projects/osv-schema/[] +
link:https://github.com/ossf/osv-schema/pull/237[ossf/osv-schema tools: import a conversion tool to and from VuXML (#237)] URL: link:https://github.com/ossf/osv-schema/pull/237[]

Contact: Pierre Pronchery <pierre@freebsdfoundation.org>

My tasks at the FreeBSD Foundation continue to revolve around Security Engineering for the FreeBSD Project.

First, we keep working on the outcome of the source code audit on bhyve and Capsicum, documenting and researching how to prevent and mitigate similar issues from occurring again in the future.
This includes the processes relevant for contributions to the FreeBSD Project, as well as the preparation of a joint presentation with Alpha-Omega at the BSD Devroom during the coming FOSDEM conference in 2025.

At the same time, I am liaising with the Open Regulatory Compliance Working Group (ORC WG), where an FAQ is being elaborared jointly by a nomber of stakeholders on the European Union's newly introduced Cyber Resilience Act (CRA).
This is all related to our ongoing collaboration with OpenSSF, notably the self-assessment initiative; note that the FreeBSD Foundation can provide assistance in this regard for projects deploying FreeBSD.

Finally, possibilities around the integration of OSV tooling into the FreeBSD ecosystem are under investigation as well.

Sponsored by: The FreeBSD Foundation

0 comments on commit d72ad4a

Please sign in to comment.